From 1414f1647d435a7eda48d9433a022286a46d9097 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 16 Apr 2016 20:06:34 +0000 Subject: [PATCH] samba: fix some security problems This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens SVN-Revision: 49175 --- .../patches/010-patch-cve-2015-5252.patch | 8 +- .../patches/011-patch-cve-2015-5296.patch | 28 +- .../patches/012-patch-cve-2015-5299.patch | 10 +- .../patches/015-patch-cve-2015-7560.patch | 172 + .../patches/020-CVE-preparation-v3-6.patch | 6824 ++++++++++++ .../021-CVE-preparation-v3-6-addition.patch | 9515 +++++++++++++++++ .../patches/022-CVE-2015-5370-v3-6.patch | 1791 ++++ .../patches/023-CVE-2016-2110-v3-6.patch | 255 + .../patches/024-CVE-2016-2111-v3-6.patch | 681 ++ .../patches/025-CVE-2016-2112-v3-6.patch | 129 + .../patches/026-CVE-2016-2115-v3-6.patch | 256 + .../patches/027-CVE-2016-2118-v3-6.patch | 308 + .../samba36/patches/110-multicall.patch | 2 +- .../samba36/patches/111-owrt_smbpasswd.patch | 6 +- .../patches/120-add_missing_ifdef.patch | 15 + .../patches/210-remove_ad_support.patch | 2 +- .../patches/250-remove_domain_logon.patch | 28 + .../samba36/patches/260-remove_samr.patch | 18 + .../samba36/patches/290-remove_lsa.patch | 15 + .../patches/310-remove_error_strings.patch | 86 +- .../patches/330-librpc_default_print.patch | 2 +- 21 files changed, 20105 insertions(+), 46 deletions(-) create mode 100644 package/network/services/samba36/patches/015-patch-cve-2015-7560.patch create mode 100644 package/network/services/samba36/patches/020-CVE-preparation-v3-6.patch create mode 100644 package/network/services/samba36/patches/021-CVE-preparation-v3-6-addition.patch create mode 100644 package/network/services/samba36/patches/022-CVE-2015-5370-v3-6.patch create mode 100644 package/network/services/samba36/patches/023-CVE-2016-2110-v3-6.patch create mode 100644 package/network/services/samba36/patches/024-CVE-2016-2111-v3-6.patch create mode 100644 package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch create mode 100644 package/network/services/samba36/patches/026-CVE-2016-2115-v3-6.patch create mode 100644 package/network/services/samba36/patches/027-CVE-2016-2118-v3-6.patch diff --git a/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch b/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch index 8922a6e505..3640907a9b 100644 --- a/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch +++ b/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch @@ -14,11 +14,9 @@ Reviewed-by: Volker Lendecke source3/smbd/vfs.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) -diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c -index 6c56964..bd93b7f 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c -@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) +@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_s if (!allow_widelinks || !allow_symlinks) { const char *conn_rootdir; size_t rootdir_len; @@ -26,7 +24,7 @@ index 6c56964..bd93b7f 100644 conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); if (conn_rootdir == NULL) { -@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) +@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_s } rootdir_len = strlen(conn_rootdir); @@ -39,5 +37,3 @@ index 6c56964..bd93b7f 100644 DEBUG(2, ("check_reduced_name: Bad access " "attempt: %s is a symlink outside the " "share path\n", fname)); --- -2.5.0 diff --git a/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch index eaafd1c667..a309cf1b7f 100644 --- a/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch +++ b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch @@ -12,11 +12,9 @@ Reviewed-by: Jeremy Allison source3/libsmb/clidfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index 23e1471..f153b6b 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c -@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, +@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALL const char *username; const char *password; NTSTATUS status; @@ -28,7 +26,7 @@ index 23e1471..f153b6b 100644 /* make a copy so we don't modify the global string 'service' */ servicename = talloc_strdup(ctx,share); -@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, +@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALL zero_sockaddr(&ss); /* have to open a new connection */ @@ -37,26 +35,6 @@ index 23e1471..f153b6b 100644 if (c == NULL) { d_printf("Connection to %s failed\n", server_n); return NULL; --- -2.5.0 - - -From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in SMBC_server_internal() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/libsmb/libsmb_server.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 45be660..167f2c9 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, @@ -108,5 +86,3 @@ index 45be660..167f2c9 100644 if (! NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); --- -2.5.0 diff --git a/package/network/services/samba36/patches/012-patch-cve-2015-5299.patch b/package/network/services/samba36/patches/012-patch-cve-2015-5299.patch index 19cbb19890..7a569c7462 100644 --- a/package/network/services/samba36/patches/012-patch-cve-2015-5299.patch +++ b/package/network/services/samba36/patches/012-patch-cve-2015-5299.patch @@ -14,8 +14,6 @@ Reviewed-by: David Disseldorp source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) -diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c -index fedfb53..16c1ed7 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -21,6 +21,8 @@ @@ -27,7 +25,7 @@ index fedfb53..16c1ed7 100644 #include "system/filesys.h" #include "ntioctl.h" -@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle, const char *fname, mod +@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1); } @@ -71,7 +69,7 @@ index fedfb53..16c1ed7 100644 static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname) { SHADOW2_NEXT(RMDIR, (handle, name), int, -1); -@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, +@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2 SMB_STRUCT_DIRENT *d; TALLOC_CTX *tmp_ctx = talloc_new(handle->data); char *snapshot; @@ -79,7 +77,7 @@ index fedfb53..16c1ed7 100644 snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle); if (snapdir == NULL) { -@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, +@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2 talloc_free(tmp_ctx); return -1; } @@ -93,5 +91,3 @@ index fedfb53..16c1ed7 100644 p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0); --- -2.5.0 diff --git a/package/network/services/samba36/patches/015-patch-cve-2015-7560.patch b/package/network/services/samba36/patches/015-patch-cve-2015-7560.patch new file mode 100644 index 0000000000..6ce8e2f9b7 --- /dev/null +++ b/package/network/services/samba36/patches/015-patch-cve-2015-7560.patch @@ -0,0 +1,172 @@ +From eb27f9b7bf9c1dc902d9545eecf805831bd4e46c Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Tue, 5 Jan 2016 11:18:12 -0800 +Subject: [PATCH 1/8] CVE-2015-7560: s3: smbd: Add refuse_symlink() function + that can be used to prevent operations on a symlink. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 + +Signed-off-by: Jeremy Allison +Reviewed-by: Michael Adam +--- + source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +--- a/source3/smbd/trans2.c ++++ b/source3/smbd/trans2.c +@@ -51,6 +51,34 @@ static char *store_file_unix_basic_info2 + files_struct *fsp, + const SMB_STRUCT_STAT *psbuf); + ++/**************************************************************************** ++ Check if an open file handle or pathname is a symlink. ++****************************************************************************/ ++ ++static NTSTATUS refuse_symlink(connection_struct *conn, ++ const files_struct *fsp, ++ const char *name) ++{ ++ SMB_STRUCT_STAT sbuf; ++ const SMB_STRUCT_STAT *pst = NULL; ++ ++ if (fsp) { ++ pst = &fsp->fsp_name->st; ++ } else { ++ int ret = vfs_stat_smb_fname(conn, ++ name, ++ &sbuf); ++ if (ret == -1) { ++ return map_nt_error_from_unix(errno); ++ } ++ pst = &sbuf; ++ } ++ if (S_ISLNK(pst->st_ex_mode)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ return NT_STATUS_OK; ++} ++ + /******************************************************************** + Roundup a value to the nearest allocation roundup size boundary. + Only do this for Windows clients. +@@ -181,12 +209,22 @@ NTSTATUS get_ea_names_from_file(TALLOC_C + char **names, **tmp; + size_t num_names; + ssize_t sizeret = -1; ++ NTSTATUS status; ++ ++ if (pnames) { ++ *pnames = NULL; ++ } ++ *pnum_names = 0; + + if (!lp_ea_support(SNUM(conn))) { +- if (pnames) { +- *pnames = NULL; +- } +- *pnum_names = 0; ++ return NT_STATUS_OK; ++ } ++ ++ status = refuse_symlink(conn, fsp, fname); ++ if (!NT_STATUS_IS_OK(status)) { ++ /* ++ * Just return no EA's on a symlink. ++ */ + return NT_STATUS_OK; + } + +@@ -236,10 +274,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_C + + if (sizeret == 0) { + TALLOC_FREE(names); +- if (pnames) { +- *pnames = NULL; +- } +- *pnum_names = 0; + return NT_STATUS_OK; + } + +@@ -550,6 +584,7 @@ NTSTATUS set_ea(connection_struct *conn, + const struct smb_filename *smb_fname, struct ea_list *ea_list) + { + char *fname = NULL; ++ NTSTATUS status; + + if (!lp_ea_support(SNUM(conn))) { + return NT_STATUS_EAS_NOT_SUPPORTED; +@@ -559,6 +594,12 @@ NTSTATUS set_ea(connection_struct *conn, + return NT_STATUS_ACCESS_DENIED; + } + ++ status = refuse_symlink(conn, fsp, smb_fname->base_name); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ ++ + /* For now setting EAs on streams isn't supported. */ + fname = smb_fname->base_name; + +@@ -4931,6 +4972,13 @@ NTSTATUS smbd_do_qfilepathinfo(connectio + uint16 num_file_acls = 0; + uint16 num_def_acls = 0; + ++ status = refuse_symlink(conn, ++ fsp, ++ smb_fname->base_name); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ + if (fsp && fsp->fh->fd != -1) { + file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp); + } else { +@@ -6452,6 +6500,7 @@ static NTSTATUS smb_set_posix_acl(connec + uint16 num_def_acls; + bool valid_file_acls = True; + bool valid_def_acls = True; ++ NTSTATUS status; + + if (total_data < SMB_POSIX_ACL_HEADER_SIZE) { + return NT_STATUS_INVALID_PARAMETER; +@@ -6479,6 +6528,11 @@ static NTSTATUS smb_set_posix_acl(connec + return NT_STATUS_INVALID_PARAMETER; + } + ++ status = refuse_symlink(conn, fsp, smb_fname->base_name); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ + DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n", + smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp), + (unsigned int)num_file_acls, +--- a/source3/smbd/nttrans.c ++++ b/source3/smbd/nttrans.c +@@ -877,6 +877,12 @@ NTSTATUS set_sd(files_struct *fsp, struc + return NT_STATUS_OK; + } + ++ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { ++ DEBUG(10, ("ACL set on symlink %s denied.\n", ++ fsp_str_dbg(fsp))); ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (psd->owner_sid == NULL) { + security_info_sent &= ~SECINFO_OWNER; + } +@@ -1925,6 +1931,12 @@ NTSTATUS smbd_do_query_security_desc(con + return NT_STATUS_ACCESS_DENIED; + } + ++ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { ++ DEBUG(10, ("ACL get on symlink %s denied.\n", ++ fsp_str_dbg(fsp))); ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| + SECINFO_GROUP|SECINFO_SACL)) { + /* Don't return SECINFO_LABEL if anything else was diff --git a/package/network/services/samba36/patches/020-CVE-preparation-v3-6.patch b/package/network/services/samba36/patches/020-CVE-preparation-v3-6.patch new file mode 100644 index 0000000000..ae822f47f1 --- /dev/null +++ b/package/network/services/samba36/patches/020-CVE-preparation-v3-6.patch @@ -0,0 +1,6824 @@ +From 39a3fa39967faaf216be8e108ca57d07de1aa95a Mon Sep 17 00:00:00 2001 +From: Vadim Zhukov +Date: Sat, 25 May 2013 15:19:24 +0100 +Subject: [PATCH 01/41] pidl: Recent Perl warns about "defined(@var)" + constructs. + +Signed-off-by: Jelmer Vernooij + +Autobuild-User(master): Jelmer Vernooij +Autobuild-Date(master): Sat May 25 18:10:53 CEST 2013 on sn-devel-104 + +(cherry picked from commit 92254d09e0ee5a7d9d0cd91fe1803f54e64d9a5f) +--- + pidl/lib/Parse/Pidl/ODL.pm | 2 +- + pidl/pidl | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/pidl/lib/Parse/Pidl/ODL.pm ++++ b/pidl/lib/Parse/Pidl/ODL.pm +@@ -70,7 +70,7 @@ sub ODL2IDL + next; + } + my $podl = Parse::Pidl::IDL::parse_file($idl_path, $opt_incdirs); +- if (defined(@$podl)) { ++ if (defined($podl)) { + require Parse::Pidl::Typelist; + my $basename = basename($idl_path, ".idl"); + +--- a/pidl/pidl ++++ b/pidl/pidl +@@ -605,7 +605,7 @@ sub process_file($) + require Parse::Pidl::IDL; + + $pidl = Parse::Pidl::IDL::parse_file($idl_file, \@opt_incdirs); +- defined @$pidl || die "Failed to parse $idl_file"; ++ defined $pidl || die "Failed to parse $idl_file"; + } + + require Parse::Pidl::Typelist; +--- a/source4/heimdal/cf/make-proto.pl ++++ b/source4/heimdal/cf/make-proto.pl +@@ -1,8 +1,8 @@ + # Make prototypes from .c files + # $Id$ + +-##use Getopt::Std; +-require 'getopts.pl'; ++use Getopt::Std; ++#require 'getopts.pl'; + + my $comment = 0; + my $if_0 = 0; +@@ -12,7 +12,7 @@ my $debug = 0; + my $oproto = 1; + my $private_func_re = "^_"; + +-Getopts('x:m:o:p:dqE:R:P:') || die "foo"; ++getopts('x:m:o:p:dqE:R:P:') || die "foo"; + + if($opt_d) { + $debug = 1; +--- a/source3/Makefile-smbtorture4 ++++ b/source3/Makefile-smbtorture4 +@@ -6,7 +6,7 @@ SAMBA4_BINARIES="smbtorture,ndrdump" + samba4-configure: + @(cd .. && \ + CFLAGS='' $(WAF) reconfigure || \ +- CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure ) ++ CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure --bundled-libraries=ALL --disable-gnutls ) + + .PHONY: samba4-configure + +--- a/source4/lib/ldb/wscript ++++ b/source4/lib/ldb/wscript +@@ -135,9 +135,7 @@ def build(bld): + pc_files=ldb_pc_files, + vnum=VERSION, + private_library=private_library, +- manpages='man/ldb.3', +- abi_directory = 'ABI', +- abi_match = abi_match) ++ manpages='man/ldb.3') + + # generate a include/ldb_version.h + t = bld.SAMBA_GENERATOR('ldb_version.h', +--- a/source3/selftest/skip ++++ b/source3/selftest/skip +@@ -22,3 +22,8 @@ samba3.*raw.ioctl + samba3.*raw.qfileinfo + samba3.*raw.qfsinfo + samba3.*raw.sfileinfo.base ++# skip, don't work for badlock backports ++samba3.posix_s3.raw.eas ++samba3.posix_s3.raw.rename ++samba3.posix_s3.raw.search ++samba3.posix_s3.raw.streams +--- a/librpc/ndr/ndr_ntlmssp.c ++++ b/librpc/ndr/ndr_ntlmssp.c +@@ -176,4 +176,20 @@ _PUBLIC_ void ndr_print_ntlmssp_Version( + } + } + ++_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, ++ enum ntlmssp_AvId AvId) ++{ ++ struct AV_PAIR *res = NULL; ++ uint32_t i = 0; + ++ for (i = 0; i < av_list->count; i++) { ++ if (av_list->pair[i].AvId != AvId) { ++ continue; ++ } ++ ++ res = discard_const_p(struct AV_PAIR, &av_list->pair[i]); ++ break; ++ } ++ ++ return res; ++} +--- a/librpc/ndr/ndr_ntlmssp.h ++++ b/librpc/ndr/ndr_ntlmssp.h +@@ -31,3 +31,5 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_respo + bool ntlmv2); + _PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r); + ++_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, ++ enum ntlmssp_AvId AvId); +--- /dev/null ++++ b/librpc/ABI/ndr-0.0.2.sigs +@@ -0,0 +1,247 @@ ++GUID_all_zero: bool (const struct GUID *) ++GUID_compare: int (const struct GUID *, const struct GUID *) ++GUID_equal: bool (const struct GUID *, const struct GUID *) ++GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) ++GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) ++GUID_from_string: NTSTATUS (const char *, struct GUID *) ++GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *) ++GUID_random: struct GUID (void) ++GUID_string: char *(TALLOC_CTX *, const struct GUID *) ++GUID_string2: char *(TALLOC_CTX *, const struct GUID *) ++GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *) ++GUID_zero: struct GUID (void) ++ndr_align_size: size_t (uint32_t, size_t) ++ndr_charset_length: uint32_t (const void *, charset_t) ++ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) ++ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) ++ndr_check_padding: void (struct ndr_pull *, size_t) ++ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t) ++ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t) ++ndr_get_array_length: uint32_t (struct ndr_pull *, const void *) ++ndr_get_array_size: uint32_t (struct ndr_pull *, const void *) ++ndr_map_error2errno: int (enum ndr_err_code) ++ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code) ++ndr_map_error2string: const char *(enum ndr_err_code) ++ndr_policy_handle_empty: bool (const struct policy_handle *) ++ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *) ++ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB) ++ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *) ++ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *) ++ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS) ++ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR) ++ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t) ++ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t) ++ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t) ++ndr_print_bool: void (struct ndr_print *, const char *, const bool) ++ndr_print_debug: void (ndr_print_fn_t, const char *, void *) ++ndr_print_debug_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *) ++ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_dlong: void (struct ndr_print *, const char *, int64_t) ++ndr_print_double: void (struct ndr_print *, const char *, double) ++ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t) ++ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *) ++ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *) ++ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *) ++ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t) ++ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_int16: void (struct ndr_print *, const char *, int16_t) ++ndr_print_int32: void (struct ndr_print *, const char *, int32_t) ++ndr_print_int3264: void (struct ndr_print *, const char *, int32_t) ++ndr_print_int8: void (struct ndr_print *, const char *, int8_t) ++ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *) ++ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *) ++ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *) ++ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID) ++ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType) ++ndr_print_null: void (struct ndr_print *) ++ndr_print_pointer: void (struct ndr_print *, const char *, void *) ++ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *) ++ndr_print_printf_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_ptr: void (struct ndr_print *, const char *, const void *) ++ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t) ++ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *) ++ndr_print_string: void (struct ndr_print *, const char *, const char *) ++ndr_print_string_array: void (struct ndr_print *, const char *, const char **) ++ndr_print_string_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_struct: void (struct ndr_print *, const char *, const char *) ++ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *) ++ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_time_t: void (struct ndr_print *, const char *, time_t) ++ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *) ++ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *) ++ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t) ++ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t) ++ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t) ++ndr_print_union: void (struct ndr_print *, const char *, int, const char *) ++ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *) ++ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *) ++ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *) ++ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type) ++ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *) ++ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *) ++ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *) ++ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *) ++ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *) ++ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t) ++ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t) ++ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t) ++ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) ++ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) ++ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *) ++ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *) ++ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) ++ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...) ++ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) ++ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *) ++ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *) ++ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *) ++ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *) ++ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *) ++ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *) ++ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *) ++ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *) ++ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *) ++ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *) ++ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **) ++ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *) ++ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) ++ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *) ++ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t) ++ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***) ++ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) ++ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) ++ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t) ++ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t) ++ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *) ++ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *) ++ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *) ++ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *) ++ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) ++ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) ++ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) ++ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *) ++ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *) ++ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB) ++ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *) ++ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *) ++ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS) ++ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR) ++ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t) ++ndr_push_blob: DATA_BLOB (struct ndr_push *) ++ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t) ++ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) ++ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t) ++ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double) ++ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) ++ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...) ++ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t) ++ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *) ++ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *) ++ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t) ++ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *) ++ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t) ++ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t) ++ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t) ++ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *) ++ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID) ++ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType) ++ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *) ++ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *) ++ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *) ++ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t) ++ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) ++ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) ++ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **) ++ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t) ++ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t) ++ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t) ++ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t) ++ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *) ++ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *) ++ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t) ++ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) ++ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t) ++ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *) ++ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type) ++ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t) ++ndr_set_flags: void (uint32_t *, uint32_t) ++ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int) ++ndr_size_GUID: size_t (const struct GUID *, int) ++ndr_size_string: uint32_t (int, const char * const *, int) ++ndr_size_string_array: size_t (const char **, uint32_t, int) ++ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t) ++ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t) ++ndr_string_array_size: size_t (struct ndr_push *, const char *) ++ndr_string_length: uint32_t (const void *, uint32_t) ++ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *) ++ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0 ++ndr_token_peek: uint32_t (struct ndr_token_list **, const void *) ++ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *) ++ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool) ++ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t) ++ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2 ++ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1 +--- a/librpc/ndr/libndr.h ++++ b/librpc/ndr/libndr.h +@@ -124,6 +124,20 @@ struct ndr_print { + #define LIBNDR_FLAG_STR_UTF8 (1<<12) + #define LIBNDR_STRING_FLAGS (0x7FFC) + ++/* ++ * don't debug NDR_ERR_BUFSIZE failures, ++ * as the available buffer might be incomplete. ++ * ++ * return NDR_ERR_INCOMPLETE_BUFFER instead. ++ */ ++#define LIBNDR_FLAG_INCOMPLETE_BUFFER (1<<16) ++ ++/* ++ * This lets ndr_pull_subcontext_end() return ++ * NDR_ERR_UNREAD_BYTES. ++ */ ++#define LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES (1<<17) ++ + /* set if relative pointers should *not* be marshalled in reverse order */ + #define LIBNDR_FLAG_NO_RELATIVE_REVERSE (1<<18) + +@@ -163,6 +177,7 @@ struct ndr_print { + + /* useful macro for debugging */ + #define NDR_PRINT_DEBUG(type, p) ndr_print_debug((ndr_print_fn_t)ndr_print_ ##type, #p, p) ++#define NDR_PRINT_DEBUGC(dbgc_class, type, p) ndr_print_debugc(dbgc_class, (ndr_print_fn_t)ndr_print_ ##type, #p, p) + #define NDR_PRINT_UNION_DEBUG(type, level, p) ndr_print_union_debug((ndr_print_fn_t)ndr_print_ ##type, #p, level, p) + #define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p) + #define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p) +@@ -199,7 +214,9 @@ enum ndr_err_code { + NDR_ERR_IPV6ADDRESS, + NDR_ERR_INVALID_POINTER, + NDR_ERR_UNREAD_BYTES, +- NDR_ERR_NDR64 ++ NDR_ERR_NDR64, ++ NDR_ERR_FLAGS, ++ NDR_ERR_INCOMPLETE_BUFFER + }; + + #define NDR_ERR_CODE_IS_SUCCESS(x) (x == NDR_ERR_SUCCESS) +@@ -217,20 +234,52 @@ enum ndr_compression_alg { + + /* + flags passed to control parse flow ++ These are deliberately in a different range to the NDR_IN/NDR_OUT ++ flags to catch mixups + */ +-#define NDR_SCALARS 1 +-#define NDR_BUFFERS 2 ++#define NDR_SCALARS 0x100 ++#define NDR_BUFFERS 0x200 + + /* +- flags passed to ndr_print_*() ++ flags passed to ndr_print_*() and ndr pull/push for functions ++ These are deliberately in a different range to the NDR_SCALARS/NDR_BUFFERS ++ flags to catch mixups + */ +-#define NDR_IN 1 +-#define NDR_OUT 2 +-#define NDR_BOTH 3 +-#define NDR_SET_VALUES 4 ++#define NDR_IN 0x10 ++#define NDR_OUT 0x20 ++#define NDR_BOTH 0x30 ++#define NDR_SET_VALUES 0x40 ++ ++ ++#define NDR_PULL_CHECK_FLAGS(ndr, ndr_flags) do { \ ++ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) { \ ++ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid pull struct ndr_flags 0x%x", ndr_flags); \ ++ } \ ++} while (0) ++ ++#define NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags) do { \ ++ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) \ ++ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid push struct ndr_flags 0x%x", ndr_flags); \ ++} while (0) ++ ++#define NDR_PULL_CHECK_FN_FLAGS(ndr, flags) do { \ ++ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) { \ ++ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid fn pull flags 0x%x", flags); \ ++ } \ ++} while (0) ++ ++#define NDR_PUSH_CHECK_FN_FLAGS(ndr, flags) do { \ ++ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) \ ++ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid fn push flags 0x%x", flags); \ ++} while (0) + + #define NDR_PULL_NEED_BYTES(ndr, n) do { \ + if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \ ++ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ ++ uint32_t _available = ndr->data_size - ndr->offset; \ ++ uint32_t _missing = n - _available; \ ++ ndr->relative_highest_offset = _missing; \ ++ } \ + return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull bytes %u (%s)", (unsigned)n, __location__); \ + } \ + } while(0) +@@ -247,6 +296,10 @@ enum ndr_compression_alg { + ndr->offset = (ndr->offset + (n-1)) & ~(n-1); \ + } \ + if (unlikely(ndr->offset > ndr->data_size)) { \ ++ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ ++ uint32_t _missing = ndr->offset - ndr->data_size; \ ++ ndr->relative_highest_offset = _missing; \ ++ } \ + return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull align %u", (unsigned)n); \ + } \ + } while(0) +@@ -402,6 +455,8 @@ void ndr_print_dom_sid0(struct ndr_print + size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags); + void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *guid); + bool ndr_syntax_id_equal(const struct ndr_syntax_id *i1, const struct ndr_syntax_id *i2); ++char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id); ++bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id); + enum ndr_err_code ndr_push_struct_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, const void *p, ndr_push_flags_fn_t fn); + enum ndr_err_code ndr_push_union_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, void *p, uint32_t level, ndr_push_flags_fn_t fn); + size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t push); +@@ -424,14 +479,18 @@ enum ndr_err_code ndr_pull_relative_ptr2 + enum ndr_err_code ndr_pull_relative_ptr_short(struct ndr_pull *ndr, uint16_t *v); + size_t ndr_align_size(uint32_t offset, size_t n); + struct ndr_pull *ndr_pull_init_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx); ++enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob); ++enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr); + enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size); + struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx); + DATA_BLOB ndr_push_blob(struct ndr_push *ndr); + enum ndr_err_code ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size); + void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); ++void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); + void ndr_print_printf_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); + void ndr_print_string_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); + void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr); ++void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr); + void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_t level, void *ptr); + void ndr_print_function_debug(ndr_print_function_t fn, const char *name, int flags, void *ptr); + char *ndr_print_struct_string(TALLOC_CTX *mem_ctx, ndr_print_fn_t fn, const char *name, void *ptr); +--- a/librpc/ndr/ndr.c ++++ b/librpc/ndr/ndr.c +@@ -77,6 +77,111 @@ _PUBLIC_ struct ndr_pull *ndr_pull_init_ + return ndr; + } + ++_PUBLIC_ enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob) ++{ ++ enum ndr_err_code ndr_err; ++ DATA_BLOB b; ++ uint32_t append = 0; ++ bool ok; ++ ++ if (blob->length == 0) { ++ return NDR_ERR_SUCCESS; ++ } ++ ++ ndr_err = ndr_token_retrieve(&ndr->array_size_list, ndr, &append); ++ if (ndr_err == NDR_ERR_TOKEN) { ++ append = 0; ++ ndr_err = NDR_ERR_SUCCESS; ++ } ++ NDR_CHECK(ndr_err); ++ ++ if (ndr->data_size == 0) { ++ ndr->data = NULL; ++ append = UINT32_MAX; ++ } ++ ++ if (append == UINT32_MAX) { ++ /* ++ * append == UINT32_MAX means that ++ * ndr->data is either NULL or a valid ++ * talloc child of ndr, which means ++ * we can use data_blob_append() without ++ * data_blob_talloc() of the existing callers data ++ */ ++ b = data_blob_const(ndr->data, ndr->data_size); ++ } else { ++ b = data_blob_talloc(ndr, ndr->data, ndr->data_size); ++ if (b.data == NULL) { ++ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); ++ } ++ } ++ ++ ok = data_blob_append(ndr, &b, blob->data, blob->length); ++ if (!ok) { ++ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); ++ } ++ ++ ndr->data = b.data; ++ ndr->data_size = b.length; ++ ++ return ndr_token_store(ndr, &ndr->array_size_list, ndr, UINT32_MAX); ++} ++ ++_PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr) ++{ ++ uint32_t skip = 0; ++ uint32_t append = 0; ++ ++ if (ndr->relative_base_offset != 0) { ++ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, ++ "%s", __location__); ++ } ++ if (ndr->relative_highest_offset != 0) { ++ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, ++ "%s", __location__); ++ } ++ if (ndr->relative_list != NULL) { ++ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, ++ "%s", __location__); ++ } ++ if (ndr->relative_base_list != NULL) { ++ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, ++ "%s", __location__); ++ } ++ ++ /* ++ * we need to keep up to 7 bytes ++ * in order to get the aligment right. ++ */ ++ skip = ndr->offset & 0xFFFFFFF8; ++ ++ if (skip == 0) { ++ return NDR_ERR_SUCCESS; ++ } ++ ++ ndr->offset -= skip; ++ ndr->data_size -= skip; ++ ++ append = ndr_token_peek(&ndr->array_size_list, ndr); ++ if (append != UINT32_MAX) { ++ /* ++ * here we assume, that ndr->data is not a ++ * talloc child of ndr. ++ */ ++ ndr->data += skip; ++ return NDR_ERR_SUCCESS; ++ } ++ ++ memmove(ndr->data, ndr->data + skip, ndr->data_size); ++ ++ ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->data_size); ++ if (ndr->data_size != 0 && ndr->data == NULL) { ++ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); ++ } ++ ++ return NDR_ERR_SUCCESS; ++} ++ + /* + advance by 'size' bytes + */ +@@ -167,6 +272,38 @@ _PUBLIC_ enum ndr_err_code ndr_push_expa + return NDR_ERR_SUCCESS; + } + ++_PUBLIC_ void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) ++{ ++ va_list ap; ++ char *s = NULL; ++ uint32_t i; ++ int ret; ++ int dbgc_class; ++ ++ va_start(ap, format); ++ ret = vasprintf(&s, format, ap); ++ va_end(ap); ++ ++ if (ret == -1) { ++ return; ++ } ++ ++ dbgc_class = *(int *)ndr->private_data; ++ ++ if (ndr->no_newline) { ++ DEBUGADDC(dbgc_class, 1,("%s", s)); ++ free(s); ++ return; ++ } ++ ++ for (i=0;idepth;i++) { ++ DEBUGADDC(dbgc_class, 1,(" ")); ++ } ++ ++ DEBUGADDC(dbgc_class, 1,("%s\n", s)); ++ free(s); ++} ++ + _PUBLIC_ void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) + { + va_list ap; +@@ -238,6 +375,25 @@ _PUBLIC_ void ndr_print_string_helper(st + } + + /* ++ a useful helper function for printing idl structures via DEBUGC() ++*/ ++_PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr) ++{ ++ struct ndr_print *ndr; ++ ++ DEBUGC(dbgc_class, 1,(" ")); ++ ++ ndr = talloc_zero(NULL, struct ndr_print); ++ if (!ndr) return; ++ ndr->private_data = &dbgc_class; ++ ndr->print = ndr_print_debugc_helper; ++ ndr->depth = 1; ++ ndr->flags = 0; ++ fn(ndr, name, ptr); ++ talloc_free(ndr); ++} ++ ++/* + a useful helper function for printing idl structures via DEBUG() + */ + _PUBLIC_ void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr) +@@ -403,6 +559,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_erro + va_list ap; + int ret; + ++ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { ++ switch (ndr_err) { ++ case NDR_ERR_BUFSIZE: ++ return NDR_ERR_INCOMPLETE_BUFFER; ++ default: ++ break; ++ } ++ } ++ + va_start(ap, format); + ret = vasprintf(&s, format, ap); + va_end(ap); +@@ -557,6 +722,23 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &reserved)); + break; + } ++ case 0xFFFFFFFF: ++ /* ++ * a shallow copy like subcontext ++ * useful for DCERPC pipe chunks. ++ */ ++ subndr = talloc_zero(ndr, struct ndr_pull); ++ NDR_ERR_HAVE_NO_MEMORY(subndr); ++ ++ subndr->flags = ndr->flags; ++ subndr->current_mem_ctx = ndr->current_mem_ctx; ++ subndr->data = ndr->data; ++ subndr->offset = ndr->offset; ++ subndr->data_size = ndr->data_size; ++ ++ *_subndr = subndr; ++ return NDR_ERR_SUCCESS; ++ + default: + return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) header_size %d", + (int)header_size); +@@ -589,13 +771,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc + ssize_t size_is) + { + uint32_t advance; +- if (size_is >= 0) { ++ uint32_t highest_ofs; ++ ++ if (header_size == 0xFFFFFFFF) { ++ advance = subndr->offset - ndr->offset; ++ } else if (size_is >= 0) { + advance = size_is; + } else if (header_size > 0) { + advance = subndr->data_size; + } else { + advance = subndr->offset; + } ++ ++ if (subndr->offset > ndr->relative_highest_offset) { ++ highest_ofs = subndr->offset; ++ } else { ++ highest_ofs = subndr->relative_highest_offset; ++ } ++ if (!(subndr->flags & LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES)) { ++ /* ++ * avoid an error unless SUBCONTEXT_NO_UNREAD_BYTES is specified ++ */ ++ highest_ofs = advance; ++ } ++ if (highest_ofs < advance) { ++ return ndr_pull_error(subndr, NDR_ERR_UNREAD_BYTES, ++ "not all bytes consumed ofs[%u] advance[%u]", ++ highest_ofs, advance); ++ } ++ + NDR_CHECK(ndr_pull_advance(ndr, advance)); + return NDR_ERR_SUCCESS; + } +@@ -1440,6 +1644,7 @@ const static struct { + { NDR_ERR_INVALID_POINTER, "Invalid Pointer" }, + { NDR_ERR_UNREAD_BYTES, "Unread Bytes" }, + { NDR_ERR_NDR64, "NDR64 assertion error" }, ++ { NDR_ERR_INCOMPLETE_BUFFER, "Incomplete Buffer" }, + { 0, NULL } + }; + +--- a/librpc/idl/idl_types.h ++++ b/librpc/idl/idl_types.h +@@ -47,3 +47,5 @@ + + #define NDR_RELATIVE_REVERSE LIBNDR_FLAG_RELATIVE_REVERSE + #define NDR_NO_RELATIVE_REVERSE LIBNDR_FLAG_NO_RELATIVE_REVERSE ++ ++#define NDR_SUBCONTEXT_NO_UNREAD_BYTES LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES +--- a/librpc/idl/dcerpc.idl ++++ b/librpc/idl/dcerpc.idl +@@ -10,6 +10,8 @@ + */ + import "misc.idl"; + ++cpp_quote("extern const uint8_t DCERPC_SEC_VT_MAGIC[8];") ++ + interface dcerpc + { + typedef struct { +@@ -453,14 +455,21 @@ interface dcerpc + } dcerpc_payload; + + /* pfc_flags values */ +- const uint8 DCERPC_PFC_FLAG_FIRST = 0x01; /* First fragment */ +- const uint8 DCERPC_PFC_FLAG_LAST = 0x02; /* Last fragment */ +- const uint8 DCERPC_PFC_FLAG_PENDING_CANCEL = 0x04; /* Cancel was pending at sender */ +- const uint8 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = DCERPC_PFC_FLAG_PENDING_CANCEL; /* depends on the pdu type */ +- const uint8 DCERPC_PFC_FLAG_CONC_MPX = 0x10; /* supports concurrent multiplexing of a single connection. */ +- const uint8 DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20; /* on a fault it means the server hasn't done anything */ +- const uint8 DCERPC_PFC_FLAG_MAYBE = 0x40; /* `maybe' call semantics requested */ +- const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */ ++ typedef [bitmap8bit] bitmap { ++ DCERPC_PFC_FLAG_FIRST = 0x01, /* First fragment */ ++ DCERPC_PFC_FLAG_LAST = 0x02, /* Last fragment */ ++ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING = 0x04, /* depends on the pdu type */ ++ DCERPC_PFC_FLAG_CONC_MPX = 0x10, /* supports concurrent multiplexing of a single connection. */ ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20, /* on a fault it means the server hasn't done anything */ ++ DCERPC_PFC_FLAG_MAYBE = 0x40, /* `maybe' call semantics requested */ ++ DCERPC_PFC_FLAG_OBJECT_UUID = 0x80 /* on valid guid is in the optional object field */ ++ } dcerpc_pfc_flags; ++ ++ /* Cancel was pending at sender */ ++ const int DCERPC_PFC_FLAG_PENDING_CANCEL = ++ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; ++ const ist DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = ++ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; + + /* these offsets are needed by the signing code */ + const uint8 DCERPC_PFC_OFFSET = 3; +@@ -468,6 +477,7 @@ interface dcerpc + const uint8 DCERPC_FRAG_LEN_OFFSET = 8; + const uint8 DCERPC_AUTH_LEN_OFFSET = 10; + const uint8 DCERPC_CALL_ID_OFFSET = 12; ++ const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; + + /* little-endian flag */ + const uint8 DCERPC_DREP_LE = 0x10; +@@ -476,7 +486,7 @@ interface dcerpc + uint8 rpc_vers; /* RPC version */ + uint8 rpc_vers_minor; /* Minor version */ + dcerpc_pkt_type ptype; /* Packet type */ +- uint8 pfc_flags; /* Fragmentation flags */ ++ dcerpc_pfc_flags pfc_flags; /* Fragmentation flags */ + uint8 drep[4]; /* NDR data representation */ + uint16 frag_length; /* Total length of fragment */ + uint16 auth_length; /* authenticator length */ +@@ -506,4 +516,69 @@ interface dcerpc + uint8 serial_low; + [switch_is(ptype)] dcerpc_payload u; + } ncadg_packet; ++ ++ typedef [bitmap16bit] bitmap { ++ DCERPC_SEC_VT_COMMAND_ENUM = 0x3FFF, ++ DCERPC_SEC_VT_COMMAND_END = 0x4000, ++ DCERPC_SEC_VT_MUST_PROCESS = 0x8000 ++ } dcerpc_sec_vt_command; ++ ++ typedef [enum16bit] enum { ++ DCERPC_SEC_VT_COMMAND_BITMASK1 = 0x0001, ++ DCERPC_SEC_VT_COMMAND_PCONTEXT = 0x0002, ++ DCERPC_SEC_VT_COMMAND_HEADER2 = 0x0003 ++ } dcerpc_sec_vt_command_enum; ++ ++ typedef [bitmap32bit] bitmap { ++ DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING = 0x00000001 ++ } dcerpc_sec_vt_bitmask1; ++ ++ typedef struct { ++ ndr_syntax_id abstract_syntax; ++ ndr_syntax_id transfer_syntax; ++ } dcerpc_sec_vt_pcontext; ++ ++ typedef struct { ++ dcerpc_pkt_type ptype; /* Packet type */ ++ [value(0)] uint8 reserved1; ++ [value(0)] uint16 reserved2; ++ uint8 drep[4]; /* NDR data representation */ ++ uint32 call_id; /* Call identifier */ ++ uint16 context_id; ++ uint16 opnum; ++ } dcerpc_sec_vt_header2; ++ ++ typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] union { ++ [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitmask1; ++ [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcontext; ++ [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header2; ++ [default,flag(NDR_REMAINING)] DATA_BLOB _unknown; ++ } dcerpc_sec_vt_union; ++ ++ typedef struct { ++ dcerpc_sec_vt_command command; ++ [switch_is(command & DCERPC_SEC_VT_COMMAND_ENUM)] ++ [subcontext(2),flag(NDR_SUBCONTEXT_NO_UNREAD_BYTES)] ++ dcerpc_sec_vt_union u; ++ } dcerpc_sec_vt; ++ ++ typedef [public,nopush,nopull] struct { ++ uint16 count; ++ } dcerpc_sec_vt_count; ++ ++ /* ++ * We assume that the whole verification trailer fits into ++ * the last 1024 bytes after the stub data. ++ * ++ * There're currently only 3 commands defined and each should ++ * only be used once. ++ */ ++ const uint16 DCERPC_SEC_VT_MAX_SIZE = 1024; ++ ++ typedef [public,flag(NDR_PAHEX)] struct { ++ [flag(NDR_ALIGN4)] DATA_BLOB _pad; ++ [value(DCERPC_SEC_VT_MAGIC)] uint8 magic[8]; ++ dcerpc_sec_vt_count count; ++ dcerpc_sec_vt commands[count.count]; ++ } dcerpc_sec_verification_trailer; + } +--- /dev/null ++++ b/librpc/ndr/ndr_dcerpc.c +@@ -0,0 +1,187 @@ ++/* ++ Unix SMB/CIFS implementation. ++ ++ Manually parsed structures found in the DCERPC protocol ++ ++ Copyright (C) Stefan Metzmacher 2014 ++ Copyright (C) Gregor Beck 2014 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#include "includes.h" ++#include "librpc/gen_ndr/ndr_dcerpc.h" ++ ++#include "librpc/gen_ndr/ndr_misc.h" ++#include "lib/util/bitmap.h" ++ ++const uint8_t DCERPC_SEC_VT_MAGIC[] = {0x8a,0xe3,0x13,0x71,0x02,0xf4,0x36,0x71}; ++ ++_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r) ++{ ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); ++ /* nothing */ ++ return NDR_ERR_SUCCESS; ++} ++ ++_PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_sec_vt_count(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_sec_vt_count *r) ++{ ++ uint32_t _saved_ofs = ndr->offset; ++ ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); ++ ++ if (!(ndr_flags & NDR_SCALARS)) { ++ return NDR_ERR_SUCCESS; ++ } ++ ++ r->count = 0; ++ ++ while (true) { ++ uint16_t command; ++ uint16_t length; ++ ++ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &command)); ++ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &length)); ++ NDR_CHECK(ndr_pull_advance(ndr, length)); ++ ++ r->count += 1; ++ ++ if (command & DCERPC_SEC_VT_COMMAND_END) { ++ break; ++ } ++ } ++ ++ ndr->offset = _saved_ofs; ++ return NDR_ERR_SUCCESS; ++} ++ ++_PUBLIC_ enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer( ++ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx, ++ struct dcerpc_sec_verification_trailer **_r) ++{ ++ enum ndr_err_code ndr_err; ++ uint32_t ofs; ++ uint32_t min_ofs = 0; ++ struct dcerpc_sec_verification_trailer *r; ++ DATA_BLOB sub_blob = data_blob_null; ++ struct ndr_pull *sub_ndr = NULL; ++ uint32_t remaining; ++ ++ *_r = NULL; ++ ++ r = talloc_zero(mem_ctx, struct dcerpc_sec_verification_trailer); ++ if (r == NULL) { ++ return NDR_ERR_ALLOC; ++ } ++ ++ if (ndr->data_size < sizeof(DCERPC_SEC_VT_MAGIC)) { ++ /* ++ * we return with r->count = 0 ++ */ ++ *_r = r; ++ return NDR_ERR_SUCCESS; ++ } ++ ++ ofs = ndr->data_size - sizeof(DCERPC_SEC_VT_MAGIC); ++ /* the magic is 4 byte aligned */ ++ ofs &= ~3; ++ ++ if (ofs > DCERPC_SEC_VT_MAX_SIZE) { ++ /* ++ * We just scan the last 1024 bytes. ++ */ ++ min_ofs = ofs - DCERPC_SEC_VT_MAX_SIZE; ++ } else { ++ min_ofs = 0; ++ } ++ ++ while (true) { ++ int ret; ++ ++ ret = memcmp(&ndr->data[ofs], ++ DCERPC_SEC_VT_MAGIC, ++ sizeof(DCERPC_SEC_VT_MAGIC)); ++ if (ret == 0) { ++ sub_blob = data_blob_const(&ndr->data[ofs], ++ ndr->data_size - ofs); ++ break; ++ } ++ ++ if (ofs <= min_ofs) { ++ break; ++ } ++ ++ ofs -= 4; ++ } ++ ++ if (sub_blob.length == 0) { ++ /* ++ * we return with r->count = 0 ++ */ ++ *_r = r; ++ return NDR_ERR_SUCCESS; ++ } ++ ++ sub_ndr = ndr_pull_init_blob(&sub_blob, r); ++ if (sub_ndr == NULL) { ++ TALLOC_FREE(r); ++ return NDR_ERR_ALLOC; ++ } ++ ++ ndr_err = ndr_pull_dcerpc_sec_verification_trailer(sub_ndr, ++ NDR_SCALARS | NDR_BUFFERS, ++ r); ++ if (ndr_err == NDR_ERR_ALLOC) { ++ TALLOC_FREE(r); ++ return NDR_ERR_ALLOC; ++ } ++ ++ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ++ goto ignore_error; ++ } ++ ++ remaining = sub_ndr->data_size - sub_ndr->offset; ++ if (remaining > 16) { ++ /* ++ * we expect not more than 16 byte of additional ++ * padding after the verification trailer. ++ */ ++ goto ignore_error; ++ } ++ ++ /* ++ * We assume that we got a real verification trailer. ++ * ++ * We remove it from the available stub data. ++ */ ++ ndr->data_size = ofs; ++ ++ TALLOC_FREE(sub_ndr); ++ ++ *_r = r; ++ return NDR_ERR_SUCCESS; ++ ++ignore_error: ++ TALLOC_FREE(sub_ndr); ++ /* ++ * just ignore the error, it's likely ++ * that the magic we found belongs to ++ * the stub data. ++ * ++ * we return with r->count = 0 ++ */ ++ ZERO_STRUCTP(r); ++ *_r = r; ++ return NDR_ERR_SUCCESS; ++} +--- a/librpc/wscript_build ++++ b/librpc/wscript_build +@@ -274,8 +274,9 @@ bld.SAMBA_SUBSYSTEM('NDR_COMPRESSION', + ) + + bld.SAMBA_SUBSYSTEM('NDR_DCERPC', +- source='gen_ndr/ndr_dcerpc.c', ++ source='gen_ndr/ndr_dcerpc.c ndr/ndr_dcerpc.c', + public_deps='ndr', ++ deps='bitmap', + public_headers='gen_ndr/ndr_dcerpc.h gen_ndr/dcerpc.h', + header_path= [ ('*gen_ndr*', 'gen_ndr') ], + ) +--- a/source3/Makefile.in ++++ b/source3/Makefile.in +@@ -323,7 +323,8 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \ + ../librpc/ndr/uuid.o \ + librpc/ndr/util.o \ + librpc/gen_ndr/ndr_server_id.o \ +- librpc/gen_ndr/ndr_dcerpc.o ++ librpc/gen_ndr/ndr_dcerpc.o \ ++ ../librpc/ndr/ndr_dcerpc.o + + LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \ + librpc/gen_ndr/ndr_lsa.o +@@ -454,7 +455,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ + lib/username.o \ + ../libds/common/flag_mapping.o \ + lib/access.o lib/smbrun.o \ +- lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ ++ ../lib/util/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ + lib/wins_srv.o \ + lib/util_str.o lib/clobber.o lib/util_sid.o \ + lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \ +@@ -987,7 +988,9 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(P + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ + $(PASSCHANGE_OBJ) $(FNAME_UTIL_OBJ) \ + $(LIBCLI_SAMR_OBJ) \ +- rpc_client/init_lsa.o ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_lsa.o \ ++ rpc_client/init_netlogon.o + + STATUS_OBJ = utils/status.o utils/status_profile.o \ + $(LOCKING_OBJ) $(PARAM_OBJ) \ +@@ -1003,7 +1006,9 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OB + $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ + $(LIBMSRPC_GEN_OBJ) \ + $(LIBMSRPC_OBJ) \ +- $(LIBCLI_SRVSVC_OBJ) ++ $(LIBCLI_SRVSVC_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_netlogon.o + + TESTPARM_OBJ = utils/testparm.o \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ +@@ -1025,7 +1030,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASS + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ + $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ + $(LIBCLI_SAMR_OBJ) \ +- rpc_client/init_lsa.o ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_lsa.o \ ++ rpc_client/init_netlogon.o + + PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \ + $(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \ +@@ -1098,7 +1105,9 @@ LIBSMBCLIENT_OBJ1 = $(LIBSMBCLIENT_OBJ0) + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ + $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ + $(LIBCLI_SRVSVC_OBJ) \ +- $(LIBCLI_LSA_OBJ) ++ $(LIBCLI_LSA_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_netlogon.o + + LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ1) + +@@ -1121,7 +1130,9 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) + $(READLINE_OBJ) $(POPT_LIB_OBJ) \ + $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ + $(DISPLAY_SEC_OBJ) \ +- $(LIBCLI_SRVSVC_OBJ) ++ $(LIBCLI_SRVSVC_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_netlogon.o + + LIBSMBCONF_OBJ = ../lib/smbconf/smbconf.o \ + ../lib/smbconf/smbconf_util.o \ +@@ -1233,7 +1244,9 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PA + @LIBWBCLIENT_STATIC@ \ + torture/wbc_async.o \ + ../nsswitch/wb_reqtrans.o \ +- $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) ++ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) rpc_client/init_netlogon.o ++ + + MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(LIB_NONSMBD_OBJ) \ +@@ -1268,14 +1281,18 @@ SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_ + $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ + $(PASSDB_OBJ) $(GROUPDB_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ +- $(LIBCLI_LSA_OBJ) ++ $(LIBCLI_LSA_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_netlogon.o + + SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(PARAM_OBJ) \ + $(LIB_NONSMBD_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(POPT_LIB_OBJ) \ + $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ +- $(LIBCLI_LSA_OBJ) ++ $(LIBCLI_LSA_OBJ) \ ++ $(LIBCLI_NETLOGON_OBJ) \ ++ rpc_client/init_netlogon.o + + EVTLOGADM_OBJ0 = utils/eventlogadm.o + +--- a/librpc/ndr/ndr_basic.c ++++ b/librpc/ndr/ndr_basic.c +@@ -61,6 +61,7 @@ _PUBLIC_ void ndr_check_padding(struct n + */ + _PUBLIC_ enum ndr_err_code ndr_pull_int8(struct ndr_pull *ndr, int ndr_flags, int8_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_NEED_BYTES(ndr, 1); + *v = (int8_t)CVAL(ndr->data, ndr->offset); + ndr->offset += 1; +@@ -72,6 +73,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int8 + */ + _PUBLIC_ enum ndr_err_code ndr_pull_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_NEED_BYTES(ndr, 1); + *v = CVAL(ndr->data, ndr->offset); + ndr->offset += 1; +@@ -83,6 +85,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint + */ + _PUBLIC_ enum ndr_err_code ndr_pull_int16(struct ndr_pull *ndr, int ndr_flags, int16_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 2); + NDR_PULL_NEED_BYTES(ndr, 2); + *v = (uint16_t)NDR_SVAL(ndr, ndr->offset); +@@ -95,6 +98,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int1 + */ + _PUBLIC_ enum ndr_err_code ndr_pull_uint16(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 2); + NDR_PULL_NEED_BYTES(ndr, 2); + *v = NDR_SVAL(ndr, ndr->offset); +@@ -107,6 +111,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint + */ + _PUBLIC_ enum ndr_err_code ndr_pull_uint1632(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (unlikely(ndr->flags & LIBNDR_FLAG_NDR64)) { + uint32_t v32 = 0; + enum ndr_err_code err = ndr_pull_uint32(ndr, ndr_flags, &v32); +@@ -125,6 +130,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint + */ + _PUBLIC_ enum ndr_err_code ndr_pull_int32(struct ndr_pull *ndr, int ndr_flags, int32_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 4); + *v = NDR_IVALS(ndr, ndr->offset); +@@ -137,6 +143,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int3 + */ + _PUBLIC_ enum ndr_err_code ndr_pull_uint32(struct ndr_pull *ndr, int ndr_flags, uint32_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 4); + *v = NDR_IVAL(ndr, ndr->offset); +@@ -151,6 +158,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint + { + uint64_t v64; + enum ndr_err_code err; ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (likely(!(ndr->flags & LIBNDR_FLAG_NDR64))) { + return ndr_pull_uint32(ndr, ndr_flags, v); + } +@@ -169,6 +177,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint + */ + _PUBLIC_ enum ndr_err_code ndr_pull_double(struct ndr_pull *ndr, int ndr_flags, double *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 8); + NDR_PULL_NEED_BYTES(ndr, 8); + memcpy(v, ndr->data+ndr->offset, 8); +@@ -217,6 +226,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ref_ + */ + _PUBLIC_ enum ndr_err_code ndr_pull_udlong(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 8); + *v = NDR_IVAL(ndr, ndr->offset); +@@ -230,6 +240,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_udlo + */ + _PUBLIC_ enum ndr_err_code ndr_pull_udlongr(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 8); + *v = ((uint64_t)NDR_IVAL(ndr, ndr->offset)) << 32; +@@ -264,6 +275,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_hype + _PUBLIC_ enum ndr_err_code ndr_pull_pointer(struct ndr_pull *ndr, int ndr_flags, void* *v) + { + uintptr_t h; ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_PULL_ALIGN(ndr, sizeof(h)); + NDR_PULL_NEED_BYTES(ndr, sizeof(h)); + memcpy(&h, ndr->data+ndr->offset, sizeof(h)); +@@ -278,6 +290,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_poin + _PUBLIC_ enum ndr_err_code ndr_pull_NTSTATUS(struct ndr_pull *ndr, int ndr_flags, NTSTATUS *status) + { + uint32_t v; ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *status = NT_STATUS(v); + return NDR_ERR_SUCCESS; +@@ -302,6 +315,7 @@ _PUBLIC_ void ndr_print_NTSTATUS(struct + _PUBLIC_ enum ndr_err_code ndr_pull_WERROR(struct ndr_pull *ndr, int ndr_flags, WERROR *status) + { + uint32_t v; ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *status = W_ERROR(v); + return NDR_ERR_SUCCESS; +@@ -414,6 +428,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_byte + */ + _PUBLIC_ enum ndr_err_code ndr_pull_array_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *data, uint32_t n) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } +@@ -425,6 +440,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_arra + */ + _PUBLIC_ enum ndr_err_code ndr_push_int8(struct ndr_push *ndr, int ndr_flags, int8_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_NEED_BYTES(ndr, 1); + SCVAL(ndr->data, ndr->offset, (uint8_t)v); + ndr->offset += 1; +@@ -436,6 +452,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int8 + */ + _PUBLIC_ enum ndr_err_code ndr_push_uint8(struct ndr_push *ndr, int ndr_flags, uint8_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_NEED_BYTES(ndr, 1); + SCVAL(ndr->data, ndr->offset, v); + ndr->offset += 1; +@@ -447,6 +464,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint + */ + _PUBLIC_ enum ndr_err_code ndr_push_int16(struct ndr_push *ndr, int ndr_flags, int16_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 2); + NDR_PUSH_NEED_BYTES(ndr, 2); + NDR_SSVAL(ndr, ndr->offset, (uint16_t)v); +@@ -459,6 +477,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int1 + */ + _PUBLIC_ enum ndr_err_code ndr_push_uint16(struct ndr_push *ndr, int ndr_flags, uint16_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 2); + NDR_PUSH_NEED_BYTES(ndr, 2); + NDR_SSVAL(ndr, ndr->offset, v); +@@ -482,6 +501,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint + */ + _PUBLIC_ enum ndr_err_code ndr_push_int32(struct ndr_push *ndr, int ndr_flags, int32_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 4); + NDR_PUSH_NEED_BYTES(ndr, 4); + NDR_SIVALS(ndr, ndr->offset, v); +@@ -494,6 +514,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int3 + */ + _PUBLIC_ enum ndr_err_code ndr_push_uint32(struct ndr_push *ndr, int ndr_flags, uint32_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 4); + NDR_PUSH_NEED_BYTES(ndr, 4); + NDR_SIVAL(ndr, ndr->offset, v); +@@ -517,6 +538,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint + */ + _PUBLIC_ enum ndr_err_code ndr_push_udlong(struct ndr_push *ndr, int ndr_flags, uint64_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 4); + NDR_PUSH_NEED_BYTES(ndr, 8); + NDR_SIVAL(ndr, ndr->offset, (v & 0xFFFFFFFF)); +@@ -530,6 +552,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_udlo + */ + _PUBLIC_ enum ndr_err_code ndr_push_udlongr(struct ndr_push *ndr, int ndr_flags, uint64_t v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 4); + NDR_PUSH_NEED_BYTES(ndr, 8); + NDR_SIVAL(ndr, ndr->offset, (v>>32)); +@@ -563,6 +586,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_hype + */ + _PUBLIC_ enum ndr_err_code ndr_push_double(struct ndr_push *ndr, int ndr_flags, double v) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, 8); + NDR_PUSH_NEED_BYTES(ndr, 8); + memcpy(ndr->data+ndr->offset, &v, 8); +@@ -576,6 +600,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_doub + _PUBLIC_ enum ndr_err_code ndr_push_pointer(struct ndr_push *ndr, int ndr_flags, void* v) + { + uintptr_t h = (intptr_t)v; ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_PUSH_ALIGN(ndr, sizeof(h)); + NDR_PUSH_NEED_BYTES(ndr, sizeof(h)); + memcpy(ndr->data+ndr->offset, &h, sizeof(h)); +@@ -686,6 +711,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_zero + */ + _PUBLIC_ enum ndr_err_code ndr_push_array_uint8(struct ndr_push *ndr, int ndr_flags, const uint8_t *data, uint32_t n) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } +@@ -738,6 +764,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_ref_ + */ + _PUBLIC_ enum ndr_err_code ndr_push_NTTIME(struct ndr_push *ndr, int ndr_flags, NTTIME t) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_push_udlong(ndr, ndr_flags, t)); + return NDR_ERR_SUCCESS; + } +@@ -747,6 +774,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI + */ + _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, t)); + return NDR_ERR_SUCCESS; + } +@@ -756,6 +784,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI + */ + _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_1sec(struct ndr_push *ndr, int ndr_flags, NTTIME t) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + t /= 10000000; + NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); + return NDR_ERR_SUCCESS; +@@ -766,6 +795,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI + */ + _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_1sec(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); + (*t) *= 10000000; + return NDR_ERR_SUCCESS; +@@ -776,6 +806,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI + */ + _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_hyper(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) + { ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); + return NDR_ERR_SUCCESS; + } +@@ -785,6 +816,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI + */ + _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_hyper(struct ndr_push *ndr, int ndr_flags, NTTIME t) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); + return NDR_ERR_SUCCESS; + } +@@ -814,6 +846,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_time + */ + _PUBLIC_ enum ndr_err_code ndr_push_uid_t(struct ndr_push *ndr, int ndr_flags, uid_t u) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)u); + } + +@@ -839,6 +872,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uid_ + */ + _PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags, gid_t g) + { ++ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); + return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)g); + } + +--- a/source3/lib/bitmap.c ++++ /dev/null +@@ -1,136 +0,0 @@ +-/* +- Unix SMB/CIFS implementation. +- simple bitmap functions +- Copyright (C) Andrew Tridgell 1992-1998 +- +- This program is free software; you can redistribute it and/or modify +- it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 3 of the License, or +- (at your option) any later version. +- +- This program is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- GNU General Public License for more details. +- +- You should have received a copy of the GNU General Public License +- along with this program. If not, see . +-*/ +- +-#include "includes.h" +- +-/* these functions provide a simple way to allocate integers from a +- pool without repetition */ +- +-/**************************************************************************** +-talloc a bitmap +-****************************************************************************/ +-struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n) +-{ +- struct bitmap *bm; +- +- bm = TALLOC_P(mem_ctx, struct bitmap); +- +- if (!bm) return NULL; +- +- bm->n = n; +- bm->b = TALLOC_ZERO_ARRAY(bm, uint32, (n+31)/32); +- if (!bm->b) { +- TALLOC_FREE(bm); +- return NULL; +- } +- return bm; +-} +- +-/**************************************************************************** +-copy as much of the source bitmap as will fit in the destination bitmap. +-****************************************************************************/ +- +-int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src) +-{ +- int count = MIN(dst->n, src->n); +- +- SMB_ASSERT(dst->b != src->b); +- memcpy(dst->b, src->b, sizeof(uint32)*((count+31)/32)); +- +- return count; +-} +- +-/**************************************************************************** +-set a bit in a bitmap +-****************************************************************************/ +-bool bitmap_set(struct bitmap *bm, unsigned i) +-{ +- if (i >= bm->n) { +- DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n", +- i, bm->n)); +- return False; +- } +- bm->b[i/32] |= (1<<(i%32)); +- return True; +-} +- +-/**************************************************************************** +-clear a bit in a bitmap +-****************************************************************************/ +-bool bitmap_clear(struct bitmap *bm, unsigned i) +-{ +- if (i >= bm->n) { +- DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n", +- i, bm->n)); +- return False; +- } +- bm->b[i/32] &= ~(1<<(i%32)); +- return True; +-} +- +-/**************************************************************************** +-query a bit in a bitmap +-****************************************************************************/ +-bool bitmap_query(struct bitmap *bm, unsigned i) +-{ +- if (i >= bm->n) return False; +- if (bm->b[i/32] & (1<<(i%32))) { +- return True; +- } +- return False; +-} +- +-/**************************************************************************** +-find a zero bit in a bitmap starting at the specified offset, with +-wraparound +-****************************************************************************/ +-int bitmap_find(struct bitmap *bm, unsigned ofs) +-{ +- unsigned int i, j; +- +- if (ofs > bm->n) ofs = 0; +- +- i = ofs; +- while (i < bm->n) { +- if (~(bm->b[i/32])) { +- j = i; +- do { +- if (!bitmap_query(bm, j)) return j; +- j++; +- } while (j & 31 && j < bm->n); +- } +- i += 32; +- i &= ~31; +- } +- +- i = 0; +- while (i < ofs) { +- if (~(bm->b[i/32])) { +- j = i; +- do { +- if (!bitmap_query(bm, j)) return j; +- j++; +- } while (j & 31 && j < bm->n); +- } +- i += 32; +- i &= ~31; +- } +- +- return -1; +-} +--- /dev/null ++++ b/lib/util/bitmap.c +@@ -0,0 +1,137 @@ ++/* ++ Unix SMB/CIFS implementation. ++ simple bitmap functions ++ Copyright (C) Andrew Tridgell 1992-1998 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#include "includes.h" ++#include "lib/util/bitmap.h" ++ ++/* these functions provide a simple way to allocate integers from a ++ pool without repetition */ ++ ++/**************************************************************************** ++talloc a bitmap ++****************************************************************************/ ++struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n) ++{ ++ struct bitmap *bm; ++ ++ bm = talloc_zero(mem_ctx, struct bitmap); ++ ++ if (!bm) return NULL; ++ ++ bm->n = n; ++ bm->b = talloc_zero_array(bm, uint32_t, (n+31)/32); ++ if (!bm->b) { ++ TALLOC_FREE(bm); ++ return NULL; ++ } ++ return bm; ++} ++ ++/**************************************************************************** ++copy as much of the source bitmap as will fit in the destination bitmap. ++****************************************************************************/ ++ ++int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src) ++{ ++ int count = MIN(dst->n, src->n); ++ ++ SMB_ASSERT(dst->b != src->b); ++ memcpy(dst->b, src->b, sizeof(uint32_t)*((count+31)/32)); ++ ++ return count; ++} ++ ++/**************************************************************************** ++set a bit in a bitmap ++****************************************************************************/ ++bool bitmap_set(struct bitmap *bm, unsigned i) ++{ ++ if (i >= bm->n) { ++ DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n", ++ i, bm->n)); ++ return false; ++ } ++ bm->b[i/32] |= (1<<(i%32)); ++ return true; ++} ++ ++/**************************************************************************** ++clear a bit in a bitmap ++****************************************************************************/ ++bool bitmap_clear(struct bitmap *bm, unsigned i) ++{ ++ if (i >= bm->n) { ++ DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n", ++ i, bm->n)); ++ return false; ++ } ++ bm->b[i/32] &= ~(1<<(i%32)); ++ return true; ++} ++ ++/**************************************************************************** ++query a bit in a bitmap ++****************************************************************************/ ++bool bitmap_query(struct bitmap *bm, unsigned i) ++{ ++ if (i >= bm->n) return false; ++ if (bm->b[i/32] & (1<<(i%32))) { ++ return true; ++ } ++ return false; ++} ++ ++/**************************************************************************** ++find a zero bit in a bitmap starting at the specified offset, with ++wraparound ++****************************************************************************/ ++int bitmap_find(struct bitmap *bm, unsigned ofs) ++{ ++ unsigned int i, j; ++ ++ if (ofs > bm->n) ofs = 0; ++ ++ i = ofs; ++ while (i < bm->n) { ++ if (~(bm->b[i/32])) { ++ j = i; ++ do { ++ if (!bitmap_query(bm, j)) return j; ++ j++; ++ } while (j & 31 && j < bm->n); ++ } ++ i += 32; ++ i &= ~31; ++ } ++ ++ i = 0; ++ while (i < ofs) { ++ if (~(bm->b[i/32])) { ++ j = i; ++ do { ++ if (!bitmap_query(bm, j)) return j; ++ j++; ++ } while (j & 31 && j < bm->n); ++ } ++ i += 32; ++ i &= ~31; ++ } ++ ++ return -1; ++} +--- /dev/null ++++ b/lib/util/bitmap.h +@@ -0,0 +1,32 @@ ++/* ++ Unix SMB/CIFS implementation. ++ simple bitmap functions ++ Copyright (C) Andrew Tridgell 1992-1998 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++/* The following definitions come from lib/bitmap.c */ ++ ++struct bitmap { ++ uint32_t *b; ++ unsigned int n; ++}; ++ ++struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n); ++int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src); ++bool bitmap_set(struct bitmap *bm, unsigned i); ++bool bitmap_clear(struct bitmap *bm, unsigned i); ++bool bitmap_query(struct bitmap *bm, unsigned i); ++int bitmap_find(struct bitmap *bm, unsigned ofs); +--- a/lib/util/wscript_build ++++ b/lib/util/wscript_build +@@ -99,5 +99,11 @@ bld.SAMBA_LIBRARY('tdb-wrap', + public_headers='tdb_wrap.h', + private_library=True, + local_include=False +- ) ++ ) ++ ++bld.SAMBA_LIBRARY('bitmap', ++ source='bitmap.c', ++ deps='talloc samba-util', ++ local_include=False, ++ private_library=True) + +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -61,15 +61,6 @@ const char *audit_description_str(uint32 + bool get_audit_category_from_param(const char *param, uint32 *audit_category); + const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy); + +-/* The following definitions come from lib/bitmap.c */ +- +-struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n); +-int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src); +-bool bitmap_set(struct bitmap *bm, unsigned i); +-bool bitmap_clear(struct bitmap *bm, unsigned i); +-bool bitmap_query(struct bitmap *bm, unsigned i); +-int bitmap_find(struct bitmap *bm, unsigned ofs); +- + /* The following definitions come from lib/charcnv.c */ + + char lp_failed_convert_char(void); +--- a/source3/include/smb.h ++++ b/source3/include/smb.h +@@ -712,7 +712,6 @@ struct connections_data { + uint32 unused_compatitibility_field; + }; + +- + /* the following are used by loadparm for option lists */ + typedef enum { + P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_LIST, +@@ -759,11 +758,6 @@ struct parm_struct { + #define FLAG_META 0x8000 /* A meta directive - not a real parameter */ + #define FLAG_CMDLINE 0x10000 /* option has been overridden */ + +-struct bitmap { +- uint32 *b; +- unsigned int n; +-}; +- + /* offsets into message for common items */ + #define smb_com 8 + #define smb_rcls 9 +--- a/source3/modules/vfs_acl_common.c ++++ b/source3/modules/vfs_acl_common.c +@@ -23,6 +23,7 @@ + #include "system/filesys.h" + #include "../libcli/security/security.h" + #include "../librpc/gen_ndr/ndr_security.h" ++#include "../lib/util/bitmap.h" + + static NTSTATUS create_acl_blob(const struct security_descriptor *psd, + DATA_BLOB *pblob, +--- a/source3/modules/vfs_full_audit.c ++++ b/source3/modules/vfs_full_audit.c +@@ -64,6 +64,7 @@ + #include "../librpc/gen_ndr/ndr_netlogon.h" + #include "auth.h" + #include "ntioctl.h" ++#include "lib/util/bitmap.h" + + static int vfs_full_audit_debug_level = DBGC_VFS; + +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -64,6 +64,7 @@ + #include "smb_signing.h" + #include "dbwrap.h" + #include "smbldap.h" ++#include "../lib/util/bitmap.h" + + #ifdef HAVE_SYS_SYSCTL_H + #include +--- a/source3/passdb/pdb_get_set.c ++++ b/source3/passdb/pdb_get_set.c +@@ -25,6 +25,7 @@ + #include "passdb.h" + #include "../libcli/auth/libcli_auth.h" + #include "../libcli/security/security.h" ++#include "../lib/util/bitmap.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_PASSDB +--- a/source3/smbd/conn.c ++++ b/source3/smbd/conn.c +@@ -23,6 +23,7 @@ + #include "smbd/smbd.h" + #include "smbd/globals.h" + #include "rpc_server/rpc_ncacn_np.h" ++#include "lib/util/bitmap.h" + + /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The + * maximum size of the bitmap is the largest positive integer, but you will hit +--- a/source3/smbd/dir.c ++++ b/source3/smbd/dir.c +@@ -23,6 +23,7 @@ + #include "smbd/smbd.h" + #include "smbd/globals.h" + #include "libcli/security/security.h" ++#include "lib/util/bitmap.h" + + /* + This module implements directory related functions for Samba. +--- a/source3/smbd/files.c ++++ b/source3/smbd/files.c +@@ -22,6 +22,7 @@ + #include "smbd/globals.h" + #include "libcli/security/security.h" + #include "util_tdb.h" ++#include "lib/util/bitmap.h" + + #define VALID_FNUM(fnum) (((fnum) >= 0) && ((fnum) < real_max_open_files)) + +--- a/source3/smbd/smb2_server.c ++++ b/source3/smbd/smb2_server.c +@@ -26,6 +26,7 @@ + #include "../lib/tsocket/tsocket.h" + #include "../lib/util/tevent_ntstatus.h" + #include "smbprofile.h" ++#include "../lib/util/bitmap.h" + + #define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9) + +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -28,6 +28,7 @@ + #include "../libcli/auth/ntlmssp.h" + #include "ntlmssp_wrap.h" + #include "librpc/gen_ndr/ndr_dcerpc.h" ++#include "librpc/gen_ndr/ndr_netlogon_c.h" + #include "librpc/rpc/dcerpc.h" + #include "librpc/crypto/gse.h" + #include "librpc/crypto/spnego.h" +@@ -399,6 +400,7 @@ static NTSTATUS cli_pipe_validate_curren + struct ncacn_packet *pkt, + DATA_BLOB *pdu, + uint8_t expected_pkt_type, ++ uint32_t call_id, + DATA_BLOB *rdata, + DATA_BLOB *reply_pdu) + { +@@ -497,7 +499,7 @@ static NTSTATUS cli_pipe_validate_curren + "from %s!\n", + (unsigned int)pkt->ptype, + rpccli_pipe_txt(talloc_tos(), cli))); +- return NT_STATUS_INVALID_INFO_CLASS; ++ return NT_STATUS_RPC_PROTOCOL_ERROR; + } + + if (pkt->ptype != expected_pkt_type) { +@@ -505,7 +507,15 @@ static NTSTATUS cli_pipe_validate_curren + "RPC packet type - %u, not %u\n", + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type)); +- return NT_STATUS_INVALID_INFO_CLASS; ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (pkt->call_id != call_id) { ++ DEBUG(3, (__location__ ": Connection to %s got an unexpected " ++ "RPC call_id - %u, not %u\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->call_id, call_id)); ++ return NT_STATUS_RPC_PROTOCOL_ERROR; + } + + /* Do this just before return - we don't want to modify any rpc header +@@ -898,6 +908,7 @@ static void rpc_api_pipe_got_pdu(struct + state->cli, state->pkt, + &state->incoming_frag, + state->expected_pkt_type, ++ state->call_id, + &rdata, + &state->reply_pdu); + +@@ -1269,12 +1280,17 @@ struct rpc_api_pipe_req_state { + uint32_t call_id; + DATA_BLOB *req_data; + uint32_t req_data_sent; ++ DATA_BLOB req_trailer; ++ uint32_t req_trailer_sent; ++ bool verify_bitmask1; ++ bool verify_pcontext; + DATA_BLOB rpc_out; + DATA_BLOB reply_pdu; + }; + + static void rpc_api_pipe_req_write_done(struct tevent_req *subreq); + static void rpc_api_pipe_req_done(struct tevent_req *subreq); ++static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state); + static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, + bool *is_last_frag); + +@@ -1310,6 +1326,11 @@ struct tevent_req *rpc_api_pipe_req_send + goto post_status; + } + ++ status = prepare_verification_trailer(state); ++ if (!NT_STATUS_IS_OK(status)) { ++ goto post_status; ++ } ++ + status = prepare_next_frag(state, &is_last_frag); + if (!NT_STATUS_IS_OK(status)) { + goto post_status; +@@ -1344,25 +1365,161 @@ struct tevent_req *rpc_api_pipe_req_send + return NULL; + } + ++static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state) ++{ ++ struct pipe_auth_data *a = state->cli->auth; ++ struct dcerpc_sec_verification_trailer *t; ++ struct dcerpc_sec_vt *c = NULL; ++ struct ndr_push *ndr = NULL; ++ enum ndr_err_code ndr_err; ++ size_t align = 0; ++ size_t pad = 0; ++ ++ if (a == NULL) { ++ return NT_STATUS_OK; ++ } ++ ++ if (a->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { ++ return NT_STATUS_OK; ++ } ++ ++ t = talloc_zero(state, struct dcerpc_sec_verification_trailer); ++ if (t == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ if (!a->verified_bitmask1) { ++ t->commands = talloc_realloc(t, t->commands, ++ struct dcerpc_sec_vt, ++ t->count.count + 1); ++ if (t->commands == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ c = &t->commands[t->count.count++]; ++ ZERO_STRUCTP(c); ++ ++ c->command = DCERPC_SEC_VT_COMMAND_BITMASK1; ++ state->verify_bitmask1 = true; ++ } ++ ++ if (!state->cli->verified_pcontext) { ++ t->commands = talloc_realloc(t, t->commands, ++ struct dcerpc_sec_vt, ++ t->count.count + 1); ++ if (t->commands == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ c = &t->commands[t->count.count++]; ++ ZERO_STRUCTP(c); ++ ++ c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT; ++ c->u.pcontext.abstract_syntax = state->cli->abstract_syntax; ++ c->u.pcontext.transfer_syntax = state->cli->transfer_syntax; ++ ++ state->verify_pcontext = true; ++ } ++ ++ if (true) { /* We do not support header signing */ ++ t->commands = talloc_realloc(t, t->commands, ++ struct dcerpc_sec_vt, ++ t->count.count + 1); ++ if (t->commands == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ c = &t->commands[t->count.count++]; ++ ZERO_STRUCTP(c); ++ ++ c->command = DCERPC_SEC_VT_COMMAND_HEADER2; ++ c->u.header2.ptype = DCERPC_PKT_REQUEST; ++ c->u.header2.drep[0] = DCERPC_DREP_LE; ++ c->u.header2.drep[1] = 0; ++ c->u.header2.drep[2] = 0; ++ c->u.header2.drep[3] = 0; ++ c->u.header2.call_id = state->call_id; ++ c->u.header2.context_id = 0; ++ c->u.header2.opnum = state->op_num; ++ } ++ ++ if (t->count.count == 0) { ++ TALLOC_FREE(t); ++ return NT_STATUS_OK; ++ } ++ ++ c = &t->commands[t->count.count - 1]; ++ c->command |= DCERPC_SEC_VT_COMMAND_END; ++ ++ if (DEBUGLEVEL >= 10) { ++ NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t); ++ } ++ ++ ndr = ndr_push_init_ctx(state); ++ if (ndr == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr, ++ NDR_SCALARS | NDR_BUFFERS, ++ t); ++ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ++ return ndr_map_error2ntstatus(ndr_err); ++ } ++ state->req_trailer = ndr_push_blob(ndr); ++ ++ align = state->req_data->length & 0x3; ++ if (align > 0) { ++ pad = 4 - align; ++ } ++ if (pad > 0) { ++ bool ok; ++ uint8_t *p; ++ const uint8_t zeros[4] = { 0, }; ++ ++ ok = data_blob_append(ndr, &state->req_trailer, zeros, pad); ++ if (!ok) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ /* move the padding to the start */ ++ p = state->req_trailer.data; ++ memmove(p + pad, p, state->req_trailer.length - pad); ++ memset(p, 0, pad); ++ } ++ ++ return NT_STATUS_OK; ++} ++ + static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, + bool *is_last_frag) + { +- size_t data_sent_thistime; + size_t auth_len; + size_t frag_len; + uint8_t flags = 0; + size_t pad_len; + size_t data_left; ++ size_t data_thistime; ++ size_t trailer_left; ++ size_t trailer_thistime = 0; ++ size_t total_left; ++ size_t total_thistime; + NTSTATUS status; ++ bool ok; + union dcerpc_payload u; + + data_left = state->req_data->length - state->req_data_sent; ++ trailer_left = state->req_trailer.length - state->req_trailer_sent; ++ total_left = data_left + trailer_left; ++ if ((total_left < data_left) || (total_left < trailer_left)) { ++ /* ++ * overflow ++ */ ++ return NT_STATUS_INVALID_PARAMETER_MIX; ++ } + + status = dcerpc_guess_sizes(state->cli->auth, +- DCERPC_REQUEST_LENGTH, data_left, ++ DCERPC_REQUEST_LENGTH, total_left, + state->cli->max_xmit_frag, + CLIENT_NDR_PADDING_SIZE, +- &data_sent_thistime, ++ &total_thistime, + &frag_len, &auth_len, &pad_len); + if (!NT_STATUS_IS_OK(status)) { + return status; +@@ -1372,15 +1529,20 @@ static NTSTATUS prepare_next_frag(struct + flags = DCERPC_PFC_FLAG_FIRST; + } + +- if (data_sent_thistime == data_left) { ++ if (total_thistime == total_left) { + flags |= DCERPC_PFC_FLAG_LAST; + } + ++ data_thistime = MIN(total_thistime, data_left); ++ if (data_thistime < total_thistime) { ++ trailer_thistime = total_thistime - data_thistime; ++ } ++ + data_blob_free(&state->rpc_out); + + ZERO_STRUCT(u.request); + +- u.request.alloc_hint = state->req_data->length; ++ u.request.alloc_hint = total_left; + u.request.context_id = 0; + u.request.opnum = state->op_num; + +@@ -1400,11 +1562,26 @@ static NTSTATUS prepare_next_frag(struct + * at this stage */ + dcerpc_set_frag_length(&state->rpc_out, frag_len); + +- /* Copy in the data. */ +- if (!data_blob_append(NULL, &state->rpc_out, ++ if (data_thistime > 0) { ++ /* Copy in the data. */ ++ ok = data_blob_append(NULL, &state->rpc_out, + state->req_data->data + state->req_data_sent, +- data_sent_thistime)) { +- return NT_STATUS_NO_MEMORY; ++ data_thistime); ++ if (!ok) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ state->req_data_sent += data_thistime; ++ } ++ ++ if (trailer_thistime > 0) { ++ /* Copy in the verification trailer. */ ++ ok = data_blob_append(NULL, &state->rpc_out, ++ state->req_trailer.data + state->req_trailer_sent, ++ trailer_thistime); ++ if (!ok) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ state->req_trailer_sent += trailer_thistime; + } + + switch (state->cli->auth->auth_level) { +@@ -1424,7 +1601,6 @@ static NTSTATUS prepare_next_frag(struct + return NT_STATUS_INVALID_PARAMETER; + } + +- state->req_data_sent += data_sent_thistime; + *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0); + + return status; +@@ -1488,6 +1664,20 @@ static void rpc_api_pipe_req_done(struct + tevent_req_nterror(req, status); + return; + } ++ ++ if (state->cli->auth == NULL) { ++ tevent_req_done(req); ++ return; ++ } ++ ++ if (state->verify_bitmask1) { ++ state->cli->auth->verified_bitmask1 = true; ++ } ++ ++ if (state->verify_pcontext) { ++ state->cli->verified_pcontext = true; ++ } ++ + tevent_req_done(req); + } + +@@ -1647,9 +1837,15 @@ struct rpc_pipe_bind_state { + DATA_BLOB rpc_out; + bool auth3; + uint32_t rpc_call_id; ++ struct netr_Authenticator auth; ++ struct netr_Authenticator return_auth; ++ struct netlogon_creds_CredentialState *creds; ++ union netr_Capabilities capabilities; ++ struct netr_LogonGetCapabilities r; + }; + + static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq); ++static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req); + static NTSTATUS rpc_bind_next_send(struct tevent_req *req, + struct rpc_pipe_bind_state *state, + DATA_BLOB *credentials); +@@ -1753,11 +1949,14 @@ static void rpc_pipe_bind_step_one_done( + + case DCERPC_AUTH_TYPE_NONE: + case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: +- case DCERPC_AUTH_TYPE_SCHANNEL: + /* Bind complete. */ + tevent_req_done(req); + return; + ++ case DCERPC_AUTH_TYPE_SCHANNEL: ++ rpc_pipe_bind_step_two_trigger(req); ++ return; ++ + case DCERPC_AUTH_TYPE_NTLMSSP: + case DCERPC_AUTH_TYPE_SPNEGO: + case DCERPC_AUTH_TYPE_KRB5: +@@ -1869,6 +2068,153 @@ err_out: + tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); + } + ++static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq); ++ ++static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req) ++{ ++ struct rpc_pipe_bind_state *state = ++ tevent_req_data(req, ++ struct rpc_pipe_bind_state); ++ struct dcerpc_binding_handle *b = state->cli->binding_handle; ++ struct schannel_state *schannel_auth = ++ talloc_get_type_abort(state->cli->auth->auth_ctx, ++ struct schannel_state); ++ struct tevent_req *subreq; ++ ++ if (schannel_auth == NULL || ++ !ndr_syntax_id_equal(&state->cli->abstract_syntax, ++ &ndr_table_netlogon.syntax_id)) { ++ tevent_req_done(req); ++ return; ++ } ++ ++ ZERO_STRUCT(state->return_auth); ++ ++ state->creds = netlogon_creds_copy(state, schannel_auth->creds); ++ if (state->creds == NULL) { ++ tevent_req_nterror(req, NT_STATUS_NO_MEMORY); ++ return; ++ } ++ ++ netlogon_creds_client_authenticator(state->creds, &state->auth); ++ ++ state->r.in.server_name = state->cli->srv_name_slash; ++ state->r.in.computer_name = state->creds->computer_name; ++ state->r.in.credential = &state->auth; ++ state->r.in.query_level = 1; ++ state->r.in.return_authenticator = &state->return_auth; ++ ++ state->r.out.capabilities = &state->capabilities; ++ state->r.out.return_authenticator = &state->return_auth; ++ ++ subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(), ++ state->ev, ++ b, ++ &state->r); ++ if (subreq == NULL) { ++ tevent_req_nterror(req, NT_STATUS_NO_MEMORY); ++ return; ++ } ++ ++ tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req); ++ return; ++} ++ ++static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq) ++{ ++ struct tevent_req *req = ++ tevent_req_callback_data(subreq, ++ struct tevent_req); ++ struct rpc_pipe_bind_state *state = ++ tevent_req_data(req, ++ struct rpc_pipe_bind_state); ++ struct schannel_state *schannel_auth = ++ talloc_get_type_abort(state->cli->auth->auth_ctx, ++ struct schannel_state); ++ NTSTATUS status; ++ ++ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos()); ++ TALLOC_FREE(subreq); ++ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { ++ if (state->cli->dc->negotiate_flags & ++ NETLOGON_NEG_SUPPORTS_AES) { ++ DEBUG(5, ("AES is not supported and the error was %s\n", ++ nt_errstr(status))); ++ tevent_req_nterror(req, ++ NT_STATUS_INVALID_NETWORK_RESPONSE); ++ return; ++ } ++ ++ /* This is probably NT */ ++ DEBUG(5, ("We are checking against an NT - %s\n", ++ nt_errstr(status))); ++ tevent_req_done(req); ++ return; ++ } else if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", ++ nt_errstr(status))); ++ tevent_req_nterror(req, status); ++ return; ++ } ++ ++ if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) { ++ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { ++ /* This means AES isn't supported. */ ++ DEBUG(5, ("AES is not supported and the error was %s\n", ++ nt_errstr(state->r.out.result))); ++ tevent_req_nterror(req, ++ NT_STATUS_INVALID_NETWORK_RESPONSE); ++ return; ++ } ++ ++ /* This is probably an old Samba version */ ++ DEBUG(5, ("We are checking against an old Samba version - %s\n", ++ nt_errstr(state->r.out.result))); ++ tevent_req_done(req); ++ return; ++ } ++ ++ /* We need to check the credential state here, cause win2k3 and earlier ++ * returns NT_STATUS_NOT_IMPLEMENTED */ ++ if (!netlogon_creds_client_check(state->creds, ++ &state->r.out.return_authenticator->cred)) { ++ /* ++ * Server replied with bad credential. Fail. ++ */ ++ DEBUG(0,("rpc_pipe_bind_step_two_done: server %s " ++ "replied with bad credential\n", ++ state->cli->desthost)); ++ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); ++ return; ++ } ++ ++ TALLOC_FREE(schannel_auth->creds); ++ schannel_auth->creds = talloc_steal(state->cli, state->creds); ++ ++ if (!NT_STATUS_IS_OK(state->r.out.result)) { ++ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", ++ nt_errstr(state->r.out.result))); ++ tevent_req_nterror(req, state->r.out.result); ++ return; ++ } ++ ++ if (state->creds->negotiate_flags != ++ state->r.out.capabilities->server_capabilities) { ++ DEBUG(0, ("The client capabilities don't match the server " ++ "capabilities: local[0x%08X] remote[0x%08X]\n", ++ state->creds->negotiate_flags, ++ state->capabilities.server_capabilities)); ++ tevent_req_nterror(req, ++ NT_STATUS_INVALID_NETWORK_RESPONSE); ++ return; ++ } ++ ++ /* TODO: Add downgrade dectection. */ ++ ++ tevent_req_done(req); ++ return; ++} ++ + static NTSTATUS rpc_bind_next_send(struct tevent_req *req, + struct rpc_pipe_bind_state *state, + DATA_BLOB *auth_token) +--- a/source3/librpc/rpc/dcerpc.h ++++ b/source3/librpc/rpc/dcerpc.h +@@ -39,6 +39,7 @@ struct NL_AUTH_MESSAGE; + struct pipe_auth_data { + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; ++ bool verified_bitmask1; + + void *auth_ctx; + +--- a/source3/rpc_client/rpc_client.h ++++ b/source3/rpc_client/rpc_client.h +@@ -39,6 +39,7 @@ struct rpc_pipe_client { + + struct ndr_syntax_id abstract_syntax; + struct ndr_syntax_id transfer_syntax; ++ bool verified_pcontext; + + char *desthost; + char *srv_name_slash; +--- /dev/null ++++ b/librpc/ndr/ndr_dcerpc.h +@@ -0,0 +1,25 @@ ++/* ++ Unix SMB/CIFS implementation. ++ ++ Manually parsed structures found in the DCERPC protocol ++ ++ Copyright (C) Stefan Metzmacher 2014 ++ Copyright (C) Gregor Beck 2014 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer( ++ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx, ++ struct dcerpc_sec_verification_trailer **_r); +--- /dev/null ++++ b/librpc/ABI/ndr-0.0.3.sigs +@@ -0,0 +1,251 @@ ++GUID_all_zero: bool (const struct GUID *) ++GUID_compare: int (const struct GUID *, const struct GUID *) ++GUID_equal: bool (const struct GUID *, const struct GUID *) ++GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) ++GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) ++GUID_from_string: NTSTATUS (const char *, struct GUID *) ++GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *) ++GUID_random: struct GUID (void) ++GUID_string: char *(TALLOC_CTX *, const struct GUID *) ++GUID_string2: char *(TALLOC_CTX *, const struct GUID *) ++GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *) ++GUID_zero: struct GUID (void) ++ndr_align_size: size_t (uint32_t, size_t) ++ndr_charset_length: uint32_t (const void *, charset_t) ++ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) ++ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) ++ndr_check_padding: void (struct ndr_pull *, size_t) ++ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t) ++ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t) ++ndr_get_array_length: uint32_t (struct ndr_pull *, const void *) ++ndr_get_array_size: uint32_t (struct ndr_pull *, const void *) ++ndr_map_error2errno: int (enum ndr_err_code) ++ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code) ++ndr_map_error2string: const char *(enum ndr_err_code) ++ndr_policy_handle_empty: bool (const struct policy_handle *) ++ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *) ++ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB) ++ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *) ++ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *) ++ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS) ++ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME) ++ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR) ++ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t) ++ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t) ++ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t) ++ndr_print_bool: void (struct ndr_print *, const char *, const bool) ++ndr_print_debug: void (ndr_print_fn_t, const char *, void *) ++ndr_print_debug_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *) ++ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_dlong: void (struct ndr_print *, const char *, int64_t) ++ndr_print_double: void (struct ndr_print *, const char *, double) ++ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t) ++ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *) ++ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *) ++ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *) ++ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t) ++ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_int16: void (struct ndr_print *, const char *, int16_t) ++ndr_print_int32: void (struct ndr_print *, const char *, int32_t) ++ndr_print_int3264: void (struct ndr_print *, const char *, int32_t) ++ndr_print_int8: void (struct ndr_print *, const char *, int8_t) ++ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *) ++ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *) ++ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *) ++ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID) ++ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType) ++ndr_print_null: void (struct ndr_print *) ++ndr_print_pointer: void (struct ndr_print *, const char *, void *) ++ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *) ++ndr_print_printf_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_ptr: void (struct ndr_print *, const char *, const void *) ++ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t) ++ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *) ++ndr_print_string: void (struct ndr_print *, const char *, const char *) ++ndr_print_string_array: void (struct ndr_print *, const char *, const char **) ++ndr_print_string_helper: void (struct ndr_print *, const char *, ...) ++ndr_print_struct: void (struct ndr_print *, const char *, const char *) ++ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *) ++ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_time_t: void (struct ndr_print *, const char *, time_t) ++ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *) ++ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *) ++ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t) ++ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t) ++ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t) ++ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t) ++ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t) ++ndr_print_union: void (struct ndr_print *, const char *, int, const char *) ++ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *) ++ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *) ++ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *) ++ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type) ++ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *) ++ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *) ++ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *) ++ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *) ++ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) ++ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *) ++ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t) ++ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_append: enum ndr_err_code (struct ndr_pull *, DATA_BLOB *) ++ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t) ++ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t) ++ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) ++ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) ++ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *) ++ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *) ++ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) ++ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...) ++ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) ++ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *) ++ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *) ++ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *) ++ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *) ++ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *) ++ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *) ++ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *) ++ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *) ++ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *) ++ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *) ++ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **) ++ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *) ++ndr_pull_pop: enum ndr_err_code (struct ndr_pull *) ++ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) ++ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *) ++ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t) ++ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) ++ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *) ++ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **) ++ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***) ++ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) ++ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) ++ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t) ++ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t) ++ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *) ++ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *) ++ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *) ++ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) ++ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *) ++ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) ++ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) ++ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) ++ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t) ++ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) ++ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) ++ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *) ++ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *) ++ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB) ++ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *) ++ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *) ++ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS) ++ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME) ++ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR) ++ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t) ++ndr_push_blob: DATA_BLOB (struct ndr_push *) ++ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t) ++ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) ++ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t) ++ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double) ++ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) ++ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...) ++ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t) ++ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *) ++ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *) ++ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t) ++ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *) ++ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t) ++ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t) ++ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t) ++ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *) ++ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID) ++ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType) ++ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *) ++ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *) ++ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *) ++ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t) ++ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) ++ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) ++ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *) ++ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **) ++ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t) ++ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t) ++ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t) ++ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t) ++ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *) ++ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *) ++ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t) ++ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t) ++ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) ++ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t) ++ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) ++ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t) ++ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t) ++ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *) ++ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *) ++ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type) ++ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t) ++ndr_set_flags: void (uint32_t *, uint32_t) ++ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int) ++ndr_size_GUID: size_t (const struct GUID *, int) ++ndr_size_string: uint32_t (int, const char * const *, int) ++ndr_size_string_array: size_t (const char **, uint32_t, int) ++ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t) ++ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t) ++ndr_string_array_size: size_t (struct ndr_push *, const char *) ++ndr_string_length: uint32_t (const void *, uint32_t) ++ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *) ++ndr_syntax_id_from_string: bool (const char *, struct ndr_syntax_id *) ++ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0 ++ndr_syntax_id_to_string: char *(TALLOC_CTX *, const struct ndr_syntax_id *) ++ndr_token_peek: uint32_t (struct ndr_token_list **, const void *) ++ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *) ++ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool) ++ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t) ++ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2 ++ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1 +--- a/librpc/ndr/ndr_misc.c ++++ b/librpc/ndr/ndr_misc.c +@@ -35,3 +35,50 @@ bool ndr_syntax_id_equal(const struct nd + return GUID_equal(&i1->uuid, &i2->uuid) + && (i1->if_version == i2->if_version); + } ++ ++_PUBLIC_ char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id) ++{ ++ return talloc_asprintf(mem_ctx, ++ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", ++ id->uuid.time_low, id->uuid.time_mid, ++ id->uuid.time_hi_and_version, ++ id->uuid.clock_seq[0], ++ id->uuid.clock_seq[1], ++ id->uuid.node[0], id->uuid.node[1], ++ id->uuid.node[2], id->uuid.node[3], ++ id->uuid.node[4], id->uuid.node[5], ++ (unsigned)id->if_version); ++} ++ ++_PUBLIC_ bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id) ++{ ++ int ret; ++ size_t i; ++ uint32_t time_low; ++ uint32_t time_mid, time_hi_and_version; ++ uint32_t clock_seq[2]; ++ uint32_t node[6]; ++ uint32_t if_version; ++ ++ ret = sscanf(s, ++ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", ++ &time_low, &time_mid, &time_hi_and_version, ++ &clock_seq[0], &clock_seq[1], ++ &node[0], &node[1], &node[2], &node[3], &node[4], &node[5], ++ &if_version); ++ if (ret != 12) { ++ return false; ++ } ++ ++ id->uuid.time_low = time_low; ++ id->uuid.time_mid = time_mid; ++ id->uuid.time_hi_and_version = time_hi_and_version; ++ id->uuid.clock_seq[0] = clock_seq[0]; ++ id->uuid.clock_seq[1] = clock_seq[1]; ++ for (i=0; i<6; i++) { ++ id->uuid.node[i] = node[i]; ++ } ++ id->if_version = if_version; ++ ++ return true; ++} +--- a/librpc/rpc/dcerpc_util.c ++++ b/librpc/rpc/dcerpc_util.c +@@ -27,6 +27,7 @@ + #include "librpc/rpc/dcerpc.h" + #include "librpc/gen_ndr/ndr_dcerpc.h" + #include "rpc_common.h" ++#include "lib/util/bitmap.h" + + /* we need to be able to get/set the fragment length without doing a full + decode */ +@@ -341,3 +342,194 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(s + tevent_req_received(req); + return NT_STATUS_OK; + } ++ ++struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt) ++{ ++ struct dcerpc_sec_vt_header2 ret; ++ ++ ZERO_STRUCT(ret); ++ ret.ptype = pkt->ptype; ++ memcpy(&ret.drep, pkt->drep, sizeof(ret.drep)); ++ ret.call_id = pkt->call_id; ++ ++ switch (pkt->ptype) { ++ case DCERPC_PKT_REQUEST: ++ ret.context_id = pkt->u.request.context_id; ++ ret.opnum = pkt->u.request.opnum; ++ break; ++ ++ case DCERPC_PKT_RESPONSE: ++ ret.context_id = pkt->u.response.context_id; ++ break; ++ ++ case DCERPC_PKT_FAULT: ++ ret.context_id = pkt->u.fault.context_id; ++ break; ++ ++ default: ++ break; ++ } ++ ++ return ret; ++} ++ ++bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, ++ const struct dcerpc_sec_vt_header2 *v2) ++{ ++ if (v1->ptype != v2->ptype) { ++ return false; ++ } ++ ++ if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) { ++ return false; ++ } ++ ++ if (v1->call_id != v2->call_id) { ++ return false; ++ } ++ ++ if (v1->context_id != v2->context_id) { ++ return false; ++ } ++ ++ if (v1->opnum != v2->opnum) { ++ return false; ++ } ++ ++ return true; ++} ++ ++static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r) ++{ ++ bool ret = false; ++ TALLOC_CTX *frame = talloc_stackframe(); ++ struct bitmap *commands_seen; ++ int i; ++ ++ if (r->count.count == 0) { ++ ret = true; ++ goto done; ++ } ++ ++ if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) { ++ goto done; ++ } ++ ++ commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1); ++ if (commands_seen == NULL) { ++ goto done; ++ } ++ ++ for (i=0; i < r->count.count; i++) { ++ enum dcerpc_sec_vt_command_enum cmd = ++ r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM; ++ ++ if (bitmap_query(commands_seen, cmd)) { ++ /* Each command must appear at most once. */ ++ goto done; ++ } ++ bitmap_set(commands_seen, cmd); ++ ++ switch (cmd) { ++ case DCERPC_SEC_VT_COMMAND_BITMASK1: ++ case DCERPC_SEC_VT_COMMAND_PCONTEXT: ++ case DCERPC_SEC_VT_COMMAND_HEADER2: ++ break; ++ default: ++ if ((r->commands[i].u._unknown.length % 4) != 0) { ++ goto done; ++ } ++ break; ++ } ++ } ++ ret = true; ++done: ++ TALLOC_FREE(frame); ++ return ret; ++} ++ ++#define CHECK(msg, ok) \ ++do { \ ++ if (!ok) { \ ++ DEBUG(10, ("SEC_VT check %s failed\n", msg)); \ ++ return false; \ ++ } \ ++} while(0) ++ ++#define CHECK_SYNTAX(msg, s1, s2) \ ++do { \ ++ if (!ndr_syntax_id_equal(&s1, &s2)) { \ ++ TALLOC_CTX *frame = talloc_stackframe(); \ ++ DEBUG(10, ("SEC_VT check %s failed: %s vs. %s\n", msg, \ ++ ndr_syntax_id_to_string(frame, &s1), \ ++ ndr_syntax_id_to_string(frame, &s1))); \ ++ TALLOC_FREE(frame); \ ++ return false; \ ++ } \ ++} while(0) ++ ++ ++bool dcerpc_sec_verification_trailer_check( ++ const struct dcerpc_sec_verification_trailer *vt, ++ const uint32_t *bitmask1, ++ const struct dcerpc_sec_vt_pcontext *pcontext, ++ const struct dcerpc_sec_vt_header2 *header2) ++{ ++ size_t i; ++ ++ if (!dcerpc_sec_vt_is_valid(vt)) { ++ return false; ++ } ++ ++ for (i=0; i < vt->count.count; i++) { ++ struct dcerpc_sec_vt *c = &vt->commands[i]; ++ ++ switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) { ++ case DCERPC_SEC_VT_COMMAND_BITMASK1: ++ if (bitmask1 == NULL) { ++ CHECK("Bitmask1 must_process_command", ++ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); ++ break; ++ } ++ ++ if (c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING) { ++ CHECK("Bitmask1 client_header_signing", ++ *bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING); ++ } ++ break; ++ ++ case DCERPC_SEC_VT_COMMAND_PCONTEXT: ++ if (pcontext == NULL) { ++ CHECK("Pcontext must_process_command", ++ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); ++ break; ++ } ++ ++ CHECK_SYNTAX("Pcontect abstract_syntax", ++ pcontext->abstract_syntax, ++ c->u.pcontext.abstract_syntax); ++ CHECK_SYNTAX("Pcontext transfer_syntax", ++ pcontext->transfer_syntax, ++ c->u.pcontext.transfer_syntax); ++ break; ++ ++ case DCERPC_SEC_VT_COMMAND_HEADER2: { ++ if (header2 == NULL) { ++ CHECK("Header2 must_process_command", ++ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); ++ break; ++ } ++ ++ CHECK("Header2", dcerpc_sec_vt_header2_equal(header2, &c->u.header2)); ++ break; ++ } ++ ++ default: ++ CHECK("Unknown must_process_command", ++ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); ++ break; ++ } ++ } ++ ++ return true; ++} +--- a/librpc/rpc/rpc_common.h ++++ b/librpc/rpc/rpc_common.h +@@ -296,4 +296,45 @@ NTSTATUS dcerpc_binding_handle_call(stru + TALLOC_CTX *r_mem, + void *r_ptr); + ++/** ++ * Extract header information from a ncacn_packet ++ * as a dcerpc_sec_vt_header2 as used by the security verification trailer. ++ * ++ * @param[in] pkt a packet ++ * ++ * @return a dcerpc_sec_vt_header2 ++ */ ++struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt); ++ ++ ++/** ++ * Test if two dcerpc_sec_vt_header2 structures are equal ++ * without consideration of reserved fields. ++ * ++ * @param v1 a pointer to a dcerpc_sec_vt_header2 structure ++ * @param v2 a pointer to a dcerpc_sec_vt_header2 structure ++ * ++ * @retval true if *v1 equals *v2 ++ */ ++bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, ++ const struct dcerpc_sec_vt_header2 *v2); ++ ++/** ++ * Check for consistency of the security verification trailer with the PDU header. ++ * See MS-RPCE 2.2.2.13. ++ * A check with an empty trailer succeeds. ++ * ++ * @param[in] vt a pointer to the security verification trailer. ++ * @param[in] bitmask1 which flags were negotiated on the connection. ++ * @param[in] pcontext the syntaxes negotiatied for the presentation context. ++ * @param[in] header2 some fields from the PDU header. ++ * ++ * @retval true on success. ++ */ ++bool dcerpc_sec_verification_trailer_check( ++ const struct dcerpc_sec_verification_trailer *vt, ++ const uint32_t *bitmask1, ++ const struct dcerpc_sec_vt_pcontext *pcontext, ++ const struct dcerpc_sec_vt_header2 *header2); ++ + #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */ +--- a/source4/torture/ndr/ndr.c ++++ b/source4/torture/ndr/ndr.c +@@ -29,40 +29,65 @@ struct ndr_pull_test_data { + DATA_BLOB data_context; + size_t struct_size; + ndr_pull_flags_fn_t pull_fn; ++ ndr_push_flags_fn_t push_fn; + int ndr_flags; ++ int flags; + }; + +-static bool wrap_ndr_pull_test(struct torture_context *tctx, +- struct torture_tcase *tcase, +- struct torture_test *test) ++static bool wrap_ndr_pullpush_test(struct torture_context *tctx, ++ struct torture_tcase *tcase, ++ struct torture_test *test) + { + bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn; + const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data; +- void *ds = talloc_zero_size(tctx, data->struct_size); + struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx); ++ void *ds = talloc_zero_size(ndr, data->struct_size); ++ bool ret; ++ uint32_t highest_ofs; ++ ++ ndr->flags |= data->flags; + + ndr->flags |= LIBNDR_FLAG_REF_ALLOC; + + torture_assert_ndr_success(tctx, data->pull_fn(ndr, data->ndr_flags, ds), + "pulling"); + +- torture_assert(tctx, ndr->offset == ndr->data_size, ++ if (ndr->offset > ndr->relative_highest_offset) { ++ highest_ofs = ndr->offset; ++ } else { ++ highest_ofs = ndr->relative_highest_offset; ++ } ++ ++ torture_assert(tctx, highest_ofs == ndr->data_size, + talloc_asprintf(tctx, +- "%d unread bytes", ndr->data_size - ndr->offset)); ++ "%d unread bytes", ndr->data_size - highest_ofs)); + +- if (check_fn != NULL) +- return check_fn(tctx, ds); +- else +- return true; ++ if (check_fn != NULL) { ++ ret = check_fn(tctx, ds); ++ } else { ++ ret = true; ++ } ++ ++ if (data->push_fn != NULL) { ++ DATA_BLOB outblob; ++ torture_assert_ndr_success(tctx, ndr_push_struct_blob(&outblob, ndr, ds, data->push_fn), "pushing"); ++ torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare"); ++ } ++ ++ talloc_free(ndr); ++ return ret; + } + +-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test( +- struct torture_suite *suite, +- const char *name, ndr_pull_flags_fn_t pull_fn, +- DATA_BLOB db, +- size_t struct_size, +- int ndr_flags, +- bool (*check_fn) (struct torture_context *ctx, void *data)) ++_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( ++ struct torture_suite *suite, ++ const char *name, ++ ndr_pull_flags_fn_t pull_fn, ++ ndr_push_flags_fn_t push_fn, ++ DATA_BLOB db, ++ size_t struct_size, ++ int ndr_flags, ++ int flags, ++ bool (*check_fn) (struct torture_context *ctx, void *data)) + { + struct torture_test *test; + struct torture_tcase *tcase; +@@ -74,12 +99,16 @@ _PUBLIC_ struct torture_test *_torture_s + + test->name = talloc_strdup(test, name); + test->description = NULL; +- test->run = wrap_ndr_pull_test; ++ test->run = wrap_ndr_pullpush_test; ++ + data = talloc(test, struct ndr_pull_test_data); + data->data = db; + data->ndr_flags = ndr_flags; ++ data->flags = flags; + data->struct_size = struct_size; + data->pull_fn = pull_fn; ++ data->push_fn = push_fn; ++ + test->data = data; + test->fn = check_fn; + test->dangerous = false; +@@ -89,6 +118,7 @@ _PUBLIC_ struct torture_test *_torture_s + return test; + } + ++ + static bool wrap_ndr_inout_pull_test(struct torture_context *tctx, + struct torture_tcase *tcase, + struct torture_test *test) +@@ -97,6 +127,7 @@ static bool wrap_ndr_inout_pull_test(str + const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data; + void *ds = talloc_zero_size(tctx, data->struct_size); + struct ndr_pull *ndr; ++ uint32_t highest_ofs; + + /* handle NDR_IN context */ + +@@ -109,8 +140,14 @@ static bool wrap_ndr_inout_pull_test(str + data->pull_fn(ndr, NDR_IN, ds), + "ndr pull of context failed"); + +- torture_assert(tctx, ndr->offset == ndr->data_size, +- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ highest_ofs = ndr->offset; ++ } else { ++ highest_ofs = ndr->relative_highest_offset; ++ } ++ ++ torture_assert(tctx, highest_ofs == ndr->data_size, ++ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); + + talloc_free(ndr); + +@@ -125,8 +162,14 @@ static bool wrap_ndr_inout_pull_test(str + data->pull_fn(ndr, NDR_OUT, ds), + "ndr pull failed"); + +- torture_assert(tctx, ndr->offset == ndr->data_size, +- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ highest_ofs = ndr->offset; ++ } else { ++ highest_ofs = ndr->relative_highest_offset; ++ } ++ ++ torture_assert(tctx, highest_ofs == ndr->data_size, ++ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); + + talloc_free(ndr); + +--- a/source4/torture/ndr/ndr.h ++++ b/source4/torture/ndr/ndr.h +@@ -24,12 +24,15 @@ + #include "librpc/ndr/libndr.h" + #include "libcli/security/security.h" + +-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test( ++_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( + struct torture_suite *suite, +- const char *name, ndr_pull_flags_fn_t fn, ++ const char *name, ++ ndr_pull_flags_fn_t pull_fn, ++ ndr_push_flags_fn_t push_fn, + DATA_BLOB db, + size_t struct_size, + int ndr_flags, ++ int flags, + bool (*check_fn) (struct torture_context *, void *data)); + + _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_inout_test( +@@ -41,20 +44,32 @@ _PUBLIC_ struct torture_test *_torture_s + bool (*check_fn) (struct torture_context *ctx, void *data)); + + #define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \ +- _torture_suite_add_ndr_pull_test(suite, #name, \ +- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \ +- sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, (bool (*) (struct torture_context *, void *)) check_fn); ++ _torture_suite_add_ndr_pullpush_test(suite, #name, \ ++ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ ++ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); + + #define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \ +- _torture_suite_add_ndr_pull_test(suite, #name "_" #flags, \ +- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \ +- sizeof(struct name), flags, (bool (*) (struct torture_context *, void *)) check_fn); ++ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \ ++ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ ++ sizeof(struct name), flags, 0, (bool (*) (struct torture_context *, void *)) check_fn); ++ ++#define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \ ++ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \ ++ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ ++ sizeof(struct name), flags, flags2, (bool (*) (struct torture_context *, void *)) check_fn); ++ ++#define torture_suite_add_ndr_pullpush_test(suite,name,data_blob,check_fn) \ ++ _torture_suite_add_ndr_pullpush_test(suite, #name, \ ++ (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ ++ (ndr_push_flags_fn_t)ndr_push_ ## name, \ ++ data_blob, \ ++ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); + + #define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \ + _torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \ + (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ +- data_blob_talloc(suite, data_in, sizeof(data_in)), \ +- data_blob_talloc(suite, data_out, sizeof(data_out)), \ ++ data_blob_const(data_in, sizeof(data_in)), \ ++ data_blob_const(data_out, sizeof(data_out)), \ + sizeof(struct name), \ + (bool (*) (struct torture_context *, void *)) check_fn_out); + +--- a/source4/torture/ndr/dfsblob.c ++++ b/source4/torture/ndr/dfsblob.c +@@ -74,11 +74,11 @@ struct torture_suite *ndr_dfsblob_suite( + { + struct torture_suite *suite = torture_suite_create(ctx, "dfsblob"); + +- torture_suite_add_ndr_pull_fn_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NDR_IN, NULL); ++ torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL); + +- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out2, NDR_BUFFERS|NDR_SCALARS, NULL); ++ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL); + +- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out, NDR_BUFFERS|NDR_SCALARS,dfs_referral_out_check); ++ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check); + + return suite; + } +--- a/source4/torture/ndr/nbt.c ++++ b/source4/torture/ndr/nbt.c +@@ -62,9 +62,9 @@ struct torture_suite *ndr_nbt_suite(TALL + { + struct torture_suite *suite = torture_suite_create(ctx, "nbt"); + +- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, NDR_IN, netlogon_logon_request_req_check); ++ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check); + +- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, NDR_IN, netlogon_logon_request_resp_check); ++ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check); + + return suite; + } +--- a/source4/torture/ndr/ntlmssp.c ++++ b/source4/torture/ndr/ntlmssp.c +@@ -111,9 +111,10 @@ struct torture_suite *ndr_ntlmssp_suite( + { + struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp"); + +- torture_suite_add_ndr_pull_fn_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, NDR_IN, ntlmssp_NEGOTIATE_MESSAGE_check); +- /* torture_suite_add_ndr_pull_fn_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, NDR_IN, ntlmssp_CHALLENGE_MESSAGE_check); +- torture_suite_add_ndr_pull_fn_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, NDR_IN, ntlmssp_AUTHENTICATE_MESSAGE_check); */ +- ++ torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check); ++#if 0 ++ torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check); ++ torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check); ++#endif + return suite; + } +--- a/source4/torture/ndr/drsblobs.c ++++ b/source4/torture/ndr/drsblobs.c +@@ -115,6 +115,34 @@ static const uint8_t trust_domain_passwo + 0x38, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00 + }; + ++/* these are taken from the trust objects of a w2k8r2 forest, with a ++ * trust relationship between the forest parent and a child domain ++ */ ++static const char *trustAuthIncoming = ++"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" ++"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" ++"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" ++"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" ++"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" ++"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" ++"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" ++"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" ++"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" ++"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; ++ ++static const char *trustAuthOutgoing = ++"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" ++"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" ++"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" ++"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" ++"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" ++"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" ++"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" ++"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" ++"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" ++"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; ++ ++ + static bool trust_domain_passwords_check_in(struct torture_context *tctx, + struct trustDomainPasswords *r) + { +@@ -154,8 +182,20 @@ struct torture_suite *ndr_drsblobs_suite + { + struct torture_suite *suite = torture_suite_create(ctx, "drsblobs"); + +- torture_suite_add_ndr_pull_fn_test(suite, ForestTrustInfo, forest_trust_info_data_out, NDR_IN, forest_trust_info_check_out); +- torture_suite_add_ndr_pull_fn_test(suite, trustDomainPasswords, trust_domain_passwords_in, NDR_IN, trust_domain_passwords_check_in); ++ torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out); ++ torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in); ++ ++#if 0 ++ torture_suite_add_ndr_pullpush_test(suite, ++ trustAuthInOutBlob, ++ base64_decode_data_blob_talloc(suite, trustAuthIncoming), ++ NULL); ++ ++ torture_suite_add_ndr_pullpush_test(suite, ++ trustAuthInOutBlob, ++ base64_decode_data_blob_talloc(suite, trustAuthOutgoing), ++ NULL); ++#endif + + return suite; + } +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -1031,6 +1031,10 @@ out_free: + binding->transport = NCACN_NP; + } + ++ if (binding->flags & DCERPC_CONNECT) { ++ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; ++ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; ++ } + if (binding->flags & DCERPC_SIGN) { + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; +@@ -1044,12 +1048,6 @@ out_free: + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } + if (binding->flags & DCERPC_AUTH_NTLM) { +- /* If neither Integrity or Privacy are requested then +- * Use just Connect level */ +- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { +- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; +- } +- + if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } else { +@@ -1057,18 +1055,19 @@ out_free: + } + } + if (binding->flags & DCERPC_AUTH_KRB5) { +- /* If neither Integrity or Privacy are requested then +- * Use just Connect level */ +- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { +- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; +- } +- + if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; + } else { + pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; + } + } ++ if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) { ++ /* If neither Integrity or Privacy are requested then ++ * Use just Connect level */ ++ if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { ++ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; ++ } ++ } + + if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS | +--- /dev/null ++++ b/source3/script/tests/test_rpcclient.sh +@@ -0,0 +1,19 @@ ++#!/bin/sh ++ ++if [ $# -lt 1 ]; then ++cat < ++EOF ++exit 1; ++fi ++ ++KRB5CCNAME=$1 ++shift 1 ++export KRB5CCNAME ++ADDARGS="$*" ++ ++incdir=`dirname $0`/../../../testprogs/blackbox ++. $incdir/subunit.sh ++testit "rpcclient" $VALGRIND $BINDIR/rpcclient -c 'getusername' $ADDARGS || failed=`expr $failed + 1` ++ ++testok $0 $failed +--- a/source3/selftest/tests.py ++++ b/source3/selftest/tests.py +@@ -208,7 +208,7 @@ if sub.returncode == 0: + plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpcase -U$USERNAME%$PASSWORD') + + test = 'rpc.lsa.lookupsids' +- auth_options = ["", "ntlm", "spnego" ] ++ auth_options = ["", "ntlm", "spnego", "spnego,ntlm" ] + signseal_options = ["", ",connect", ",sign", ",seal"] + smb_options = ["", ",smb2"] + endianness_options = ["", ",bigendian"] +@@ -219,6 +219,9 @@ if sub.returncode == 0: + binding_string = "ncacn_np:$SERVER_IP[%s%s%s%s]" % (a, s, z, e) + options = binding_string + " -U$USERNAME%$PASSWORD" + plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) ++ plantestsuite("samba3.blackbox.rpcclient over ncacn_np with [%s%s%s%s] " % (a, s, z, e), "s3dc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient.sh"), ++ "none", options, configuration]) ++ + for e in endianness_options: + for a in auth_options: + for s in signseal_options: +--- a/source4/torture/rpc/rpc.c ++++ b/source4/torture/rpc/rpc.c +@@ -501,6 +501,7 @@ NTSTATUS torture_rpc_init(void) + torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite)); ++ torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite)); + torture_suite_add_suite(suite, torture_rpc_epmapper(suite)); +--- a/source4/torture/rpc/samr.c ++++ b/source4/torture/rpc/samr.c +@@ -7938,8 +7938,8 @@ static bool test_Connect(struct dcerpc_b + } + + +-static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, +- struct torture_context *tctx) ++static bool test_samr_ValidatePassword(struct torture_context *tctx, ++ struct dcerpc_pipe *p) + { + struct samr_ValidatePassword r; + union samr_ValidatePasswordReq req; +@@ -7951,6 +7951,10 @@ static bool test_samr_ValidatePassword(s + + torture_comment(tctx, "Testing samr_ValidatePassword\n"); + ++ if (p->conn->transport.transport != NCACN_IP_TCP) { ++ torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n"); ++ } ++ + ZERO_STRUCT(r); + r.in.level = NetValidatePasswordReset; + r.in.req = &req; +@@ -8074,8 +8078,6 @@ bool torture_rpc_samr_passwords(struct t + + ret &= test_samr_handle_Close(b, torture, &ctx->handle); + +- ret &= test_samr_ValidatePassword(p, torture); +- + return ret; + } + +@@ -8370,4 +8372,15 @@ struct torture_suite *torture_rpc_samr_p + return suite; + } + ++struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx) ++{ ++ struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate"); ++ struct torture_rpc_tcase *tcase; ++ ++ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr", ++ &ndr_table_samr); ++ torture_rpc_tcase_add_test(tcase, "validate", ++ test_samr_ValidatePassword); + ++ return suite; ++} +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -42,6 +42,7 @@ + #include "auth.h" + #include "ntdomain.h" + #include "rpc_server/srv_pipe.h" ++#include "../librpc/ndr/ndr_dcerpc.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_RPC_SRV +@@ -202,7 +203,7 @@ bool create_next_pdu(struct pipes_struct + * the pipe gets closed. JRA. + */ + if (p->fault_state) { +- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); ++ setup_fault_pdu(p, NT_STATUS(p->fault_state)); + return true; + } + +@@ -336,7 +337,7 @@ static bool check_bind_req(struct pipes_ + struct pipe_rpc_fns *context_fns; + + DEBUG(3,("check_bind_req for %s\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); ++ get_pipe_name_from_syntax(talloc_tos(), abstract))); + + /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ + if (rpc_srv_pipe_exists_by_id(abstract) && +@@ -358,6 +359,7 @@ static bool check_bind_req(struct pipes_ + context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract); + context_fns->cmds = rpc_srv_get_pipe_cmds(abstract); + context_fns->context_id = context_id; ++ context_fns->syntax = *abstract; + + /* add to the list of open contexts */ + +@@ -1541,7 +1543,42 @@ static PIPE_RPC_FNS* find_pipe_fns_by_co + } + + static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, +- const struct api_struct *api_rpc_cmds, int n_cmds); ++ const struct api_struct *api_rpc_cmds, int n_cmds, ++ const struct ndr_syntax_id *syntax); ++ ++static bool srv_pipe_check_verification_trailer(struct pipes_struct *p, ++ struct ncacn_packet *pkt, ++ struct pipe_rpc_fns *pipe_fns) ++{ ++ TALLOC_CTX *frame = talloc_stackframe(); ++ struct dcerpc_sec_verification_trailer *vt = NULL; ++ const uint32_t bitmask1 = 0; ++ const struct dcerpc_sec_vt_pcontext pcontext = { ++ .abstract_syntax = pipe_fns->syntax, ++ .transfer_syntax = ndr_transfer_syntax, ++ }; ++ const struct dcerpc_sec_vt_header2 header2 = ++ dcerpc_sec_vt_header2_from_ncacn_packet(pkt); ++ struct ndr_pull *ndr; ++ enum ndr_err_code ndr_err; ++ bool ret = false; ++ ++ ndr = ndr_pull_init_blob(&p->in_data.data, frame); ++ if (ndr == NULL) { ++ goto done; ++ } ++ ++ ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, frame, &vt); ++ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ++ goto done; ++ } ++ ++ ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1, ++ &pcontext, &header2); ++done: ++ TALLOC_FREE(frame); ++ return ret; ++} + + /**************************************************************************** + Find the correct RPC function to call for this request. +@@ -1552,46 +1589,53 @@ static bool api_rpcTNP(struct pipes_stru + static bool api_pipe_request(struct pipes_struct *p, + struct ncacn_packet *pkt) + { ++ TALLOC_CTX *frame = talloc_stackframe(); + bool ret = False; +- bool changed_user = False; + PIPE_RPC_FNS *pipe_fns; + +- if (p->pipe_bound && +- ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) || +- (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) || +- (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) { +- if(!become_authenticated_pipe_user(p->session_info)) { +- data_blob_free(&p->out_data.rdata); +- return False; +- } +- changed_user = True; ++ if (!p->pipe_bound) { ++ DEBUG(1, ("Pipe not bound!\n")); ++ data_blob_free(&p->out_data.rdata); ++ TALLOC_FREE(frame); ++ return false; + } + +- DEBUG(5, ("Requested \\PIPE\\%s\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); +- + /* get the set of RPC functions for this context */ + + pipe_fns = find_pipe_fns_by_context(p->contexts, + pkt->u.request.context_id); +- +- if ( pipe_fns ) { +- TALLOC_CTX *frame = talloc_stackframe(); +- ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds); ++ if (pipe_fns == NULL) { ++ DEBUG(0, ("No rpc function table associated with context " ++ "[%d]\n", ++ pkt->u.request.context_id)); ++ data_blob_free(&p->out_data.rdata); + TALLOC_FREE(frame); ++ return false; + } +- else { +- DEBUG(0, ("No rpc function table associated with context " +- "[%d] on pipe [%s]\n", +- pkt->u.request.context_id, +- get_pipe_name_from_syntax(talloc_tos(), +- &p->syntax))); ++ ++ DEBUG(5, ("Requested \\PIPE\\%s\n", ++ get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax))); ++ ++ if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { ++ DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); ++ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); ++ data_blob_free(&p->out_data.rdata); ++ TALLOC_FREE(frame); ++ return true; + } + +- if (changed_user) { +- unbecome_authenticated_pipe_user(); ++ if (!become_authenticated_pipe_user(p->session_info)) { ++ DEBUG(1, ("Failed to become pipe user!\n")); ++ data_blob_free(&p->out_data.rdata); ++ TALLOC_FREE(frame); ++ return false; + } + ++ ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds, ++ &pipe_fns->syntax); ++ unbecome_authenticated_pipe_user(); ++ ++ TALLOC_FREE(frame); + return ret; + } + +@@ -1600,20 +1644,21 @@ static bool api_pipe_request(struct pipe + ********************************************************************/ + + static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, +- const struct api_struct *api_rpc_cmds, int n_cmds) ++ const struct api_struct *api_rpc_cmds, int n_cmds, ++ const struct ndr_syntax_id *syntax) + { + int fn_num; + uint32_t offset1; + + /* interpret the command */ + DEBUG(4,("api_rpcTNP: %s op 0x%x - ", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax), ++ get_pipe_name_from_syntax(talloc_tos(), syntax), + pkt->u.request.opnum)); + + if (DEBUGLEVEL >= 50) { + fstring name; + slprintf(name, sizeof(name)-1, "in_%s", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)); ++ get_pipe_name_from_syntax(talloc_tos(), syntax)); + dump_pdu_region(name, pkt->u.request.opnum, + &p->in_data.data, 0, + p->in_data.data.length); +@@ -1646,37 +1691,30 @@ static bool api_rpcTNP(struct pipes_stru + /* do the actual command */ + if(!api_rpc_cmds[fn_num].fn(p)) { + DEBUG(0,("api_rpcTNP: %s: %s failed.\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax), ++ get_pipe_name_from_syntax(talloc_tos(), syntax), + api_rpc_cmds[fn_num].name)); + data_blob_free(&p->out_data.rdata); + return False; + } + +- if (p->bad_handle_fault_state) { +- DEBUG(4,("api_rpcTNP: bad handle fault return.\n")); +- p->bad_handle_fault_state = False; +- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH)); +- return True; +- } +- +- if (p->rng_fault_state) { +- DEBUG(4, ("api_rpcTNP: rng fault return\n")); +- p->rng_fault_state = False; +- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); +- return True; ++ if (p->fault_state) { ++ DEBUG(4,("api_rpcTNP: fault(%d) return.\n", p->fault_state)); ++ setup_fault_pdu(p, NT_STATUS(p->fault_state)); ++ p->fault_state = 0; ++ return true; + } + + if (DEBUGLEVEL >= 50) { + fstring name; + slprintf(name, sizeof(name)-1, "out_%s", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)); ++ get_pipe_name_from_syntax(talloc_tos(), syntax)); + dump_pdu_region(name, pkt->u.request.opnum, + &p->out_data.rdata, offset1, + p->out_data.rdata.length); + } + + DEBUG(5,("api_rpcTNP: called %s successfully\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); ++ get_pipe_name_from_syntax(talloc_tos(), syntax))); + + /* Check for buffer underflow in rpc parsing */ + if ((DEBUGLEVEL >= 10) && +@@ -1718,9 +1756,9 @@ void set_incoming_fault(struct pipes_str + data_blob_free(&p->in_data.data); + p->in_data.pdu_needed_len = 0; + p->in_data.pdu.length = 0; +- p->fault_state = True; +- DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); ++ p->fault_state = DCERPC_FAULT_CANT_PERFORM; ++ ++ DEBUG(10, ("Setting fault state\n")); + } + + static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth, +--- a/source3/include/ntdomain.h ++++ b/source3/include/ntdomain.h +@@ -87,6 +87,7 @@ typedef struct pipe_rpc_fns { + const struct api_struct *cmds; + int n_cmds; + uint32 context_id; ++ struct ndr_syntax_id syntax; + + } PIPE_RPC_FNS; + +@@ -134,22 +135,10 @@ struct pipes_struct { + bool pipe_bound; + + /* +- * Set to true when we should return fault PDU's for everything. +- */ +- +- bool fault_state; +- +- /* +- * Set to true when we should return fault PDU's for a bad handle. +- */ +- +- bool bad_handle_fault_state; +- +- /* +- * Set to true when the backend does not support a call. ++ * Set the DCERPC_FAULT to return. + */ + +- bool rng_fault_state; ++ int fault_state; + + /* + * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's +--- a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm ++++ b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm +@@ -183,7 +183,7 @@ sub ParseFunction($$) + ); + + pidl ""; +- pidl "if (p->rng_fault_state) {"; ++ pidl "if (p->fault_state) {"; + pidl "\ttalloc_free(r);"; + pidl "\t/* Return true here, srv_pipe_hnd.c will take care */"; + pidl "\treturn true;"; +--- a/source3/rpc_server/dfs/srv_dfs_nt.c ++++ b/source3/rpc_server/dfs/srv_dfs_nt.c +@@ -411,125 +411,125 @@ WERROR _dfs_GetInfo(struct pipes_struct + WERROR _dfs_SetInfo(struct pipes_struct *p, struct dfs_SetInfo *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_Rename(struct pipes_struct *p, struct dfs_Rename *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_Move(struct pipes_struct *p, struct dfs_Move *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_ManagerGetConfigInfo(struct pipes_struct *p, struct dfs_ManagerGetConfigInfo *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_ManagerSendSiteInfo(struct pipes_struct *p, struct dfs_ManagerSendSiteInfo *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_AddFtRoot(struct pipes_struct *p, struct dfs_AddFtRoot *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_RemoveFtRoot(struct pipes_struct *p, struct dfs_RemoveFtRoot *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_AddStdRoot(struct pipes_struct *p, struct dfs_AddStdRoot *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_RemoveStdRoot(struct pipes_struct *p, struct dfs_RemoveStdRoot *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_ManagerInitialize(struct pipes_struct *p, struct dfs_ManagerInitialize *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_AddStdRootForced(struct pipes_struct *p, struct dfs_AddStdRootForced *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_GetDcAddress(struct pipes_struct *p, struct dfs_GetDcAddress *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_SetDcAddress(struct pipes_struct *p, struct dfs_SetDcAddress *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_FlushFtTable(struct pipes_struct *p, struct dfs_FlushFtTable *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_Add2(struct pipes_struct *p, struct dfs_Add2 *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_Remove2(struct pipes_struct *p, struct dfs_Remove2 *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_EnumEx(struct pipes_struct *p, struct dfs_EnumEx *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _dfs_SetInfo2(struct pipes_struct *p, struct dfs_SetInfo2 *r) + { + /* FIXME: Implement your code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/dssetup/srv_dssetup_nt.c ++++ b/source3/rpc_server/dssetup/srv_dssetup_nt.c +@@ -130,7 +130,7 @@ WERROR _dssetup_DsRoleGetPrimaryDomainIn + WERROR _dssetup_DsRoleDnsNameToFlatName(struct pipes_struct *p, + struct dssetup_DsRoleDnsNameToFlatName *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -140,7 +140,7 @@ WERROR _dssetup_DsRoleDnsNameToFlatName( + WERROR _dssetup_DsRoleDcAsDc(struct pipes_struct *p, + struct dssetup_DsRoleDcAsDc *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -150,7 +150,7 @@ WERROR _dssetup_DsRoleDcAsDc(struct pipe + WERROR _dssetup_DsRoleDcAsReplica(struct pipes_struct *p, + struct dssetup_DsRoleDcAsReplica *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -160,7 +160,7 @@ WERROR _dssetup_DsRoleDcAsReplica(struct + WERROR _dssetup_DsRoleDemoteDc(struct pipes_struct *p, + struct dssetup_DsRoleDemoteDc *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -170,7 +170,7 @@ WERROR _dssetup_DsRoleDemoteDc(struct pi + WERROR _dssetup_DsRoleGetDcOperationProgress(struct pipes_struct *p, + struct dssetup_DsRoleGetDcOperationProgress *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -180,7 +180,7 @@ WERROR _dssetup_DsRoleGetDcOperationProg + WERROR _dssetup_DsRoleGetDcOperationResults(struct pipes_struct *p, + struct dssetup_DsRoleGetDcOperationResults *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -190,7 +190,7 @@ WERROR _dssetup_DsRoleGetDcOperationResu + WERROR _dssetup_DsRoleCancel(struct pipes_struct *p, + struct dssetup_DsRoleCancel *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -200,7 +200,7 @@ WERROR _dssetup_DsRoleCancel(struct pipe + WERROR _dssetup_DsRoleServerSaveStateForUpgrade(struct pipes_struct *p, + struct dssetup_DsRoleServerSaveStateForUpgrade *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -210,7 +210,7 @@ WERROR _dssetup_DsRoleServerSaveStateFor + WERROR _dssetup_DsRoleUpgradeDownlevelServer(struct pipes_struct *p, + struct dssetup_DsRoleUpgradeDownlevelServer *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -220,6 +220,6 @@ WERROR _dssetup_DsRoleUpgradeDownlevelSe + WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(struct pipes_struct *p, + struct dssetup_DsRoleAbortDownlevelServerUpgrade *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/echo/srv_echo_nt.c ++++ b/source3/rpc_server/echo/srv_echo_nt.c +@@ -87,13 +87,13 @@ void _echo_SourceData(struct pipes_struc + + void _echo_TestCall(struct pipes_struct *p, struct echo_TestCall *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return; + } + + NTSTATUS _echo_TestCall2(struct pipes_struct *p, struct echo_TestCall2 *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_OK; + } + +@@ -105,18 +105,18 @@ uint32 _echo_TestSleep(struct pipes_stru + + void _echo_TestEnum(struct pipes_struct *p, struct echo_TestEnum *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return; + } + + void _echo_TestSurrounding(struct pipes_struct *p, struct echo_TestSurrounding *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return; + } + + uint16 _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return 0; + } +--- a/source3/rpc_server/epmapper/srv_epmapper.c ++++ b/source3/rpc_server/epmapper/srv_epmapper.c +@@ -297,6 +297,7 @@ error_status_t _epm_Insert(struct pipes_ + /* If this is not a priviledged users, return */ + if (p->transport != NCALRPC || + !is_priviledged_pipe(p->session_info)) { ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return EPMAPPER_STATUS_CANT_PERFORM_OP; + } + +@@ -433,6 +434,7 @@ error_status_t _epm_Delete(struct pipes_ + /* If this is not a priviledged users, return */ + if (p->transport != NCALRPC || + !is_priviledged_pipe(p->session_info)) { ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return EPMAPPER_STATUS_CANT_PERFORM_OP; + } + +@@ -1096,7 +1098,7 @@ error_status_t _epm_LookupHandleFree(str + error_status_t _epm_InqObject(struct pipes_struct *p, + struct epm_InqObject *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return EPMAPPER_STATUS_CANT_PERFORM_OP; + } + +@@ -1110,7 +1112,7 @@ error_status_t _epm_InqObject(struct pip + error_status_t _epm_MgmtDelete(struct pipes_struct *p, + struct epm_MgmtDelete *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return EPMAPPER_STATUS_CANT_PERFORM_OP; + } + +@@ -1121,7 +1123,7 @@ error_status_t _epm_MgmtDelete(struct pi + error_status_t _epm_MapAuth(struct pipes_struct *p, + struct epm_MapAuth *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return EPMAPPER_STATUS_CANT_PERFORM_OP; + } + +--- a/source3/rpc_server/eventlog/srv_eventlog_nt.c ++++ b/source3/rpc_server/eventlog/srv_eventlog_nt.c +@@ -695,7 +695,7 @@ NTSTATUS _eventlog_GetNumRecords(struct + + NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -838,104 +838,104 @@ NTSTATUS _eventlog_ReportEventW(struct p + NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p, + struct eventlog_DeregisterEventSource *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p, + struct eventlog_ChangeNotify *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p, + struct eventlog_RegisterEventSourceW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p, + struct eventlog_OpenBackupEventLogW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p, + struct eventlog_ClearEventLogA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p, + struct eventlog_BackupEventLogA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p, + struct eventlog_OpenEventLogA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p, + struct eventlog_RegisterEventSourceA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p, + struct eventlog_OpenBackupEventLogA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p, + struct eventlog_ReadEventLogA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p, + struct eventlog_ReportEventA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p, + struct eventlog_RegisterClusterSvc *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p, + struct eventlog_DeregisterClusterSvc *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p, + struct eventlog_WriteClusterEvents *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p, + struct eventlog_ReportEventAndSourceW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } +--- a/source3/rpc_server/lsa/srv_lsa_nt.c ++++ b/source3/rpc_server/lsa/srv_lsa_nt.c +@@ -817,7 +817,7 @@ NTSTATUS _lsa_QueryInfoPolicy2(struct pi + struct lsa_QueryInfoPolicy r; + + if ((pdb_capabilities() & PDB_CAP_ADS) == 0) { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -3210,88 +3210,88 @@ NTSTATUS _lsa_Delete(struct pipes_struct + + NTSTATUS _lsa_SetSecObj(struct pipes_struct *p, struct lsa_SetSecObj *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_ChangePassword(struct pipes_struct *p, + struct lsa_ChangePassword *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetInfoPolicy(struct pipes_struct *p, struct lsa_SetInfoPolicy *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_ClearAuditLog(struct pipes_struct *p, struct lsa_ClearAuditLog *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_GetQuotasForAccount(struct pipes_struct *p, + struct lsa_GetQuotasForAccount *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetQuotasForAccount(struct pipes_struct *p, + struct lsa_SetQuotasForAccount *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p, + struct lsa_SetInformationTrustedDomain *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p, + struct lsa_SetTrustedDomainInfo *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p, + struct lsa_StorePrivateData *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p, + struct lsa_RetrievePrivateData *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetInfoPolicy2(struct pipes_struct *p, + struct lsa_SetInfoPolicy2 *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p, + struct lsa_SetTrustedDomainInfoByName *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -3310,7 +3310,7 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc + * _lsa_EnumTrustedDomains() afterwards - gd */ + + if (!(pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX)) { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -3379,107 +3379,107 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc + NTSTATUS _lsa_QueryDomainInformationPolicy(struct pipes_struct *p, + struct lsa_QueryDomainInformationPolicy *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_SetDomainInformationPolicy(struct pipes_struct *p, + struct lsa_SetDomainInformationPolicy *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_TestCall(struct pipes_struct *p, struct lsa_TestCall *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRWRITE(struct pipes_struct *p, struct lsa_CREDRWRITE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRREAD(struct pipes_struct *p, struct lsa_CREDRREAD *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRENUMERATE(struct pipes_struct *p, struct lsa_CREDRENUMERATE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(struct pipes_struct *p, + struct lsa_CREDRWRITEDOMAINCREDENTIALS *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(struct pipes_struct *p, + struct lsa_CREDRREADDOMAINCREDENTIALS *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRDELETE(struct pipes_struct *p, struct lsa_CREDRDELETE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRGETTARGETINFO(struct pipes_struct *p, + struct lsa_CREDRGETTARGETINFO *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRPROFILELOADED(struct pipes_struct *p, + struct lsa_CREDRPROFILELOADED *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_CREDRGETSESSIONTYPES(struct pipes_struct *p, + struct lsa_CREDRGETSESSIONTYPES *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARREGISTERAUDITEVENT(struct pipes_struct *p, + struct lsa_LSARREGISTERAUDITEVENT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARGENAUDITEVENT(struct pipes_struct *p, + struct lsa_LSARGENAUDITEVENT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(struct pipes_struct *p, + struct lsa_LSARUNREGISTERAUDITEVENT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_lsaRQueryForestTrustInformation(struct pipes_struct *p, + struct lsa_lsaRQueryForestTrustInformation *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -3992,34 +3992,34 @@ NTSTATUS _lsa_lsaRSetForestTrustInformat + NTSTATUS _lsa_CREDRRENAME(struct pipes_struct *p, + struct lsa_CREDRRENAME *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSAROPENPOLICYSCE(struct pipes_struct *p, + struct lsa_LSAROPENPOLICYSCE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p, + struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p, + struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + + NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(struct pipes_struct *p, + struct lsa_LSARADTREPORTSECURITYEVENT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } +--- a/source3/rpc_server/netlogon/srv_netlog_nt.c ++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c +@@ -1787,7 +1787,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pi + WERROR _netr_LogonUasLogon(struct pipes_struct *p, + struct netr_LogonUasLogon *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1797,7 +1797,7 @@ WERROR _netr_LogonUasLogon(struct pipes_ + WERROR _netr_LogonUasLogoff(struct pipes_struct *p, + struct netr_LogonUasLogoff *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1807,7 +1807,7 @@ WERROR _netr_LogonUasLogoff(struct pipes + NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p, + struct netr_DatabaseDeltas *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1817,7 +1817,7 @@ NTSTATUS _netr_DatabaseDeltas(struct pip + NTSTATUS _netr_DatabaseSync(struct pipes_struct *p, + struct netr_DatabaseSync *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1827,7 +1827,7 @@ NTSTATUS _netr_DatabaseSync(struct pipes + NTSTATUS _netr_AccountDeltas(struct pipes_struct *p, + struct netr_AccountDeltas *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1837,7 +1837,7 @@ NTSTATUS _netr_AccountDeltas(struct pipe + NTSTATUS _netr_AccountSync(struct pipes_struct *p, + struct netr_AccountSync *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1978,7 +1978,7 @@ WERROR _netr_GetAnyDCName(struct pipes_s + NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p, + struct netr_DatabaseSync2 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1988,7 +1988,7 @@ NTSTATUS _netr_DatabaseSync2(struct pipe + NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p, + struct netr_DatabaseRedo *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -1998,7 +1998,7 @@ NTSTATUS _netr_DatabaseRedo(struct pipes + WERROR _netr_DsRGetDCName(struct pipes_struct *p, + struct netr_DsRGetDCName *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2017,7 +2017,7 @@ NTSTATUS _netr_LogonGetCapabilities(stru + WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p, + struct netr_NETRLOGONSETSERVICEBITS *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2027,7 +2027,7 @@ WERROR _netr_NETRLOGONSETSERVICEBITS(str + WERROR _netr_LogonGetTrustRid(struct pipes_struct *p, + struct netr_LogonGetTrustRid *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2037,7 +2037,7 @@ WERROR _netr_LogonGetTrustRid(struct pip + WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p, + struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2047,7 +2047,7 @@ WERROR _netr_NETRLOGONCOMPUTESERVERDIGES + WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p, + struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2057,7 +2057,7 @@ WERROR _netr_NETRLOGONCOMPUTECLIENTDIGES + WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p, + struct netr_DsRGetDCNameEx *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2067,7 +2067,7 @@ WERROR _netr_DsRGetDCNameEx(struct pipes + WERROR _netr_DsRGetSiteName(struct pipes_struct *p, + struct netr_DsRGetSiteName *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2077,7 +2077,7 @@ WERROR _netr_DsRGetSiteName(struct pipes + NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p, + struct netr_LogonGetDomainInfo *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -2087,7 +2087,7 @@ NTSTATUS _netr_LogonGetDomainInfo(struct + WERROR _netr_ServerPasswordGet(struct pipes_struct *p, + struct netr_ServerPasswordGet *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2097,7 +2097,7 @@ WERROR _netr_ServerPasswordGet(struct pi + WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p, + struct netr_NETRLOGONSENDTOSAM *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2107,7 +2107,7 @@ WERROR _netr_NETRLOGONSENDTOSAM(struct p + WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p, + struct netr_DsRAddressToSitenamesW *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2117,7 +2117,7 @@ WERROR _netr_DsRAddressToSitenamesW(stru + WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p, + struct netr_DsRGetDCNameEx2 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2127,7 +2127,7 @@ WERROR _netr_DsRGetDCNameEx2(struct pipe + WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p, + struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2137,7 +2137,7 @@ WERROR _netr_NETRLOGONGETTIMESERVICEPARE + WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p, + struct netr_NetrEnumerateTrustedDomainsEx *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2147,7 +2147,7 @@ WERROR _netr_NetrEnumerateTrustedDomains + WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p, + struct netr_DsRAddressToSitenamesExW *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2157,7 +2157,7 @@ WERROR _netr_DsRAddressToSitenamesExW(st + WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p, + struct netr_DsrGetDcSiteCoverageW *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2167,7 +2167,7 @@ WERROR _netr_DsrGetDcSiteCoverageW(struc + WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p, + struct netr_DsrEnumerateDomainTrusts *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2177,7 +2177,7 @@ WERROR _netr_DsrEnumerateDomainTrusts(st + WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p, + struct netr_DsrDeregisterDNSHostRecords *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2187,7 +2187,7 @@ WERROR _netr_DsrDeregisterDNSHostRecords + NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p, + struct netr_ServerTrustPasswordsGet *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -2197,7 +2197,7 @@ NTSTATUS _netr_ServerTrustPasswordsGet(s + WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p, + struct netr_DsRGetForestTrustInformation *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -2476,7 +2476,7 @@ NTSTATUS _netr_ServerGetTrustInfo(struct + NTSTATUS _netr_Unused47(struct pipes_struct *p, + struct netr_Unused47 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -2486,6 +2486,6 @@ NTSTATUS _netr_Unused47(struct pipes_str + NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p, + struct netr_DsrUpdateReadOnlyServerDnsRecords *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } +--- a/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c ++++ b/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c +@@ -227,7 +227,7 @@ WERROR _PNP_HwProfFlags(struct pipes_str + WERROR _PNP_Disconnect(struct pipes_struct *p, + struct PNP_Disconnect *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -237,7 +237,7 @@ WERROR _PNP_Disconnect(struct pipes_stru + WERROR _PNP_Connect(struct pipes_struct *p, + struct PNP_Connect *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -247,7 +247,7 @@ WERROR _PNP_Connect(struct pipes_struct + WERROR _PNP_GetGlobalState(struct pipes_struct *p, + struct PNP_GetGlobalState *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -257,7 +257,7 @@ WERROR _PNP_GetGlobalState(struct pipes_ + WERROR _PNP_InitDetection(struct pipes_struct *p, + struct PNP_InitDetection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -267,7 +267,7 @@ WERROR _PNP_InitDetection(struct pipes_s + WERROR _PNP_ReportLogOn(struct pipes_struct *p, + struct PNP_ReportLogOn *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -277,7 +277,7 @@ WERROR _PNP_ReportLogOn(struct pipes_str + WERROR _PNP_GetRootDeviceInstance(struct pipes_struct *p, + struct PNP_GetRootDeviceInstance *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -287,7 +287,7 @@ WERROR _PNP_GetRootDeviceInstance(struct + WERROR _PNP_GetRelatedDeviceInstance(struct pipes_struct *p, + struct PNP_GetRelatedDeviceInstance *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -297,7 +297,7 @@ WERROR _PNP_GetRelatedDeviceInstance(str + WERROR _PNP_EnumerateSubKeys(struct pipes_struct *p, + struct PNP_EnumerateSubKeys *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -307,7 +307,7 @@ WERROR _PNP_EnumerateSubKeys(struct pipe + WERROR _PNP_GetDepth(struct pipes_struct *p, + struct PNP_GetDepth *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -317,7 +317,7 @@ WERROR _PNP_GetDepth(struct pipes_struct + WERROR _PNP_SetDeviceRegProp(struct pipes_struct *p, + struct PNP_SetDeviceRegProp *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -327,7 +327,7 @@ WERROR _PNP_SetDeviceRegProp(struct pipe + WERROR _PNP_GetClassInstance(struct pipes_struct *p, + struct PNP_GetClassInstance *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -337,7 +337,7 @@ WERROR _PNP_GetClassInstance(struct pipe + WERROR _PNP_CreateKey(struct pipes_struct *p, + struct PNP_CreateKey *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -347,7 +347,7 @@ WERROR _PNP_CreateKey(struct pipes_struc + WERROR _PNP_DeleteRegistryKey(struct pipes_struct *p, + struct PNP_DeleteRegistryKey *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -357,7 +357,7 @@ WERROR _PNP_DeleteRegistryKey(struct pip + WERROR _PNP_GetClassCount(struct pipes_struct *p, + struct PNP_GetClassCount *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -367,7 +367,7 @@ WERROR _PNP_GetClassCount(struct pipes_s + WERROR _PNP_GetClassName(struct pipes_struct *p, + struct PNP_GetClassName *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -377,7 +377,7 @@ WERROR _PNP_GetClassName(struct pipes_st + WERROR _PNP_DeleteClassKey(struct pipes_struct *p, + struct PNP_DeleteClassKey *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -387,7 +387,7 @@ WERROR _PNP_DeleteClassKey(struct pipes_ + WERROR _PNP_GetInterfaceDeviceAlias(struct pipes_struct *p, + struct PNP_GetInterfaceDeviceAlias *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -397,7 +397,7 @@ WERROR _PNP_GetInterfaceDeviceAlias(stru + WERROR _PNP_GetInterfaceDeviceList(struct pipes_struct *p, + struct PNP_GetInterfaceDeviceList *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -407,7 +407,7 @@ WERROR _PNP_GetInterfaceDeviceList(struc + WERROR _PNP_GetInterfaceDeviceListSize(struct pipes_struct *p, + struct PNP_GetInterfaceDeviceListSize *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -417,7 +417,7 @@ WERROR _PNP_GetInterfaceDeviceListSize(s + WERROR _PNP_RegisterDeviceClassAssociation(struct pipes_struct *p, + struct PNP_RegisterDeviceClassAssociation *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -427,7 +427,7 @@ WERROR _PNP_RegisterDeviceClassAssociati + WERROR _PNP_UnregisterDeviceClassAssociation(struct pipes_struct *p, + struct PNP_UnregisterDeviceClassAssociation *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -437,7 +437,7 @@ WERROR _PNP_UnregisterDeviceClassAssocia + WERROR _PNP_GetClassRegProp(struct pipes_struct *p, + struct PNP_GetClassRegProp *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -447,7 +447,7 @@ WERROR _PNP_GetClassRegProp(struct pipes + WERROR _PNP_SetClassRegProp(struct pipes_struct *p, + struct PNP_SetClassRegProp *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -457,7 +457,7 @@ WERROR _PNP_SetClassRegProp(struct pipes + WERROR _PNP_CreateDevInst(struct pipes_struct *p, + struct PNP_CreateDevInst *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -467,7 +467,7 @@ WERROR _PNP_CreateDevInst(struct pipes_s + WERROR _PNP_DeviceInstanceAction(struct pipes_struct *p, + struct PNP_DeviceInstanceAction *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -477,7 +477,7 @@ WERROR _PNP_DeviceInstanceAction(struct + WERROR _PNP_GetDeviceStatus(struct pipes_struct *p, + struct PNP_GetDeviceStatus *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -487,7 +487,7 @@ WERROR _PNP_GetDeviceStatus(struct pipes + WERROR _PNP_SetDeviceProblem(struct pipes_struct *p, + struct PNP_SetDeviceProblem *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -497,7 +497,7 @@ WERROR _PNP_SetDeviceProblem(struct pipe + WERROR _PNP_DisableDevInst(struct pipes_struct *p, + struct PNP_DisableDevInst *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -507,7 +507,7 @@ WERROR _PNP_DisableDevInst(struct pipes_ + WERROR _PNP_UninstallDevInst(struct pipes_struct *p, + struct PNP_UninstallDevInst *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -517,7 +517,7 @@ WERROR _PNP_UninstallDevInst(struct pipe + WERROR _PNP_AddID(struct pipes_struct *p, + struct PNP_AddID *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -527,7 +527,7 @@ WERROR _PNP_AddID(struct pipes_struct *p + WERROR _PNP_RegisterDriver(struct pipes_struct *p, + struct PNP_RegisterDriver *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -537,7 +537,7 @@ WERROR _PNP_RegisterDriver(struct pipes_ + WERROR _PNP_QueryRemove(struct pipes_struct *p, + struct PNP_QueryRemove *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -547,7 +547,7 @@ WERROR _PNP_QueryRemove(struct pipes_str + WERROR _PNP_RequestDeviceEject(struct pipes_struct *p, + struct PNP_RequestDeviceEject *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -557,7 +557,7 @@ WERROR _PNP_RequestDeviceEject(struct pi + WERROR _PNP_IsDockStationPresent(struct pipes_struct *p, + struct PNP_IsDockStationPresent *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -567,7 +567,7 @@ WERROR _PNP_IsDockStationPresent(struct + WERROR _PNP_RequestEjectPC(struct pipes_struct *p, + struct PNP_RequestEjectPC *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -577,7 +577,7 @@ WERROR _PNP_RequestEjectPC(struct pipes_ + WERROR _PNP_AddEmptyLogConf(struct pipes_struct *p, + struct PNP_AddEmptyLogConf *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -587,7 +587,7 @@ WERROR _PNP_AddEmptyLogConf(struct pipes + WERROR _PNP_FreeLogConf(struct pipes_struct *p, + struct PNP_FreeLogConf *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -597,7 +597,7 @@ WERROR _PNP_FreeLogConf(struct pipes_str + WERROR _PNP_GetFirstLogConf(struct pipes_struct *p, + struct PNP_GetFirstLogConf *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -607,7 +607,7 @@ WERROR _PNP_GetFirstLogConf(struct pipes + WERROR _PNP_GetNextLogConf(struct pipes_struct *p, + struct PNP_GetNextLogConf *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -617,7 +617,7 @@ WERROR _PNP_GetNextLogConf(struct pipes_ + WERROR _PNP_GetLogConfPriority(struct pipes_struct *p, + struct PNP_GetLogConfPriority *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -627,7 +627,7 @@ WERROR _PNP_GetLogConfPriority(struct pi + WERROR _PNP_AddResDes(struct pipes_struct *p, + struct PNP_AddResDes *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -637,7 +637,7 @@ WERROR _PNP_AddResDes(struct pipes_struc + WERROR _PNP_FreeResDes(struct pipes_struct *p, + struct PNP_FreeResDes *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -647,7 +647,7 @@ WERROR _PNP_FreeResDes(struct pipes_stru + WERROR _PNP_GetNextResDes(struct pipes_struct *p, + struct PNP_GetNextResDes *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -657,7 +657,7 @@ WERROR _PNP_GetNextResDes(struct pipes_s + WERROR _PNP_GetResDesData(struct pipes_struct *p, + struct PNP_GetResDesData *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -667,7 +667,7 @@ WERROR _PNP_GetResDesData(struct pipes_s + WERROR _PNP_GetResDesDataSize(struct pipes_struct *p, + struct PNP_GetResDesDataSize *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -677,7 +677,7 @@ WERROR _PNP_GetResDesDataSize(struct pip + WERROR _PNP_ModifyResDes(struct pipes_struct *p, + struct PNP_ModifyResDes *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -687,7 +687,7 @@ WERROR _PNP_ModifyResDes(struct pipes_st + WERROR _PNP_DetectResourceLimit(struct pipes_struct *p, + struct PNP_DetectResourceLimit *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -697,7 +697,7 @@ WERROR _PNP_DetectResourceLimit(struct p + WERROR _PNP_QueryResConfList(struct pipes_struct *p, + struct PNP_QueryResConfList *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -707,7 +707,7 @@ WERROR _PNP_QueryResConfList(struct pipe + WERROR _PNP_SetHwProf(struct pipes_struct *p, + struct PNP_SetHwProf *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -717,7 +717,7 @@ WERROR _PNP_SetHwProf(struct pipes_struc + WERROR _PNP_QueryArbitratorFreeData(struct pipes_struct *p, + struct PNP_QueryArbitratorFreeData *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -727,7 +727,7 @@ WERROR _PNP_QueryArbitratorFreeData(stru + WERROR _PNP_QueryArbitratorFreeSize(struct pipes_struct *p, + struct PNP_QueryArbitratorFreeSize *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -737,7 +737,7 @@ WERROR _PNP_QueryArbitratorFreeSize(stru + WERROR _PNP_RunDetection(struct pipes_struct *p, + struct PNP_RunDetection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -747,7 +747,7 @@ WERROR _PNP_RunDetection(struct pipes_st + WERROR _PNP_RegisterNotification(struct pipes_struct *p, + struct PNP_RegisterNotification *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -757,7 +757,7 @@ WERROR _PNP_RegisterNotification(struct + WERROR _PNP_UnregisterNotification(struct pipes_struct *p, + struct PNP_UnregisterNotification *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -767,7 +767,7 @@ WERROR _PNP_UnregisterNotification(struc + WERROR _PNP_GetCustomDevProp(struct pipes_struct *p, + struct PNP_GetCustomDevProp *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -777,7 +777,7 @@ WERROR _PNP_GetCustomDevProp(struct pipe + WERROR _PNP_GetVersionInternal(struct pipes_struct *p, + struct PNP_GetVersionInternal *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -787,7 +787,7 @@ WERROR _PNP_GetVersionInternal(struct pi + WERROR _PNP_GetBlockedDriverInfo(struct pipes_struct *p, + struct PNP_GetBlockedDriverInfo *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -797,6 +797,6 @@ WERROR _PNP_GetBlockedDriverInfo(struct + WERROR _PNP_GetServerSideDeviceInstallFlags(struct pipes_struct *p, + struct PNP_GetServerSideDeviceInstallFlags *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/rpc_handles.c ++++ b/source3/rpc_server/rpc_handles.c +@@ -242,7 +242,7 @@ static struct dcesrv_handle *find_policy + DEBUG(4,("Policy not found: ")); + dump_data(4, (uint8_t *)hnd, sizeof(*hnd)); + +- p->bad_handle_fault_state = true; ++ p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH; + + return NULL; + } +--- a/source3/rpc_server/rpc_ncacn_np.c ++++ b/source3/rpc_server/rpc_ncacn_np.c +@@ -216,24 +216,13 @@ static NTSTATUS rpcint_dispatch(struct p + } + + if (p->fault_state) { +- p->fault_state = false; +- data_blob_free(&p->out_data.rdata); +- talloc_free_children(p->mem_ctx); +- return NT_STATUS_RPC_CALL_FAILED; +- } +- +- if (p->bad_handle_fault_state) { +- p->bad_handle_fault_state = false; +- data_blob_free(&p->out_data.rdata); +- talloc_free_children(p->mem_ctx); +- return NT_STATUS_RPC_SS_CONTEXT_MISMATCH; +- } ++ NTSTATUS status; + +- if (p->rng_fault_state) { +- p->rng_fault_state = false; ++ status = NT_STATUS(p->fault_state); ++ p->fault_state = 0; + data_blob_free(&p->out_data.rdata); + talloc_free_children(p->mem_ctx); +- return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE; ++ return status; + } + + *out_data = p->out_data.rdata; +--- a/source3/rpc_server/samr/srv_samr_nt.c ++++ b/source3/rpc_server/samr/srv_samr_nt.c +@@ -6682,7 +6682,7 @@ NTSTATUS _samr_ValidatePassword(struct p + NTSTATUS _samr_Shutdown(struct pipes_struct *p, + struct samr_Shutdown *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6692,7 +6692,7 @@ NTSTATUS _samr_Shutdown(struct pipes_str + NTSTATUS _samr_SetMemberAttributesOfGroup(struct pipes_struct *p, + struct samr_SetMemberAttributesOfGroup *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6702,6 +6702,7 @@ NTSTATUS _samr_SetMemberAttributesOfGrou + NTSTATUS _samr_TestPrivateFunctionsDomain(struct pipes_struct *p, + struct samr_TestPrivateFunctionsDomain *r) + { ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6711,6 +6712,7 @@ NTSTATUS _samr_TestPrivateFunctionsDomai + NTSTATUS _samr_TestPrivateFunctionsUser(struct pipes_struct *p, + struct samr_TestPrivateFunctionsUser *r) + { ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6720,7 +6722,7 @@ NTSTATUS _samr_TestPrivateFunctionsUser( + NTSTATUS _samr_AddMultipleMembersToAlias(struct pipes_struct *p, + struct samr_AddMultipleMembersToAlias *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6730,7 +6732,7 @@ NTSTATUS _samr_AddMultipleMembersToAlias + NTSTATUS _samr_RemoveMultipleMembersFromAlias(struct pipes_struct *p, + struct samr_RemoveMultipleMembersFromAlias *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6740,7 +6742,7 @@ NTSTATUS _samr_RemoveMultipleMembersFrom + NTSTATUS _samr_SetBootKeyInformation(struct pipes_struct *p, + struct samr_SetBootKeyInformation *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6750,7 +6752,7 @@ NTSTATUS _samr_SetBootKeyInformation(str + NTSTATUS _samr_GetBootKeyInformation(struct pipes_struct *p, + struct samr_GetBootKeyInformation *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } + +@@ -6760,6 +6762,6 @@ NTSTATUS _samr_GetBootKeyInformation(str + NTSTATUS _samr_SetDsrmPassword(struct pipes_struct *p, + struct samr_SetDsrmPassword *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return NT_STATUS_NOT_IMPLEMENTED; + } +--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c ++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c +@@ -10156,7 +10156,7 @@ WERROR _spoolss_AddPort(struct pipes_str + WERROR _spoolss_GetPrinterDriver(struct pipes_struct *p, + struct spoolss_GetPrinterDriver *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10167,7 +10167,7 @@ WERROR _spoolss_GetPrinterDriver(struct + WERROR _spoolss_ReadPrinter(struct pipes_struct *p, + struct spoolss_ReadPrinter *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10178,7 +10178,7 @@ WERROR _spoolss_ReadPrinter(struct pipes + WERROR _spoolss_WaitForPrinterChange(struct pipes_struct *p, + struct spoolss_WaitForPrinterChange *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10189,7 +10189,7 @@ WERROR _spoolss_WaitForPrinterChange(str + WERROR _spoolss_ConfigurePort(struct pipes_struct *p, + struct spoolss_ConfigurePort *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10200,7 +10200,7 @@ WERROR _spoolss_ConfigurePort(struct pip + WERROR _spoolss_DeletePort(struct pipes_struct *p, + struct spoolss_DeletePort *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10211,7 +10211,7 @@ WERROR _spoolss_DeletePort(struct pipes_ + WERROR _spoolss_CreatePrinterIC(struct pipes_struct *p, + struct spoolss_CreatePrinterIC *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10222,7 +10222,7 @@ WERROR _spoolss_CreatePrinterIC(struct p + WERROR _spoolss_PlayGDIScriptOnPrinterIC(struct pipes_struct *p, + struct spoolss_PlayGDIScriptOnPrinterIC *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10233,7 +10233,7 @@ WERROR _spoolss_PlayGDIScriptOnPrinterIC + WERROR _spoolss_DeletePrinterIC(struct pipes_struct *p, + struct spoolss_DeletePrinterIC *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10244,7 +10244,7 @@ WERROR _spoolss_DeletePrinterIC(struct p + WERROR _spoolss_AddPrinterConnection(struct pipes_struct *p, + struct spoolss_AddPrinterConnection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10255,7 +10255,7 @@ WERROR _spoolss_AddPrinterConnection(str + WERROR _spoolss_DeletePrinterConnection(struct pipes_struct *p, + struct spoolss_DeletePrinterConnection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10266,7 +10266,7 @@ WERROR _spoolss_DeletePrinterConnection( + WERROR _spoolss_PrinterMessageBox(struct pipes_struct *p, + struct spoolss_PrinterMessageBox *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10277,7 +10277,7 @@ WERROR _spoolss_PrinterMessageBox(struct + WERROR _spoolss_AddMonitor(struct pipes_struct *p, + struct spoolss_AddMonitor *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10288,7 +10288,7 @@ WERROR _spoolss_AddMonitor(struct pipes_ + WERROR _spoolss_DeleteMonitor(struct pipes_struct *p, + struct spoolss_DeleteMonitor *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10299,7 +10299,7 @@ WERROR _spoolss_DeleteMonitor(struct pip + WERROR _spoolss_DeletePrintProcessor(struct pipes_struct *p, + struct spoolss_DeletePrintProcessor *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10310,7 +10310,7 @@ WERROR _spoolss_DeletePrintProcessor(str + WERROR _spoolss_AddPrintProvidor(struct pipes_struct *p, + struct spoolss_AddPrintProvidor *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10321,7 +10321,7 @@ WERROR _spoolss_AddPrintProvidor(struct + WERROR _spoolss_DeletePrintProvidor(struct pipes_struct *p, + struct spoolss_DeletePrintProvidor *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10332,7 +10332,7 @@ WERROR _spoolss_DeletePrintProvidor(stru + WERROR _spoolss_FindFirstPrinterChangeNotification(struct pipes_struct *p, + struct spoolss_FindFirstPrinterChangeNotification *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10343,7 +10343,7 @@ WERROR _spoolss_FindFirstPrinterChangeNo + WERROR _spoolss_FindNextPrinterChangeNotification(struct pipes_struct *p, + struct spoolss_FindNextPrinterChangeNotification *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10354,7 +10354,7 @@ WERROR _spoolss_FindNextPrinterChangeNot + WERROR _spoolss_RouterFindFirstPrinterChangeNotificationOld(struct pipes_struct *p, + struct spoolss_RouterFindFirstPrinterChangeNotificationOld *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10365,7 +10365,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh + WERROR _spoolss_ReplyOpenPrinter(struct pipes_struct *p, + struct spoolss_ReplyOpenPrinter *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10376,7 +10376,7 @@ WERROR _spoolss_ReplyOpenPrinter(struct + WERROR _spoolss_RouterReplyPrinter(struct pipes_struct *p, + struct spoolss_RouterReplyPrinter *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10387,7 +10387,7 @@ WERROR _spoolss_RouterReplyPrinter(struc + WERROR _spoolss_ReplyClosePrinter(struct pipes_struct *p, + struct spoolss_ReplyClosePrinter *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10398,7 +10398,7 @@ WERROR _spoolss_ReplyClosePrinter(struct + WERROR _spoolss_AddPortEx(struct pipes_struct *p, + struct spoolss_AddPortEx *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10409,7 +10409,7 @@ WERROR _spoolss_AddPortEx(struct pipes_s + WERROR _spoolss_RouterFindFirstPrinterChangeNotification(struct pipes_struct *p, + struct spoolss_RouterFindFirstPrinterChangeNotification *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10420,7 +10420,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh + WERROR _spoolss_SpoolerInit(struct pipes_struct *p, + struct spoolss_SpoolerInit *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10431,7 +10431,7 @@ WERROR _spoolss_SpoolerInit(struct pipes + WERROR _spoolss_ResetPrinterEx(struct pipes_struct *p, + struct spoolss_ResetPrinterEx *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10442,7 +10442,7 @@ WERROR _spoolss_ResetPrinterEx(struct pi + WERROR _spoolss_RouterReplyPrinterEx(struct pipes_struct *p, + struct spoolss_RouterReplyPrinterEx *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10453,7 +10453,7 @@ WERROR _spoolss_RouterReplyPrinterEx(str + WERROR _spoolss_44(struct pipes_struct *p, + struct spoolss_44 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10464,7 +10464,7 @@ WERROR _spoolss_44(struct pipes_struct * + WERROR _spoolss_SetPort(struct pipes_struct *p, + struct spoolss_SetPort *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10475,7 +10475,7 @@ WERROR _spoolss_SetPort(struct pipes_str + WERROR _spoolss_4a(struct pipes_struct *p, + struct spoolss_4a *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10486,7 +10486,7 @@ WERROR _spoolss_4a(struct pipes_struct * + WERROR _spoolss_4b(struct pipes_struct *p, + struct spoolss_4b *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10497,7 +10497,7 @@ WERROR _spoolss_4b(struct pipes_struct * + WERROR _spoolss_4c(struct pipes_struct *p, + struct spoolss_4c *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10508,7 +10508,7 @@ WERROR _spoolss_4c(struct pipes_struct * + WERROR _spoolss_53(struct pipes_struct *p, + struct spoolss_53 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10519,7 +10519,7 @@ WERROR _spoolss_53(struct pipes_struct * + WERROR _spoolss_AddPerMachineConnection(struct pipes_struct *p, + struct spoolss_AddPerMachineConnection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10530,7 +10530,7 @@ WERROR _spoolss_AddPerMachineConnection( + WERROR _spoolss_DeletePerMachineConnection(struct pipes_struct *p, + struct spoolss_DeletePerMachineConnection *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10541,7 +10541,7 @@ WERROR _spoolss_DeletePerMachineConnecti + WERROR _spoolss_EnumPerMachineConnections(struct pipes_struct *p, + struct spoolss_EnumPerMachineConnections *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10552,7 +10552,7 @@ WERROR _spoolss_EnumPerMachineConnection + WERROR _spoolss_5a(struct pipes_struct *p, + struct spoolss_5a *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10563,7 +10563,7 @@ WERROR _spoolss_5a(struct pipes_struct * + WERROR _spoolss_5b(struct pipes_struct *p, + struct spoolss_5b *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10574,7 +10574,7 @@ WERROR _spoolss_5b(struct pipes_struct * + WERROR _spoolss_5c(struct pipes_struct *p, + struct spoolss_5c *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10585,7 +10585,7 @@ WERROR _spoolss_5c(struct pipes_struct * + WERROR _spoolss_5d(struct pipes_struct *p, + struct spoolss_5d *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10596,7 +10596,7 @@ WERROR _spoolss_5d(struct pipes_struct * + WERROR _spoolss_5e(struct pipes_struct *p, + struct spoolss_5e *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10607,7 +10607,7 @@ WERROR _spoolss_5e(struct pipes_struct * + WERROR _spoolss_5f(struct pipes_struct *p, + struct spoolss_5f *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10618,7 +10618,7 @@ WERROR _spoolss_5f(struct pipes_struct * + WERROR _spoolss_60(struct pipes_struct *p, + struct spoolss_60 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10629,7 +10629,7 @@ WERROR _spoolss_60(struct pipes_struct * + WERROR _spoolss_61(struct pipes_struct *p, + struct spoolss_61 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10640,7 +10640,7 @@ WERROR _spoolss_61(struct pipes_struct * + WERROR _spoolss_62(struct pipes_struct *p, + struct spoolss_62 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10651,7 +10651,7 @@ WERROR _spoolss_62(struct pipes_struct * + WERROR _spoolss_63(struct pipes_struct *p, + struct spoolss_63 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10662,7 +10662,7 @@ WERROR _spoolss_63(struct pipes_struct * + WERROR _spoolss_64(struct pipes_struct *p, + struct spoolss_64 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10673,7 +10673,7 @@ WERROR _spoolss_64(struct pipes_struct * + WERROR _spoolss_65(struct pipes_struct *p, + struct spoolss_65 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10684,7 +10684,7 @@ WERROR _spoolss_65(struct pipes_struct * + WERROR _spoolss_GetCorePrinterDrivers(struct pipes_struct *p, + struct spoolss_GetCorePrinterDrivers *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10695,7 +10695,7 @@ WERROR _spoolss_GetCorePrinterDrivers(st + WERROR _spoolss_67(struct pipes_struct *p, + struct spoolss_67 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10706,7 +10706,7 @@ WERROR _spoolss_67(struct pipes_struct * + WERROR _spoolss_GetPrinterDriverPackagePath(struct pipes_struct *p, + struct spoolss_GetPrinterDriverPackagePath *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10717,7 +10717,7 @@ WERROR _spoolss_GetPrinterDriverPackageP + WERROR _spoolss_69(struct pipes_struct *p, + struct spoolss_69 *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10728,7 +10728,7 @@ WERROR _spoolss_69(struct pipes_struct * + WERROR _spoolss_6a(struct pipes_struct *p, + struct spoolss_6a *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10739,7 +10739,7 @@ WERROR _spoolss_6a(struct pipes_struct * + WERROR _spoolss_6b(struct pipes_struct *p, + struct spoolss_6b *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10750,7 +10750,7 @@ WERROR _spoolss_6b(struct pipes_struct * + WERROR _spoolss_6c(struct pipes_struct *p, + struct spoolss_6c *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -10761,6 +10761,6 @@ WERROR _spoolss_6c(struct pipes_struct * + WERROR _spoolss_6d(struct pipes_struct *p, + struct spoolss_6d *r) + { +- p->rng_fault_state = true; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c ++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +@@ -2548,244 +2548,244 @@ WERROR _srvsvc_NetFileClose(struct pipes + WERROR _srvsvc_NetCharDevEnum(struct pipes_struct *p, + struct srvsvc_NetCharDevEnum *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevGetInfo(struct pipes_struct *p, + struct srvsvc_NetCharDevGetInfo *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevControl(struct pipes_struct *p, + struct srvsvc_NetCharDevControl *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevQEnum(struct pipes_struct *p, + struct srvsvc_NetCharDevQEnum *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevQGetInfo(struct pipes_struct *p, + struct srvsvc_NetCharDevQGetInfo *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevQSetInfo(struct pipes_struct *p, + struct srvsvc_NetCharDevQSetInfo *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevQPurge(struct pipes_struct *p, + struct srvsvc_NetCharDevQPurge *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetCharDevQPurgeSelf(struct pipes_struct *p, + struct srvsvc_NetCharDevQPurgeSelf *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetFileGetInfo(struct pipes_struct *p, + struct srvsvc_NetFileGetInfo *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetShareCheck(struct pipes_struct *p, + struct srvsvc_NetShareCheck *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetServerStatisticsGet(struct pipes_struct *p, + struct srvsvc_NetServerStatisticsGet *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetTransportAdd(struct pipes_struct *p, + struct srvsvc_NetTransportAdd *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetTransportEnum(struct pipes_struct *p, + struct srvsvc_NetTransportEnum *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetTransportDel(struct pipes_struct *p, + struct srvsvc_NetTransportDel *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetSetServiceBits(struct pipes_struct *p, + struct srvsvc_NetSetServiceBits *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetPathType(struct pipes_struct *p, + struct srvsvc_NetPathType *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetPathCanonicalize(struct pipes_struct *p, + struct srvsvc_NetPathCanonicalize *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetPathCompare(struct pipes_struct *p, + struct srvsvc_NetPathCompare *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRPRNAMECANONICALIZE(struct pipes_struct *p, + struct srvsvc_NETRPRNAMECANONICALIZE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetPRNameCompare(struct pipes_struct *p, + struct srvsvc_NetPRNameCompare *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetShareDelStart(struct pipes_struct *p, + struct srvsvc_NetShareDelStart *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetShareDelCommit(struct pipes_struct *p, + struct srvsvc_NetShareDelCommit *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetServerTransportAddEx(struct pipes_struct *p, + struct srvsvc_NetServerTransportAddEx *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NetServerSetServiceBitsEx(struct pipes_struct *p, + struct srvsvc_NetServerSetServiceBitsEx *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSGETVERSION(struct pipes_struct *p, + struct srvsvc_NETRDFSGETVERSION *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSCREATELOCALPARTITION(struct pipes_struct *p, + struct srvsvc_NETRDFSCREATELOCALPARTITION *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSDELETELOCALPARTITION(struct pipes_struct *p, + struct srvsvc_NETRDFSDELETELOCALPARTITION *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSSETLOCALVOLUMESTATE(struct pipes_struct *p, + struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSSETSERVERINFO(struct pipes_struct *p, + struct srvsvc_NETRDFSSETSERVERINFO *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSCREATEEXITPOINT(struct pipes_struct *p, + struct srvsvc_NETRDFSCREATEEXITPOINT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSDELETEEXITPOINT(struct pipes_struct *p, + struct srvsvc_NETRDFSDELETEEXITPOINT *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSMODIFYPREFIX(struct pipes_struct *p, + struct srvsvc_NETRDFSMODIFYPREFIX *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSFIXLOCALVOLUME(struct pipes_struct *p, + struct srvsvc_NETRDFSFIXLOCALVOLUME *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRDFSMANAGERREPORTSITEINFO(struct pipes_struct *p, + struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _srvsvc_NETRSERVERTRANSPORTDELEX(struct pipes_struct *p, + struct srvsvc_NETRSERVERTRANSPORTDELEX *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c ++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c +@@ -1004,195 +1004,195 @@ WERROR _svcctl_SetServiceObjectSecurity( + WERROR _svcctl_DeleteService(struct pipes_struct *p, + struct svcctl_DeleteService *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_SetServiceStatus(struct pipes_struct *p, + struct svcctl_SetServiceStatus *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p, + struct svcctl_NotifyBootConfigStatus *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p, + struct svcctl_SCSetServiceBitsW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p, + struct svcctl_ChangeServiceConfigW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_CreateServiceW(struct pipes_struct *p, + struct svcctl_CreateServiceW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p, + struct svcctl_QueryServiceLockStatusW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p, + struct svcctl_GetServiceKeyNameW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p, + struct svcctl_SCSetServiceBitsA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p, + struct svcctl_ChangeServiceConfigA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_CreateServiceA(struct pipes_struct *p, + struct svcctl_CreateServiceA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p, + struct svcctl_EnumDependentServicesA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p, + struct svcctl_EnumServicesStatusA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p, + struct svcctl_OpenSCManagerA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_OpenServiceA(struct pipes_struct *p, + struct svcctl_OpenServiceA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p, + struct svcctl_QueryServiceConfigA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p, + struct svcctl_QueryServiceLockStatusA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_StartServiceA(struct pipes_struct *p, + struct svcctl_StartServiceA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p, + struct svcctl_GetServiceDisplayNameA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p, + struct svcctl_GetServiceKeyNameA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p, + struct svcctl_GetCurrentGroupeStateW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p, + struct svcctl_EnumServiceGroupW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p, + struct svcctl_ChangeServiceConfig2A *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p, + struct svcctl_ChangeServiceConfig2W *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p, + struct svcctl_QueryServiceConfig2A *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _EnumServicesStatusExA(struct pipes_struct *p, + struct EnumServicesStatusExA *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _EnumServicesStatusExW(struct pipes_struct *p, + struct EnumServicesStatusExW *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + + WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p, + struct svcctl_SCSendTSMessage *r) + { +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/winreg/srv_winreg_nt.c ++++ b/source3/rpc_server/winreg/srv_winreg_nt.c +@@ -760,7 +760,7 @@ WERROR _winreg_SaveKeyEx(struct pipes_st + /* fill in your code here if you think this call should + do anything */ + +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -948,7 +948,7 @@ WERROR _winreg_UnLoadKey(struct pipes_st + /* fill in your code here if you think this call should + do anything */ + +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -962,7 +962,7 @@ WERROR _winreg_ReplaceKey(struct pipes_s + /* fill in your code here if you think this call should + do anything */ + +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -976,7 +976,7 @@ WERROR _winreg_LoadKey(struct pipes_stru + /* fill in your code here if you think this call should + do anything */ + +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1139,6 +1139,6 @@ WERROR _winreg_DeleteKeyEx(struct pipes_ + /* fill in your code here if you think this call should + do anything */ + +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c ++++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c +@@ -405,7 +405,7 @@ WERROR _wkssvc_NetWkstaSetInfo(struct pi + struct wkssvc_NetWkstaSetInfo *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -608,7 +608,7 @@ WERROR _wkssvc_NetrWkstaUserGetInfo(stru + struct wkssvc_NetrWkstaUserGetInfo *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -619,7 +619,7 @@ WERROR _wkssvc_NetrWkstaUserSetInfo(stru + struct wkssvc_NetrWkstaUserSetInfo *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -630,7 +630,7 @@ WERROR _wkssvc_NetWkstaTransportEnum(str + struct wkssvc_NetWkstaTransportEnum *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -641,7 +641,7 @@ WERROR _wkssvc_NetrWkstaTransportAdd(str + struct wkssvc_NetrWkstaTransportAdd *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -652,7 +652,7 @@ WERROR _wkssvc_NetrWkstaTransportDel(str + struct wkssvc_NetrWkstaTransportDel *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -663,7 +663,7 @@ WERROR _wkssvc_NetrUseAdd(struct pipes_s + struct wkssvc_NetrUseAdd *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -674,7 +674,7 @@ WERROR _wkssvc_NetrUseGetInfo(struct pip + struct wkssvc_NetrUseGetInfo *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -685,7 +685,7 @@ WERROR _wkssvc_NetrUseDel(struct pipes_s + struct wkssvc_NetrUseDel *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -696,7 +696,7 @@ WERROR _wkssvc_NetrUseEnum(struct pipes_ + struct wkssvc_NetrUseEnum *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -707,7 +707,7 @@ WERROR _wkssvc_NetrMessageBufferSend(str + struct wkssvc_NetrMessageBufferSend *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -718,7 +718,7 @@ WERROR _wkssvc_NetrWorkstationStatistics + struct wkssvc_NetrWorkstationStatisticsGet *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -729,7 +729,7 @@ WERROR _wkssvc_NetrLogonDomainNameAdd(st + struct wkssvc_NetrLogonDomainNameAdd *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -740,7 +740,7 @@ WERROR _wkssvc_NetrLogonDomainNameDel(st + struct wkssvc_NetrLogonDomainNameDel *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -751,7 +751,7 @@ WERROR _wkssvc_NetrJoinDomain(struct pip + struct wkssvc_NetrJoinDomain *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -762,7 +762,7 @@ WERROR _wkssvc_NetrUnjoinDomain(struct p + struct wkssvc_NetrUnjoinDomain *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -773,7 +773,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain + struct wkssvc_NetrRenameMachineInDomain *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -784,7 +784,7 @@ WERROR _wkssvc_NetrValidateName(struct p + struct wkssvc_NetrValidateName *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -795,7 +795,7 @@ WERROR _wkssvc_NetrGetJoinInformation(st + struct wkssvc_NetrGetJoinInformation *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -806,7 +806,7 @@ WERROR _wkssvc_NetrGetJoinableOus(struct + struct wkssvc_NetrGetJoinableOus *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -962,6 +962,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain + struct wkssvc_NetrRenameMachineInDomain2 *r) + { + /* for now just return not supported */ ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -972,7 +973,7 @@ WERROR _wkssvc_NetrValidateName2(struct + struct wkssvc_NetrValidateName2 *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -983,7 +984,7 @@ WERROR _wkssvc_NetrGetJoinableOus2(struc + struct wkssvc_NetrGetJoinableOus2 *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -994,7 +995,7 @@ WERROR _wkssvc_NetrAddAlternateComputerN + struct wkssvc_NetrAddAlternateComputerName *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1005,7 +1006,7 @@ WERROR _wkssvc_NetrRemoveAlternateComput + struct wkssvc_NetrRemoveAlternateComputerName *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1016,7 +1017,7 @@ WERROR _wkssvc_NetrSetPrimaryComputernam + struct wkssvc_NetrSetPrimaryComputername *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } + +@@ -1027,6 +1028,6 @@ WERROR _wkssvc_NetrEnumerateComputerName + struct wkssvc_NetrEnumerateComputerNames *r) + { + /* FIXME: Add implementation code here */ +- p->rng_fault_state = True; ++ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; + return WERR_NOT_SUPPORTED; + } +--- a/libcli/auth/smbencrypt.c ++++ b/libcli/auth/smbencrypt.c +@@ -355,11 +355,18 @@ DATA_BLOB NTLMv2_generate_names_blob(TAL + DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0); + + /* Deliberately ignore return here.. */ +- (void)msrpc_gen(mem_ctx, &names_blob, +- "aaa", +- MsvAvNbDomainName, domain, +- MsvAvNbComputerName, hostname, +- MsvAvEOL, ""); ++ if (hostname != NULL) { ++ (void)msrpc_gen(mem_ctx, &names_blob, ++ "aaa", ++ MsvAvNbDomainName, domain, ++ MsvAvNbComputerName, hostname, ++ MsvAvEOL, ""); ++ } else { ++ (void)msrpc_gen(mem_ctx, &names_blob, ++ "aa", ++ MsvAvNbDomainName, domain, ++ MsvAvEOL, ""); ++ } + return names_blob; + } + diff --git a/package/network/services/samba36/patches/021-CVE-preparation-v3-6-addition.patch b/package/network/services/samba36/patches/021-CVE-preparation-v3-6-addition.patch new file mode 100644 index 0000000000..dedd453be2 --- /dev/null +++ b/package/network/services/samba36/patches/021-CVE-preparation-v3-6-addition.patch @@ -0,0 +1,9515 @@ +--- a/source3/librpc/gen_ndr/srv_atsvc.c ++++ b/source3/librpc/gen_ndr/srv_atsvc.c +@@ -51,7 +51,7 @@ static bool api_atsvc_JobAdd(struct pipe + + r->out.result = _atsvc_JobAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -124,7 +124,7 @@ static bool api_atsvc_JobDel(struct pipe + + r->out.result = _atsvc_JobDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -206,7 +206,7 @@ static bool api_atsvc_JobEnum(struct pip + + r->out.result = _atsvc_JobEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -286,7 +286,7 @@ static bool api_atsvc_JobGetInfo(struct + + r->out.result = _atsvc_JobGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_audiosrv.c ++++ b/source3/librpc/gen_ndr/srv_audiosrv.c +@@ -44,7 +44,7 @@ static bool api_audiosrv_CreatezoneFacto + + _audiosrv_CreatezoneFactoriesList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_audiosrv_CreateGfxFactor + + _audiosrv_CreateGfxFactoriesList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_audiosrv_CreateGfxList(s + + _audiosrv_CreateGfxList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_audiosrv_RemoveGfx(struc + + _audiosrv_RemoveGfx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_audiosrv_AddGfx(struct p + + _audiosrv_AddGfx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -409,7 +409,7 @@ static bool api_audiosrv_ModifyGfx(struc + + _audiosrv_ModifyGfx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -482,7 +482,7 @@ static bool api_audiosrv_OpenGfx(struct + + _audiosrv_OpenGfx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -555,7 +555,7 @@ static bool api_audiosrv_Logon(struct pi + + _audiosrv_Logon(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -628,7 +628,7 @@ static bool api_audiosrv_Logoff(struct p + + _audiosrv_Logoff(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -701,7 +701,7 @@ static bool api_audiosrv_RegisterSession + + _audiosrv_RegisterSessionNotificationEvent(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -774,7 +774,7 @@ static bool api_audiosrv_UnregisterSessi + + _audiosrv_UnregisterSessionNotificationEvent(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -847,7 +847,7 @@ static bool api_audiosrv_SessionConnectS + + _audiosrv_SessionConnectState(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -920,7 +920,7 @@ static bool api_audiosrv_DriverOpenDrvRe + + _audiosrv_DriverOpenDrvRegKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -993,7 +993,7 @@ static bool api_audiosrv_AdvisePreferred + + _audiosrv_AdvisePreferredDeviceChange(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1066,7 +1066,7 @@ static bool api_audiosrv_GetPnpInfo(stru + + _audiosrv_GetPnpInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_backupkey.c ++++ b/source3/librpc/gen_ndr/srv_backupkey.c +@@ -57,7 +57,7 @@ static bool api_bkrp_BackupKey(struct pi + + r->out.result = _bkrp_BackupKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_browser.c ++++ b/source3/librpc/gen_ndr/srv_browser.c +@@ -44,7 +44,7 @@ static bool api_BrowserrServerEnum(struc + + _BrowserrServerEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_BrowserrDebugCall(struct + + _BrowserrDebugCall(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -198,7 +198,7 @@ static bool api_BrowserrQueryOtherDomain + + r->out.result = _BrowserrQueryOtherDomains(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -271,7 +271,7 @@ static bool api_BrowserrResetNetlogonSta + + _BrowserrResetNetlogonState(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -344,7 +344,7 @@ static bool api_BrowserrDebugTrace(struc + + _BrowserrDebugTrace(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -417,7 +417,7 @@ static bool api_BrowserrQueryStatistics( + + _BrowserrQueryStatistics(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -490,7 +490,7 @@ static bool api_BrowserResetStatistics(s + + _BrowserResetStatistics(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -563,7 +563,7 @@ static bool api_NetrBrowserStatisticsCle + + _NetrBrowserStatisticsClear(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -636,7 +636,7 @@ static bool api_NetrBrowserStatisticsGet + + _NetrBrowserStatisticsGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -709,7 +709,7 @@ static bool api_BrowserrSetNetlogonState + + _BrowserrSetNetlogonState(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -782,7 +782,7 @@ static bool api_BrowserrQueryEmulatedDom + + _BrowserrQueryEmulatedDomains(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -855,7 +855,7 @@ static bool api_BrowserrServerEnumEx(str + + _BrowserrServerEnumEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dbgidl.c ++++ b/source3/librpc/gen_ndr/srv_dbgidl.c +@@ -44,7 +44,7 @@ static bool api_dummy_dbgidl(struct pipe + + _dummy_dbgidl(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dcom.c ++++ b/source3/librpc/gen_ndr/srv_dcom.c +@@ -44,7 +44,7 @@ static bool api_UseProtSeq(struct pipes_ + + _UseProtSeq(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_GetCustomProtseqInfo(str + + _GetCustomProtseqInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_UpdateResolverBindings(s + + _UpdateResolverBindings(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -300,7 +300,7 @@ static bool api_QueryInterface(struct pi + + r->out.result = _QueryInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -380,7 +380,7 @@ static bool api_AddRef(struct pipes_stru + + r->out.result = _AddRef(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -460,7 +460,7 @@ static bool api_Release(struct pipes_str + + r->out.result = _Release(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -570,7 +570,7 @@ static bool api_CreateInstance(struct pi + + r->out.result = _CreateInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -650,7 +650,7 @@ static bool api_RemoteCreateInstance(str + + r->out.result = _RemoteCreateInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -730,7 +730,7 @@ static bool api_LockServer(struct pipes_ + + r->out.result = _LockServer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -810,7 +810,7 @@ static bool api_RemoteLockServer(struct + + r->out.result = _RemoteLockServer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -921,7 +921,7 @@ static bool api_RemQueryInterface(struct + + r->out.result = _RemQueryInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1007,7 +1007,7 @@ static bool api_RemAddRef(struct pipes_s + + r->out.result = _RemAddRef(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1087,7 +1087,7 @@ static bool api_RemRelease(struct pipes_ + + r->out.result = _RemRelease(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1197,7 +1197,7 @@ static bool api_GetClassObject(struct pi + + _GetClassObject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1299,7 +1299,7 @@ static bool api_ISCMLocalActivator_Creat + + r->out.result = _ISCMLocalActivator_CreateInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1394,7 +1394,7 @@ static bool api_IMachineLocalActivator_f + + r->out.result = _IMachineLocalActivator_foo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1489,7 +1489,7 @@ static bool api_ILocalObjectExporter_Foo + + r->out.result = _ILocalObjectExporter_Foo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1603,7 +1603,7 @@ static bool api_ISystemActivatorRemoteCr + + r->out.result = _ISystemActivatorRemoteCreateInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1717,7 +1717,7 @@ static bool api_RemQueryInterface2(struc + + r->out.result = _RemQueryInterface2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1825,7 +1825,7 @@ static bool api_GetTypeInfoCount(struct + + r->out.result = _GetTypeInfoCount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1911,7 +1911,7 @@ static bool api_GetTypeInfo(struct pipes + + r->out.result = _GetTypeInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1997,7 +1997,7 @@ static bool api_GetIDsOfNames(struct pip + + r->out.result = _GetIDsOfNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2096,7 +2096,7 @@ static bool api_Invoke(struct pipes_stru + + r->out.result = _Invoke(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2201,7 +2201,7 @@ static bool api_MarshalInterface(struct + + r->out.result = _MarshalInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2281,7 +2281,7 @@ static bool api_UnMarshalInterface(struc + + r->out.result = _UnMarshalInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2384,7 +2384,7 @@ static bool api_MakeCoffee(struct pipes_ + + r->out.result = _MakeCoffee(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2498,7 +2498,7 @@ static bool api_Read(struct pipes_struct + + r->out.result = _Read(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2584,7 +2584,7 @@ static bool api_Write(struct pipes_struc + + r->out.result = _Write(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dfsblobs.c ++++ b/source3/librpc/gen_ndr/srv_dfsblobs.c +@@ -51,7 +51,7 @@ static bool api_dfs_GetDFSReferral(struc + + _dfs_GetDFSReferral(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dfs.c ++++ b/source3/librpc/gen_ndr/srv_dfs.c +@@ -51,7 +51,7 @@ static bool api_dfs_GetManagerVersion(st + + _dfs_GetManagerVersion(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -124,7 +124,7 @@ static bool api_dfs_Add(struct pipes_str + + r->out.result = _dfs_Add(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -197,7 +197,7 @@ static bool api_dfs_Remove(struct pipes_ + + r->out.result = _dfs_Remove(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -270,7 +270,7 @@ static bool api_dfs_SetInfo(struct pipes + + r->out.result = _dfs_SetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -350,7 +350,7 @@ static bool api_dfs_GetInfo(struct pipes + + r->out.result = _dfs_GetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -426,7 +426,7 @@ static bool api_dfs_Enum(struct pipes_st + r->out.total = r->in.total; + r->out.result = _dfs_Enum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -499,7 +499,7 @@ static bool api_dfs_Rename(struct pipes_ + + r->out.result = _dfs_Rename(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -572,7 +572,7 @@ static bool api_dfs_Move(struct pipes_st + + r->out.result = _dfs_Move(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -645,7 +645,7 @@ static bool api_dfs_ManagerGetConfigInfo + + r->out.result = _dfs_ManagerGetConfigInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -718,7 +718,7 @@ static bool api_dfs_ManagerSendSiteInfo( + + r->out.result = _dfs_ManagerSendSiteInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -793,7 +793,7 @@ static bool api_dfs_AddFtRoot(struct pip + r->out.unknown2 = r->in.unknown2; + r->out.result = _dfs_AddFtRoot(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -868,7 +868,7 @@ static bool api_dfs_RemoveFtRoot(struct + r->out.unknown = r->in.unknown; + r->out.result = _dfs_RemoveFtRoot(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -941,7 +941,7 @@ static bool api_dfs_AddStdRoot(struct pi + + r->out.result = _dfs_AddStdRoot(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1014,7 +1014,7 @@ static bool api_dfs_RemoveStdRoot(struct + + r->out.result = _dfs_RemoveStdRoot(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1087,7 +1087,7 @@ static bool api_dfs_ManagerInitialize(st + + r->out.result = _dfs_ManagerInitialize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1160,7 +1160,7 @@ static bool api_dfs_AddStdRootForced(str + + r->out.result = _dfs_AddStdRootForced(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1237,7 +1237,7 @@ static bool api_dfs_GetDcAddress(struct + r->out.ttl = r->in.ttl; + r->out.result = _dfs_GetDcAddress(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1310,7 +1310,7 @@ static bool api_dfs_SetDcAddress(struct + + r->out.result = _dfs_SetDcAddress(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1383,7 +1383,7 @@ static bool api_dfs_FlushFtTable(struct + + r->out.result = _dfs_FlushFtTable(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1456,7 +1456,7 @@ static bool api_dfs_Add2(struct pipes_st + + r->out.result = _dfs_Add2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1529,7 +1529,7 @@ static bool api_dfs_Remove2(struct pipes + + r->out.result = _dfs_Remove2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1605,7 +1605,7 @@ static bool api_dfs_EnumEx(struct pipes_ + r->out.total = r->in.total; + r->out.result = _dfs_EnumEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1678,7 +1678,7 @@ static bool api_dfs_SetInfo2(struct pipe + + r->out.result = _dfs_SetInfo2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dns.c ++++ b/source3/librpc/gen_ndr/srv_dns.c +@@ -44,7 +44,7 @@ static bool api_decode_dns_name_packet(s + + _decode_dns_name_packet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dnsp.c ++++ b/source3/librpc/gen_ndr/srv_dnsp.c +@@ -44,7 +44,7 @@ static bool api_decode_DnssrvRpcRecord(s + + _decode_DnssrvRpcRecord(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dnsserver.c ++++ b/source3/librpc/gen_ndr/srv_dnsserver.c +@@ -44,7 +44,7 @@ static bool api_dnsserver_foo(struct pip + + _dnsserver_foo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_drsblobs.c ++++ b/source3/librpc/gen_ndr/srv_drsblobs.c +@@ -44,7 +44,7 @@ static bool api_decode_replPropertyMetaD + + _decode_replPropertyMetaData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_decode_replUpToDateVecto + + _decode_replUpToDateVector(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_decode_repsFromTo(struct + + _decode_repsFromTo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_decode_partialAttributeS + + _decode_partialAttributeSet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_decode_prefixMap(struct + + _decode_prefixMap(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -409,7 +409,7 @@ static bool api_decode_ldapControlDirSyn + + _decode_ldapControlDirSync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -482,7 +482,7 @@ static bool api_decode_supplementalCrede + + _decode_supplementalCredentials(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -555,7 +555,7 @@ static bool api_decode_Packages(struct p + + _decode_Packages(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -628,7 +628,7 @@ static bool api_decode_PrimaryKerberos(s + + _decode_PrimaryKerberos(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -701,7 +701,7 @@ static bool api_decode_PrimaryCLEARTEXT( + + _decode_PrimaryCLEARTEXT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -774,7 +774,7 @@ static bool api_decode_PrimaryWDigest(st + + _decode_PrimaryWDigest(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -847,7 +847,7 @@ static bool api_decode_trustAuthInOut(st + + _decode_trustAuthInOut(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -920,7 +920,7 @@ static bool api_decode_trustDomainPasswo + + _decode_trustDomainPasswords(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -993,7 +993,7 @@ static bool api_decode_ExtendedErrorInfo + + _decode_ExtendedErrorInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1066,7 +1066,7 @@ static bool api_decode_ForestTrustInfo(s + + _decode_ForestTrustInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_drsuapi.c ++++ b/source3/librpc/gen_ndr/srv_drsuapi.c +@@ -52,7 +52,7 @@ static bool api_drsuapi_DsBind(struct pi + + r->out.result = _drsuapi_DsBind(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -127,7 +127,7 @@ static bool api_drsuapi_DsUnbind(struct + r->out.bind_handle = r->in.bind_handle; + r->out.result = _drsuapi_DsUnbind(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -200,7 +200,7 @@ static bool api_drsuapi_DsReplicaSync(st + + r->out.result = _drsuapi_DsReplicaSync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -286,7 +286,7 @@ static bool api_drsuapi_DsGetNCChanges(s + + r->out.result = _drsuapi_DsGetNCChanges(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -359,7 +359,7 @@ static bool api_drsuapi_DsReplicaUpdateR + + r->out.result = _drsuapi_DsReplicaUpdateRefs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -432,7 +432,7 @@ static bool api_drsuapi_DsReplicaAdd(str + + r->out.result = _drsuapi_DsReplicaAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -505,7 +505,7 @@ static bool api_drsuapi_DsReplicaDel(str + + r->out.result = _drsuapi_DsReplicaDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -578,7 +578,7 @@ static bool api_drsuapi_DsReplicaMod(str + + r->out.result = _drsuapi_DsReplicaMod(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -651,7 +651,7 @@ static bool api_DRSUAPI_VERIFY_NAMES(str + + r->out.result = _DRSUAPI_VERIFY_NAMES(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -737,7 +737,7 @@ static bool api_drsuapi_DsGetMemberships + + r->out.result = _drsuapi_DsGetMemberships(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -810,7 +810,7 @@ static bool api_DRSUAPI_INTER_DOMAIN_MOV + + r->out.result = _DRSUAPI_INTER_DOMAIN_MOVE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -896,7 +896,7 @@ static bool api_drsuapi_DsGetNT4ChangeLo + + r->out.result = _drsuapi_DsGetNT4ChangeLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -982,7 +982,7 @@ static bool api_drsuapi_DsCrackNames(str + + r->out.result = _drsuapi_DsCrackNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1068,7 +1068,7 @@ static bool api_drsuapi_DsWriteAccountSp + + r->out.result = _drsuapi_DsWriteAccountSpn(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1154,7 +1154,7 @@ static bool api_drsuapi_DsRemoveDSServer + + r->out.result = _drsuapi_DsRemoveDSServer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1227,7 +1227,7 @@ static bool api_DRSUAPI_REMOVE_DS_DOMAIN + + r->out.result = _DRSUAPI_REMOVE_DS_DOMAIN(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1313,7 +1313,7 @@ static bool api_drsuapi_DsGetDomainContr + + r->out.result = _drsuapi_DsGetDomainControllerInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1399,7 +1399,7 @@ static bool api_drsuapi_DsAddEntry(struc + + r->out.result = _drsuapi_DsAddEntry(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1472,7 +1472,7 @@ static bool api_drsuapi_DsExecuteKCC(str + + r->out.result = _drsuapi_DsExecuteKCC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1558,7 +1558,7 @@ static bool api_drsuapi_DsReplicaGetInfo + + r->out.result = _drsuapi_DsReplicaGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1631,7 +1631,7 @@ static bool api_DRSUAPI_ADD_SID_HISTORY( + + r->out.result = _DRSUAPI_ADD_SID_HISTORY(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1717,7 +1717,7 @@ static bool api_drsuapi_DsGetMemberships + + r->out.result = _drsuapi_DsGetMemberships2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1790,7 +1790,7 @@ static bool api_DRSUAPI_REPLICA_VERIFY_O + + r->out.result = _DRSUAPI_REPLICA_VERIFY_OBJECTS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1863,7 +1863,7 @@ static bool api_DRSUAPI_GET_OBJECT_EXIST + + r->out.result = _DRSUAPI_GET_OBJECT_EXISTENCE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1949,7 +1949,7 @@ static bool api_drsuapi_QuerySitesByCost + + r->out.result = _drsuapi_QuerySitesByCost(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dsbackup.c ++++ b/source3/librpc/gen_ndr/srv_dsbackup.c +@@ -44,7 +44,7 @@ static bool api_HrRBackupPrepare(struct + + _HrRBackupPrepare(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_HrRBackupEnd(struct pipe + + _HrRBackupEnd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_HrRBackupGetAttachmentIn + + _HrRBackupGetAttachmentInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_HrRBackupOpenFile(struct + + _HrRBackupOpenFile(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_HrRBackupRead(struct pip + + _HrRBackupRead(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -409,7 +409,7 @@ static bool api_HrRBackupClose(struct pi + + _HrRBackupClose(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -482,7 +482,7 @@ static bool api_HrRBackupGetBackupLogs(s + + _HrRBackupGetBackupLogs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -555,7 +555,7 @@ static bool api_HrRBackupTruncateLogs(st + + _HrRBackupTruncateLogs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -628,7 +628,7 @@ static bool api_HrRBackupPing(struct pip + + _HrRBackupPing(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -731,7 +731,7 @@ static bool api_HrRIsNTDSOnline(struct p + + _HrRIsNTDSOnline(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -804,7 +804,7 @@ static bool api_HrRRestorePrepare(struct + + _HrRRestorePrepare(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -877,7 +877,7 @@ static bool api_HrRRestoreRegister(struc + + _HrRRestoreRegister(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -950,7 +950,7 @@ static bool api_HrRRestoreRegisterComple + + _HrRRestoreRegisterComplete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1023,7 +1023,7 @@ static bool api_HrRRestoreGetDatabaseLoc + + _HrRRestoreGetDatabaseLocations(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1096,7 +1096,7 @@ static bool api_HrRRestoreEnd(struct pip + + _HrRRestoreEnd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1169,7 +1169,7 @@ static bool api_HrRRestoreSetCurrentLogN + + _HrRRestoreSetCurrentLogNumber(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1242,7 +1242,7 @@ static bool api_HrRRestoreCheckLogsForBa + + _HrRRestoreCheckLogsForBackup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_dssetup.c ++++ b/source3/librpc/gen_ndr/srv_dssetup.c +@@ -51,7 +51,7 @@ static bool api_dssetup_DsRoleGetPrimary + + r->out.result = _dssetup_DsRoleGetPrimaryDomainInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -124,7 +124,7 @@ static bool api_dssetup_DsRoleDnsNameToF + + r->out.result = _dssetup_DsRoleDnsNameToFlatName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -197,7 +197,7 @@ static bool api_dssetup_DsRoleDcAsDc(str + + r->out.result = _dssetup_DsRoleDcAsDc(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -270,7 +270,7 @@ static bool api_dssetup_DsRoleDcAsReplic + + r->out.result = _dssetup_DsRoleDcAsReplica(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -343,7 +343,7 @@ static bool api_dssetup_DsRoleDemoteDc(s + + r->out.result = _dssetup_DsRoleDemoteDc(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -416,7 +416,7 @@ static bool api_dssetup_DsRoleGetDcOpera + + r->out.result = _dssetup_DsRoleGetDcOperationProgress(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -489,7 +489,7 @@ static bool api_dssetup_DsRoleGetDcOpera + + r->out.result = _dssetup_DsRoleGetDcOperationResults(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -562,7 +562,7 @@ static bool api_dssetup_DsRoleCancel(str + + r->out.result = _dssetup_DsRoleCancel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -635,7 +635,7 @@ static bool api_dssetup_DsRoleServerSave + + r->out.result = _dssetup_DsRoleServerSaveStateForUpgrade(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -708,7 +708,7 @@ static bool api_dssetup_DsRoleUpgradeDow + + r->out.result = _dssetup_DsRoleUpgradeDownlevelServer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -781,7 +781,7 @@ static bool api_dssetup_DsRoleAbortDownl + + r->out.result = _dssetup_DsRoleAbortDownlevelServerUpgrade(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_echo.c ++++ b/source3/librpc/gen_ndr/srv_echo.c +@@ -51,7 +51,7 @@ static bool api_echo_AddOne(struct pipes + + _echo_AddOne(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -131,7 +131,7 @@ static bool api_echo_EchoData(struct pip + + _echo_EchoData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -204,7 +204,7 @@ static bool api_echo_SinkData(struct pip + + _echo_SinkData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -284,7 +284,7 @@ static bool api_echo_SourceData(struct p + + _echo_SourceData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -364,7 +364,7 @@ static bool api_echo_TestCall(struct pip + + _echo_TestCall(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -444,7 +444,7 @@ static bool api_echo_TestCall2(struct pi + + r->out.result = _echo_TestCall2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -517,7 +517,7 @@ static bool api_echo_TestSleep(struct pi + + r->out.result = _echo_TestSleep(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -594,7 +594,7 @@ static bool api_echo_TestEnum(struct pip + r->out.foo3 = r->in.foo3; + _echo_TestEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -669,7 +669,7 @@ static bool api_echo_TestSurrounding(str + r->out.data = r->in.data; + _echo_TestSurrounding(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -742,7 +742,7 @@ static bool api_echo_TestDoublePointer(s + + r->out.result = _echo_TestDoublePointer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_efs.c ++++ b/source3/librpc/gen_ndr/srv_efs.c +@@ -51,7 +51,7 @@ static bool api_EfsRpcOpenFileRaw(struct + + r->out.result = _EfsRpcOpenFileRaw(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -124,7 +124,7 @@ static bool api_EfsRpcReadFileRaw(struct + + r->out.result = _EfsRpcReadFileRaw(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -197,7 +197,7 @@ static bool api_EfsRpcWriteFileRaw(struc + + r->out.result = _EfsRpcWriteFileRaw(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -272,7 +272,7 @@ static bool api_EfsRpcCloseRaw(struct pi + r->out.pvContext = r->in.pvContext; + _EfsRpcCloseRaw(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -345,7 +345,7 @@ static bool api_EfsRpcEncryptFileSrv(str + + r->out.result = _EfsRpcEncryptFileSrv(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -418,7 +418,7 @@ static bool api_EfsRpcDecryptFileSrv(str + + r->out.result = _EfsRpcDecryptFileSrv(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -498,7 +498,7 @@ static bool api_EfsRpcQueryUsersOnFile(s + + r->out.result = _EfsRpcQueryUsersOnFile(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -578,7 +578,7 @@ static bool api_EfsRpcQueryRecoveryAgent + + r->out.result = _EfsRpcQueryRecoveryAgents(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -651,7 +651,7 @@ static bool api_EfsRpcRemoveUsersFromFil + + r->out.result = _EfsRpcRemoveUsersFromFile(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -724,7 +724,7 @@ static bool api_EfsRpcAddUsersToFile(str + + r->out.result = _EfsRpcAddUsersToFile(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -797,7 +797,7 @@ static bool api_EfsRpcSetFileEncryptionK + + r->out.result = _EfsRpcSetFileEncryptionKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -870,7 +870,7 @@ static bool api_EfsRpcNotSupported(struc + + r->out.result = _EfsRpcNotSupported(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -943,7 +943,7 @@ static bool api_EfsRpcFileKeyInfo(struct + + r->out.result = _EfsRpcFileKeyInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1016,7 +1016,7 @@ static bool api_EfsRpcDuplicateEncryptio + + r->out.result = _EfsRpcDuplicateEncryptionInfoFile(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_epmapper.c ++++ b/source3/librpc/gen_ndr/srv_epmapper.c +@@ -44,7 +44,7 @@ static bool api_epm_Insert(struct pipes_ + + r->out.result = _epm_Insert(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_epm_Delete(struct pipes_ + + r->out.result = _epm_Delete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -204,7 +204,7 @@ static bool api_epm_Lookup(struct pipes_ + + r->out.result = _epm_Lookup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -291,7 +291,7 @@ static bool api_epm_Map(struct pipes_str + + r->out.result = _epm_Map(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -366,7 +366,7 @@ static bool api_epm_LookupHandleFree(str + r->out.entry_handle = r->in.entry_handle; + r->out.result = _epm_LookupHandleFree(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -439,7 +439,7 @@ static bool api_epm_InqObject(struct pip + + r->out.result = _epm_InqObject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -512,7 +512,7 @@ static bool api_epm_MgmtDelete(struct pi + + r->out.result = _epm_MgmtDelete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -585,7 +585,7 @@ static bool api_epm_MapAuth(struct pipes + + r->out.result = _epm_MapAuth(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_eventlog6.c ++++ b/source3/librpc/gen_ndr/srv_eventlog6.c +@@ -75,7 +75,7 @@ static bool api_eventlog6_EvtRpcRegister + + r->out.result = _eventlog6_EvtRpcRegisterRemoteSubscription(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -179,7 +179,7 @@ static bool api_eventlog6_EvtRpcRemoteSu + + r->out.result = _eventlog6_EvtRpcRemoteSubscriptionNextAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -283,7 +283,7 @@ static bool api_eventlog6_EvtRpcRemoteSu + + r->out.result = _eventlog6_EvtRpcRemoteSubscriptionNext(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -356,7 +356,7 @@ static bool api_eventlog6_EvtRpcRemoteSu + + r->out.result = _eventlog6_EvtRpcRemoteSubscriptionWaitAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -436,7 +436,7 @@ static bool api_eventlog6_EvtRpcRegister + + r->out.result = _eventlog6_EvtRpcRegisterControllableOperation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -540,7 +540,7 @@ static bool api_eventlog6_EvtRpcRegister + + r->out.result = _eventlog6_EvtRpcRegisterLogQuery(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -620,7 +620,7 @@ static bool api_eventlog6_EvtRpcClearLog + + r->out.result = _eventlog6_EvtRpcClearLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -700,7 +700,7 @@ static bool api_eventlog6_EvtRpcExportLo + + r->out.result = _eventlog6_EvtRpcExportLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -780,7 +780,7 @@ static bool api_eventlog6_EvtRpcLocalize + + r->out.result = _eventlog6_EvtRpcLocalizeExportLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -878,7 +878,7 @@ static bool api_eventlog6_EvtRpcMessageR + + r->out.result = _eventlog6_EvtRpcMessageRender(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -976,7 +976,7 @@ static bool api_eventlog6_EvtRpcMessageR + + r->out.result = _eventlog6_EvtRpcMessageRenderDefault(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1080,7 +1080,7 @@ static bool api_eventlog6_EvtRpcQueryNex + + r->out.result = _eventlog6_EvtRpcQueryNext(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1160,7 +1160,7 @@ static bool api_eventlog6_EvtRpcQuerySee + + r->out.result = _eventlog6_EvtRpcQuerySeek(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1235,7 +1235,7 @@ static bool api_eventlog6_EvtRpcClose(st + r->out.handle = r->in.handle; + r->out.result = _eventlog6_EvtRpcClose(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1308,7 +1308,7 @@ static bool api_eventlog6_EvtRpcCancel(s + + r->out.result = _eventlog6_EvtRpcCancel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1381,7 +1381,7 @@ static bool api_eventlog6_EvtRpcAssertCo + + r->out.result = _eventlog6_EvtRpcAssertConfig(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1454,7 +1454,7 @@ static bool api_eventlog6_EvtRpcRetractC + + r->out.result = _eventlog6_EvtRpcRetractConfig(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1540,7 +1540,7 @@ static bool api_eventlog6_EvtRpcOpenLogH + + r->out.result = _eventlog6_EvtRpcOpenLogHandle(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1626,7 +1626,7 @@ static bool api_eventlog6_EvtRpcGetLogFi + + r->out.result = _eventlog6_EvtRpcGetLogFileInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1712,7 +1712,7 @@ static bool api_eventlog6_EvtRpcGetChann + + r->out.result = _eventlog6_EvtRpcGetChannelList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1792,7 +1792,7 @@ static bool api_eventlog6_EvtRpcGetChann + + r->out.result = _eventlog6_EvtRpcGetChannelConfig(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1872,7 +1872,7 @@ static bool api_eventlog6_EvtRpcPutChann + + r->out.result = _eventlog6_EvtRpcPutChannelConfig(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1958,7 +1958,7 @@ static bool api_eventlog6_EvtRpcGetPubli + + r->out.result = _eventlog6_EvtRpcGetPublisherList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2044,7 +2044,7 @@ static bool api_eventlog6_EvtRpcGetPubli + + r->out.result = _eventlog6_EvtRpcGetPublisherListForChannel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2130,7 +2130,7 @@ static bool api_eventlog6_EvtRpcGetPubli + + r->out.result = _eventlog6_EvtRpcGetPublisherMetadata(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2210,7 +2210,7 @@ static bool api_eventlog6_EvtRpcGetPubli + + r->out.result = _eventlog6_EvtRpcGetPublisherResourceMetadata(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2290,7 +2290,7 @@ static bool api_eventlog6_EvtRpcGetEvent + + r->out.result = _eventlog6_EvtRpcGetEventMetadataEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2376,7 +2376,7 @@ static bool api_eventlog6_EvtRpcGetNextE + + r->out.result = _eventlog6_EvtRpcGetNextEventMetadata(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2456,7 +2456,7 @@ static bool api_eventlog6_EvtRpcGetClass + + r->out.result = _eventlog6_EvtRpcGetClassicLogDisplayName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_eventlog.c ++++ b/source3/librpc/gen_ndr/srv_eventlog.c +@@ -44,7 +44,7 @@ static bool api_eventlog_ClearEventLogW( + + r->out.result = _eventlog_ClearEventLogW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_eventlog_BackupEventLogW + + r->out.result = _eventlog_BackupEventLogW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -192,7 +192,7 @@ static bool api_eventlog_CloseEventLog(s + r->out.handle = r->in.handle; + r->out.result = _eventlog_CloseEventLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -267,7 +267,7 @@ static bool api_eventlog_DeregisterEvent + r->out.handle = r->in.handle; + r->out.result = _eventlog_DeregisterEventSource(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -347,7 +347,7 @@ static bool api_eventlog_GetNumRecords(s + + r->out.result = _eventlog_GetNumRecords(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -427,7 +427,7 @@ static bool api_eventlog_GetOldestRecord + + r->out.result = _eventlog_GetOldestRecord(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -500,7 +500,7 @@ static bool api_eventlog_ChangeNotify(st + + r->out.result = _eventlog_ChangeNotify(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -580,7 +580,7 @@ static bool api_eventlog_OpenEventLogW(s + + r->out.result = _eventlog_OpenEventLogW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -660,7 +660,7 @@ static bool api_eventlog_RegisterEventSo + + r->out.result = _eventlog_RegisterEventSourceW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -740,7 +740,7 @@ static bool api_eventlog_OpenBackupEvent + + r->out.result = _eventlog_OpenBackupEventLogW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -832,7 +832,7 @@ static bool api_eventlog_ReadEventLogW(s + + r->out.result = _eventlog_ReadEventLogW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -908,7 +908,7 @@ static bool api_eventlog_ReportEventW(st + r->out.time_written = r->in.time_written; + r->out.result = _eventlog_ReportEventW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -981,7 +981,7 @@ static bool api_eventlog_ClearEventLogA( + + r->out.result = _eventlog_ClearEventLogA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1054,7 +1054,7 @@ static bool api_eventlog_BackupEventLogA + + r->out.result = _eventlog_BackupEventLogA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1127,7 +1127,7 @@ static bool api_eventlog_OpenEventLogA(s + + r->out.result = _eventlog_OpenEventLogA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1200,7 +1200,7 @@ static bool api_eventlog_RegisterEventSo + + r->out.result = _eventlog_RegisterEventSourceA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1273,7 +1273,7 @@ static bool api_eventlog_OpenBackupEvent + + r->out.result = _eventlog_OpenBackupEventLogA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1346,7 +1346,7 @@ static bool api_eventlog_ReadEventLogA(s + + r->out.result = _eventlog_ReadEventLogA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1419,7 +1419,7 @@ static bool api_eventlog_ReportEventA(st + + r->out.result = _eventlog_ReportEventA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1492,7 +1492,7 @@ static bool api_eventlog_RegisterCluster + + r->out.result = _eventlog_RegisterClusterSvc(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1565,7 +1565,7 @@ static bool api_eventlog_DeregisterClust + + r->out.result = _eventlog_DeregisterClusterSvc(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1638,7 +1638,7 @@ static bool api_eventlog_WriteClusterEve + + r->out.result = _eventlog_WriteClusterEvents(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1724,7 +1724,7 @@ static bool api_eventlog_GetLogInformati + + r->out.result = _eventlog_GetLogInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1797,7 +1797,7 @@ static bool api_eventlog_FlushEventLog(s + + r->out.result = _eventlog_FlushEventLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1873,7 +1873,7 @@ static bool api_eventlog_ReportEventAndS + r->out.time_written = r->in.time_written; + r->out.result = _eventlog_ReportEventAndSourceW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_frsapi.c ++++ b/source3/librpc/gen_ndr/srv_frsapi.c +@@ -44,7 +44,7 @@ static bool api_FRSAPI_VERIFY_PROMOTION( + + _FRSAPI_VERIFY_PROMOTION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_FRSAPI_PROMOTION_STATUS( + + _FRSAPI_PROMOTION_STATUS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_FRSAPI_START_DEMOTION(st + + _FRSAPI_START_DEMOTION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_FRSAPI_COMMIT_DEMOTION(s + + _FRSAPI_COMMIT_DEMOTION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_frsapi_SetDsPollingInter + + r->out.result = _frsapi_SetDsPollingIntervalW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -428,7 +428,7 @@ static bool api_frsapi_GetDsPollingInter + + r->out.result = _frsapi_GetDsPollingIntervalW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -501,7 +501,7 @@ static bool api_FRSAPI_VERIFY_PROMOTION_ + + _FRSAPI_VERIFY_PROMOTION_W(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -576,7 +576,7 @@ static bool api_frsapi_InfoW(struct pipe + r->out.info = r->in.info; + r->out.result = _frsapi_InfoW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -674,7 +674,7 @@ static bool api_frsapi_IsPathReplicated( + + r->out.result = _frsapi_IsPathReplicated(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -747,7 +747,7 @@ static bool api_frsapi_WriterCommand(str + + r->out.result = _frsapi_WriterCommand(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -820,7 +820,7 @@ static bool api_frsapi_ForceReplication( + + r->out.result = _frsapi_ForceReplication(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_frsrpc.c ++++ b/source3/librpc/gen_ndr/srv_frsrpc.c +@@ -44,7 +44,7 @@ static bool api_frsrpc_FrsSendCommPkt(st + + r->out.result = _frsrpc_FrsSendCommPkt(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_frsrpc_FrsVerifyPromotio + + r->out.result = _frsrpc_FrsVerifyPromotionParent(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -192,7 +192,7 @@ static bool api_frsrpc_FrsStartPromotion + r->out.parent_guid = r->in.parent_guid; + r->out.result = _frsrpc_FrsStartPromotionParent(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -265,7 +265,7 @@ static bool api_frsrpc_FrsNOP(struct pip + + r->out.result = _frsrpc_FrsNOP(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -338,7 +338,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE(s + + _FRSRPC_BACKUP_COMPLETE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -411,7 +411,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE_5 + + _FRSRPC_BACKUP_COMPLETE_5(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -484,7 +484,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE_6 + + _FRSRPC_BACKUP_COMPLETE_6(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -557,7 +557,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE_7 + + _FRSRPC_BACKUP_COMPLETE_7(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -630,7 +630,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE_8 + + _FRSRPC_BACKUP_COMPLETE_8(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -703,7 +703,7 @@ static bool api_FRSRPC_BACKUP_COMPLETE_9 + + _FRSRPC_BACKUP_COMPLETE_9(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -776,7 +776,7 @@ static bool api_FRSRPC_VERIFY_PROMOTION_ + + _FRSRPC_VERIFY_PROMOTION_PARENT_EX(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_frstrans.c ++++ b/source3/librpc/gen_ndr/srv_frstrans.c +@@ -44,7 +44,7 @@ static bool api_frstrans_CheckConnectivi + + r->out.result = _frstrans_CheckConnectivity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -130,7 +130,7 @@ static bool api_frstrans_EstablishConnec + + r->out.result = _frstrans_EstablishConnection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -203,7 +203,7 @@ static bool api_frstrans_EstablishSessio + + r->out.result = _frstrans_EstablishSession(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -307,7 +307,7 @@ static bool api_frstrans_RequestUpdates( + + r->out.result = _frstrans_RequestUpdates(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -380,7 +380,7 @@ static bool api_frstrans_RequestVersionV + + r->out.result = _frstrans_RequestVersionVector(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -460,7 +460,7 @@ static bool api_frstrans_AsyncPoll(struc + + r->out.result = _frstrans_AsyncPoll(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -533,7 +533,7 @@ static bool api_FRSTRANS_REQUEST_RECORDS + + _FRSTRANS_REQUEST_RECORDS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -606,7 +606,7 @@ static bool api_FRSTRANS_UPDATE_CANCEL(s + + _FRSTRANS_UPDATE_CANCEL(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -679,7 +679,7 @@ static bool api_FRSTRANS_RAW_GET_FILE_DA + + _FRSTRANS_RAW_GET_FILE_DATA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -752,7 +752,7 @@ static bool api_FRSTRANS_RDC_GET_SIGNATU + + _FRSTRANS_RDC_GET_SIGNATURES(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -825,7 +825,7 @@ static bool api_FRSTRANS_RDC_PUSH_SOURCE + + _FRSTRANS_RDC_PUSH_SOURCE_NEEDS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -898,7 +898,7 @@ static bool api_FRSTRANS_RDC_GET_FILE_DA + + _FRSTRANS_RDC_GET_FILE_DATA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -971,7 +971,7 @@ static bool api_FRSTRANS_RDC_CLOSE(struc + + _FRSTRANS_RDC_CLOSE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1077,7 +1077,7 @@ static bool api_frstrans_InitializeFileT + + r->out.result = _frstrans_InitializeFileTransferAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1150,7 +1150,7 @@ static bool api_FRSTRANS_OPNUM_0E_NOT_US + + _FRSTRANS_OPNUM_0E_NOT_USED_ON_THE_WIRE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1230,7 +1230,7 @@ static bool api_frstrans_RawGetFileDataA + + r->out.result = _frstrans_RawGetFileDataAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1310,7 +1310,7 @@ static bool api_frstrans_RdcGetFileDataA + + r->out.result = _frstrans_RdcGetFileDataAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_initshutdown.c ++++ b/source3/librpc/gen_ndr/srv_initshutdown.c +@@ -44,7 +44,7 @@ static bool api_initshutdown_Init(struct + + r->out.result = _initshutdown_Init(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_initshutdown_Abort(struc + + r->out.result = _initshutdown_Abort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_initshutdown_InitEx(stru + + r->out.result = _initshutdown_InitEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_keysvc.c ++++ b/source3/librpc/gen_ndr/srv_keysvc.c +@@ -44,7 +44,7 @@ static bool api_keysvc_Unknown0(struct p + + r->out.result = _keysvc_Unknown0(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_krb5pac.c ++++ b/source3/librpc/gen_ndr/srv_krb5pac.c +@@ -44,7 +44,7 @@ static bool api_decode_pac(struct pipes_ + + _decode_pac(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_decode_pac_raw(struct pi + + _decode_pac_raw(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_decode_login_info(struct + + _decode_login_info(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_decode_login_info_ctr(st + + _decode_login_info_ctr(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_decode_pac_validate(stru + + _decode_pac_validate(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_libnetapi.c ++++ b/source3/librpc/gen_ndr/srv_libnetapi.c +@@ -44,7 +44,7 @@ static bool api_NetJoinDomain(struct pip + + r->out.result = _NetJoinDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_NetUnjoinDomain(struct p + + r->out.result = _NetUnjoinDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -203,7 +203,7 @@ static bool api_NetGetJoinInformation(st + + r->out.result = _NetGetJoinInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -289,7 +289,7 @@ static bool api_NetGetJoinableOUs(struct + + r->out.result = _NetGetJoinableOUs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -362,7 +362,7 @@ static bool api_NetRenameMachineInDomain + + r->out.result = _NetRenameMachineInDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -442,7 +442,7 @@ static bool api_NetServerGetInfo(struct + + r->out.result = _NetServerGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -522,7 +522,7 @@ static bool api_NetServerSetInfo(struct + + r->out.result = _NetServerSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -602,7 +602,7 @@ static bool api_NetGetDCName(struct pipe + + r->out.result = _NetGetDCName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -682,7 +682,7 @@ static bool api_NetGetAnyDCName(struct p + + r->out.result = _NetGetAnyDCName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -762,7 +762,7 @@ static bool api_DsGetDcName(struct pipes + + r->out.result = _DsGetDcName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -842,7 +842,7 @@ static bool api_NetUserAdd(struct pipes_ + + r->out.result = _NetUserAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -915,7 +915,7 @@ static bool api_NetUserDel(struct pipes_ + + r->out.result = _NetUserDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1008,7 +1008,7 @@ static bool api_NetUserEnum(struct pipes + + r->out.result = _NetUserEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1081,7 +1081,7 @@ static bool api_NetUserChangePassword(st + + r->out.result = _NetUserChangePassword(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1161,7 +1161,7 @@ static bool api_NetUserGetInfo(struct pi + + r->out.result = _NetUserGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1241,7 +1241,7 @@ static bool api_NetUserSetInfo(struct pi + + r->out.result = _NetUserSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1333,7 +1333,7 @@ static bool api_NetUserGetGroups(struct + + r->out.result = _NetUserGetGroups(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1406,7 +1406,7 @@ static bool api_NetUserSetGroups(struct + + r->out.result = _NetUserSetGroups(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1498,7 +1498,7 @@ static bool api_NetUserGetLocalGroups(st + + r->out.result = _NetUserGetLocalGroups(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1578,7 +1578,7 @@ static bool api_NetUserModalsGet(struct + + r->out.result = _NetUserModalsGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1658,7 +1658,7 @@ static bool api_NetUserModalsSet(struct + + r->out.result = _NetUserModalsSet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1744,7 +1744,7 @@ static bool api_NetQueryDisplayInformati + + r->out.result = _NetQueryDisplayInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1824,7 +1824,7 @@ static bool api_NetGroupAdd(struct pipes + + r->out.result = _NetGroupAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1897,7 +1897,7 @@ static bool api_NetGroupDel(struct pipes + + r->out.result = _NetGroupDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1990,7 +1990,7 @@ static bool api_NetGroupEnum(struct pipe + + r->out.result = _NetGroupEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2070,7 +2070,7 @@ static bool api_NetGroupSetInfo(struct p + + r->out.result = _NetGroupSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2150,7 +2150,7 @@ static bool api_NetGroupGetInfo(struct p + + r->out.result = _NetGroupGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2223,7 +2223,7 @@ static bool api_NetGroupAddUser(struct p + + r->out.result = _NetGroupAddUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2296,7 +2296,7 @@ static bool api_NetGroupDelUser(struct p + + r->out.result = _NetGroupDelUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2389,7 +2389,7 @@ static bool api_NetGroupGetUsers(struct + + r->out.result = _NetGroupGetUsers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2462,7 +2462,7 @@ static bool api_NetGroupSetUsers(struct + + r->out.result = _NetGroupSetUsers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2542,7 +2542,7 @@ static bool api_NetLocalGroupAdd(struct + + r->out.result = _NetLocalGroupAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2615,7 +2615,7 @@ static bool api_NetLocalGroupDel(struct + + r->out.result = _NetLocalGroupDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2695,7 +2695,7 @@ static bool api_NetLocalGroupGetInfo(str + + r->out.result = _NetLocalGroupGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2775,7 +2775,7 @@ static bool api_NetLocalGroupSetInfo(str + + r->out.result = _NetLocalGroupSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2868,7 +2868,7 @@ static bool api_NetLocalGroupEnum(struct + + r->out.result = _NetLocalGroupEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2941,7 +2941,7 @@ static bool api_NetLocalGroupAddMembers( + + r->out.result = _NetLocalGroupAddMembers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3014,7 +3014,7 @@ static bool api_NetLocalGroupDelMembers( + + r->out.result = _NetLocalGroupDelMembers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3107,7 +3107,7 @@ static bool api_NetLocalGroupGetMembers( + + r->out.result = _NetLocalGroupGetMembers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3180,7 +3180,7 @@ static bool api_NetLocalGroupSetMembers( + + r->out.result = _NetLocalGroupSetMembers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3260,7 +3260,7 @@ static bool api_NetRemoteTOD(struct pipe + + r->out.result = _NetRemoteTOD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3340,7 +3340,7 @@ static bool api_NetShareAdd(struct pipes + + r->out.result = _NetShareAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3413,7 +3413,7 @@ static bool api_NetShareDel(struct pipes + + r->out.result = _NetShareDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3506,7 +3506,7 @@ static bool api_NetShareEnum(struct pipe + + r->out.result = _NetShareEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3586,7 +3586,7 @@ static bool api_NetShareGetInfo(struct p + + r->out.result = _NetShareGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3666,7 +3666,7 @@ static bool api_NetShareSetInfo(struct p + + r->out.result = _NetShareSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3739,7 +3739,7 @@ static bool api_NetFileClose(struct pipe + + r->out.result = _NetFileClose(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3819,7 +3819,7 @@ static bool api_NetFileGetInfo(struct pi + + r->out.result = _NetFileGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3912,7 +3912,7 @@ static bool api_NetFileEnum(struct pipes + + r->out.result = _NetFileEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3985,7 +3985,7 @@ static bool api_NetShutdownInit(struct p + + r->out.result = _NetShutdownInit(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4058,7 +4058,7 @@ static bool api_NetShutdownAbort(struct + + r->out.result = _NetShutdownAbort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4138,7 +4138,7 @@ static bool api_I_NetLogonControl(struct + + r->out.result = _I_NetLogonControl(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4218,7 +4218,7 @@ static bool api_I_NetLogonControl2(struc + + r->out.result = _I_NetLogonControl2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_lsa.c ++++ b/source3/librpc/gen_ndr/srv_lsa.c +@@ -46,7 +46,7 @@ static bool api_lsa_Close(struct pipes_s + r->out.handle = r->in.handle; + r->out.result = _lsa_Close(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -119,7 +119,7 @@ static bool api_lsa_Delete(struct pipes_ + + r->out.result = _lsa_Delete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -200,7 +200,7 @@ static bool api_lsa_EnumPrivs(struct pip + + r->out.result = _lsa_EnumPrivs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -280,7 +280,7 @@ static bool api_lsa_QuerySecurity(struct + + r->out.result = _lsa_QuerySecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -353,7 +353,7 @@ static bool api_lsa_SetSecObj(struct pip + + r->out.result = _lsa_SetSecObj(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -426,7 +426,7 @@ static bool api_lsa_ChangePassword(struc + + r->out.result = _lsa_ChangePassword(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -506,7 +506,7 @@ static bool api_lsa_OpenPolicy(struct pi + + r->out.result = _lsa_OpenPolicy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -586,7 +586,7 @@ static bool api_lsa_QueryInfoPolicy(stru + + r->out.result = _lsa_QueryInfoPolicy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -659,7 +659,7 @@ static bool api_lsa_SetInfoPolicy(struct + + r->out.result = _lsa_SetInfoPolicy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -732,7 +732,7 @@ static bool api_lsa_ClearAuditLog(struct + + r->out.result = _lsa_ClearAuditLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -812,7 +812,7 @@ static bool api_lsa_CreateAccount(struct + + r->out.result = _lsa_CreateAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -893,7 +893,7 @@ static bool api_lsa_EnumAccounts(struct + + r->out.result = _lsa_EnumAccounts(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -973,7 +973,7 @@ static bool api_lsa_CreateTrustedDomain( + + r->out.result = _lsa_CreateTrustedDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1054,7 +1054,7 @@ static bool api_lsa_EnumTrustDom(struct + + r->out.result = _lsa_EnumTrustDom(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1136,7 +1136,7 @@ static bool api_lsa_LookupNames(struct p + + r->out.result = _lsa_LookupNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1218,7 +1218,7 @@ static bool api_lsa_LookupSids(struct pi + + r->out.result = _lsa_LookupSids(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1298,7 +1298,7 @@ static bool api_lsa_CreateSecret(struct + + r->out.result = _lsa_CreateSecret(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1378,7 +1378,7 @@ static bool api_lsa_OpenAccount(struct p + + r->out.result = _lsa_OpenAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1458,7 +1458,7 @@ static bool api_lsa_EnumPrivsAccount(str + + r->out.result = _lsa_EnumPrivsAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1531,7 +1531,7 @@ static bool api_lsa_AddPrivilegesToAccou + + r->out.result = _lsa_AddPrivilegesToAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1604,7 +1604,7 @@ static bool api_lsa_RemovePrivilegesFrom + + r->out.result = _lsa_RemovePrivilegesFromAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1677,7 +1677,7 @@ static bool api_lsa_GetQuotasForAccount( + + r->out.result = _lsa_GetQuotasForAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1750,7 +1750,7 @@ static bool api_lsa_SetQuotasForAccount( + + r->out.result = _lsa_SetQuotasForAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1830,7 +1830,7 @@ static bool api_lsa_GetSystemAccessAccou + + r->out.result = _lsa_GetSystemAccessAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1903,7 +1903,7 @@ static bool api_lsa_SetSystemAccessAccou + + r->out.result = _lsa_SetSystemAccessAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1983,7 +1983,7 @@ static bool api_lsa_OpenTrustedDomain(st + + r->out.result = _lsa_OpenTrustedDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2063,7 +2063,7 @@ static bool api_lsa_QueryTrustedDomainIn + + r->out.result = _lsa_QueryTrustedDomainInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2136,7 +2136,7 @@ static bool api_lsa_SetInformationTruste + + r->out.result = _lsa_SetInformationTrustedDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2216,7 +2216,7 @@ static bool api_lsa_OpenSecret(struct pi + + r->out.result = _lsa_OpenSecret(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2289,7 +2289,7 @@ static bool api_lsa_SetSecret(struct pip + + r->out.result = _lsa_SetSecret(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2367,7 +2367,7 @@ static bool api_lsa_QuerySecret(struct p + r->out.old_mtime = r->in.old_mtime; + r->out.result = _lsa_QuerySecret(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2447,7 +2447,7 @@ static bool api_lsa_LookupPrivValue(stru + + r->out.result = _lsa_LookupPrivValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2527,7 +2527,7 @@ static bool api_lsa_LookupPrivName(struc + + r->out.result = _lsa_LookupPrivName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2613,7 +2613,7 @@ static bool api_lsa_LookupPrivDisplayNam + + r->out.result = _lsa_LookupPrivDisplayName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2688,7 +2688,7 @@ static bool api_lsa_DeleteObject(struct + r->out.handle = r->in.handle; + r->out.result = _lsa_DeleteObject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2768,7 +2768,7 @@ static bool api_lsa_EnumAccountsWithUser + + r->out.result = _lsa_EnumAccountsWithUserRight(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2848,7 +2848,7 @@ static bool api_lsa_EnumAccountRights(st + + r->out.result = _lsa_EnumAccountRights(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2921,7 +2921,7 @@ static bool api_lsa_AddAccountRights(str + + r->out.result = _lsa_AddAccountRights(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2994,7 +2994,7 @@ static bool api_lsa_RemoveAccountRights( + + r->out.result = _lsa_RemoveAccountRights(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3074,7 +3074,7 @@ static bool api_lsa_QueryTrustedDomainIn + + r->out.result = _lsa_QueryTrustedDomainInfoBySid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3147,7 +3147,7 @@ static bool api_lsa_SetTrustedDomainInfo + + r->out.result = _lsa_SetTrustedDomainInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3220,7 +3220,7 @@ static bool api_lsa_DeleteTrustedDomain( + + r->out.result = _lsa_DeleteTrustedDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3293,7 +3293,7 @@ static bool api_lsa_StorePrivateData(str + + r->out.result = _lsa_StorePrivateData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3368,7 +3368,7 @@ static bool api_lsa_RetrievePrivateData( + r->out.val = r->in.val; + r->out.result = _lsa_RetrievePrivateData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3448,7 +3448,7 @@ static bool api_lsa_OpenPolicy2(struct p + + r->out.result = _lsa_OpenPolicy2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3524,7 +3524,7 @@ static bool api_lsa_GetUserName(struct p + r->out.authority_name = r->in.authority_name; + r->out.result = _lsa_GetUserName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3604,7 +3604,7 @@ static bool api_lsa_QueryInfoPolicy2(str + + r->out.result = _lsa_QueryInfoPolicy2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3677,7 +3677,7 @@ static bool api_lsa_SetInfoPolicy2(struc + + r->out.result = _lsa_SetInfoPolicy2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3757,7 +3757,7 @@ static bool api_lsa_QueryTrustedDomainIn + + r->out.result = _lsa_QueryTrustedDomainInfoByName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3830,7 +3830,7 @@ static bool api_lsa_SetTrustedDomainInfo + + r->out.result = _lsa_SetTrustedDomainInfoByName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3911,7 +3911,7 @@ static bool api_lsa_EnumTrustedDomainsEx + + r->out.result = _lsa_EnumTrustedDomainsEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3991,7 +3991,7 @@ static bool api_lsa_CreateTrustedDomainE + + r->out.result = _lsa_CreateTrustedDomainEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4066,7 +4066,7 @@ static bool api_lsa_CloseTrustedDomainEx + r->out.handle = r->in.handle; + r->out.result = _lsa_CloseTrustedDomainEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4146,7 +4146,7 @@ static bool api_lsa_QueryDomainInformati + + r->out.result = _lsa_QueryDomainInformationPolicy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4219,7 +4219,7 @@ static bool api_lsa_SetDomainInformation + + r->out.result = _lsa_SetDomainInformationPolicy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4299,7 +4299,7 @@ static bool api_lsa_OpenTrustedDomainByN + + r->out.result = _lsa_OpenTrustedDomainByName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4372,7 +4372,7 @@ static bool api_lsa_TestCall(struct pipe + + r->out.result = _lsa_TestCall(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4454,7 +4454,7 @@ static bool api_lsa_LookupSids2(struct p + + r->out.result = _lsa_LookupSids2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4536,7 +4536,7 @@ static bool api_lsa_LookupNames2(struct + + r->out.result = _lsa_LookupNames2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4616,7 +4616,7 @@ static bool api_lsa_CreateTrustedDomainE + + r->out.result = _lsa_CreateTrustedDomainEx2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4689,7 +4689,7 @@ static bool api_lsa_CREDRWRITE(struct pi + + r->out.result = _lsa_CREDRWRITE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4762,7 +4762,7 @@ static bool api_lsa_CREDRREAD(struct pip + + r->out.result = _lsa_CREDRREAD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4835,7 +4835,7 @@ static bool api_lsa_CREDRENUMERATE(struc + + r->out.result = _lsa_CREDRENUMERATE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4908,7 +4908,7 @@ static bool api_lsa_CREDRWRITEDOMAINCRED + + r->out.result = _lsa_CREDRWRITEDOMAINCREDENTIALS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4981,7 +4981,7 @@ static bool api_lsa_CREDRREADDOMAINCREDE + + r->out.result = _lsa_CREDRREADDOMAINCREDENTIALS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5054,7 +5054,7 @@ static bool api_lsa_CREDRDELETE(struct p + + r->out.result = _lsa_CREDRDELETE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5127,7 +5127,7 @@ static bool api_lsa_CREDRGETTARGETINFO(s + + r->out.result = _lsa_CREDRGETTARGETINFO(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5200,7 +5200,7 @@ static bool api_lsa_CREDRPROFILELOADED(s + + r->out.result = _lsa_CREDRPROFILELOADED(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5282,7 +5282,7 @@ static bool api_lsa_LookupNames3(struct + + r->out.result = _lsa_LookupNames3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5355,7 +5355,7 @@ static bool api_lsa_CREDRGETSESSIONTYPES + + r->out.result = _lsa_CREDRGETSESSIONTYPES(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5428,7 +5428,7 @@ static bool api_lsa_LSARREGISTERAUDITEVE + + r->out.result = _lsa_LSARREGISTERAUDITEVENT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5501,7 +5501,7 @@ static bool api_lsa_LSARGENAUDITEVENT(st + + r->out.result = _lsa_LSARGENAUDITEVENT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5574,7 +5574,7 @@ static bool api_lsa_LSARUNREGISTERAUDITE + + r->out.result = _lsa_LSARUNREGISTERAUDITEVENT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5654,7 +5654,7 @@ static bool api_lsa_lsaRQueryForestTrust + + r->out.result = _lsa_lsaRQueryForestTrustInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5734,7 +5734,7 @@ static bool api_lsa_lsaRSetForestTrustIn + + r->out.result = _lsa_lsaRSetForestTrustInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5807,7 +5807,7 @@ static bool api_lsa_CREDRRENAME(struct p + + r->out.result = _lsa_CREDRRENAME(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5889,7 +5889,7 @@ static bool api_lsa_LookupSids3(struct p + + r->out.result = _lsa_LookupSids3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5971,7 +5971,7 @@ static bool api_lsa_LookupNames4(struct + + r->out.result = _lsa_LookupNames4(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6044,7 +6044,7 @@ static bool api_lsa_LSAROPENPOLICYSCE(st + + r->out.result = _lsa_LSAROPENPOLICYSCE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6117,7 +6117,7 @@ static bool api_lsa_LSARADTREGISTERSECUR + + r->out.result = _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6190,7 +6190,7 @@ static bool api_lsa_LSARADTUNREGISTERSEC + + r->out.result = _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6263,7 +6263,7 @@ static bool api_lsa_LSARADTREPORTSECURIT + + r->out.result = _lsa_LSARADTREPORTSECURITYEVENT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_mgmt.c ++++ b/source3/librpc/gen_ndr/srv_mgmt.c +@@ -51,7 +51,7 @@ static bool api_mgmt_inq_if_ids(struct p + + r->out.result = _mgmt_inq_if_ids(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -131,7 +131,7 @@ static bool api_mgmt_inq_stats(struct pi + + r->out.result = _mgmt_inq_stats(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -211,7 +211,7 @@ static bool api_mgmt_is_server_listening + + r->out.result = _mgmt_is_server_listening(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -284,7 +284,7 @@ static bool api_mgmt_stop_server_listeni + + r->out.result = _mgmt_stop_server_listening(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -364,7 +364,7 @@ static bool api_mgmt_inq_princ_name(stru + + r->out.result = _mgmt_inq_princ_name(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_msgsvc.c ++++ b/source3/librpc/gen_ndr/srv_msgsvc.c +@@ -44,7 +44,7 @@ static bool api_NetrMessageNameAdd(struc + + _NetrMessageNameAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_NetrMessageNameEnum(stru + + _NetrMessageNameEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_NetrMessageNameGetInfo(s + + _NetrMessageNameGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_NetrMessageNameDel(struc + + _NetrMessageNameDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -361,7 +361,7 @@ static bool api_NetrSendMessage(struct p + + _NetrSendMessage(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_nbt.c ++++ b/source3/librpc/gen_ndr/srv_nbt.c +@@ -44,7 +44,7 @@ static bool api_decode_nbt_netlogon_pack + + _decode_nbt_netlogon_packet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_netlogon.c ++++ b/source3/librpc/gen_ndr/srv_netlogon.c +@@ -51,7 +51,7 @@ static bool api_netr_LogonUasLogon(struc + + r->out.result = _netr_LogonUasLogon(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -131,7 +131,7 @@ static bool api_netr_LogonUasLogoff(stru + + r->out.result = _netr_LogonUasLogoff(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -218,7 +218,7 @@ static bool api_netr_LogonSamLogon(struc + + r->out.result = _netr_LogonSamLogon(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -293,7 +293,7 @@ static bool api_netr_LogonSamLogoff(stru + r->out.return_authenticator = r->in.return_authenticator; + r->out.result = _netr_LogonSamLogoff(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -373,7 +373,7 @@ static bool api_netr_ServerReqChallenge( + + r->out.result = _netr_ServerReqChallenge(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -453,7 +453,7 @@ static bool api_netr_ServerAuthenticate( + + r->out.result = _netr_ServerAuthenticate(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -533,7 +533,7 @@ static bool api_netr_ServerPasswordSet(s + + r->out.result = _netr_ServerPasswordSet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -615,7 +615,7 @@ static bool api_netr_DatabaseDeltas(stru + + r->out.result = _netr_DatabaseDeltas(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -697,7 +697,7 @@ static bool api_netr_DatabaseSync(struct + + r->out.result = _netr_DatabaseSync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -796,7 +796,7 @@ static bool api_netr_AccountDeltas(struc + + r->out.result = _netr_AccountDeltas(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -896,7 +896,7 @@ static bool api_netr_AccountSync(struct + + r->out.result = _netr_AccountSync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -976,7 +976,7 @@ static bool api_netr_GetDcName(struct pi + + r->out.result = _netr_GetDcName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1056,7 +1056,7 @@ static bool api_netr_LogonControl(struct + + r->out.result = _netr_LogonControl(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1136,7 +1136,7 @@ static bool api_netr_GetAnyDCName(struct + + r->out.result = _netr_GetAnyDCName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1216,7 +1216,7 @@ static bool api_netr_LogonControl2(struc + + r->out.result = _netr_LogonControl2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1297,7 +1297,7 @@ static bool api_netr_ServerAuthenticate2 + + r->out.result = _netr_ServerAuthenticate2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1379,7 +1379,7 @@ static bool api_netr_DatabaseSync2(struc + + r->out.result = _netr_DatabaseSync2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1460,7 +1460,7 @@ static bool api_netr_DatabaseRedo(struct + + r->out.result = _netr_DatabaseRedo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1540,7 +1540,7 @@ static bool api_netr_LogonControl2Ex(str + + r->out.result = _netr_LogonControl2Ex(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1620,7 +1620,7 @@ static bool api_netr_NetrEnumerateTruste + + r->out.result = _netr_NetrEnumerateTrustedDomains(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1700,7 +1700,7 @@ static bool api_netr_DsRGetDCName(struct + + r->out.result = _netr_DsRGetDCName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1781,7 +1781,7 @@ static bool api_netr_LogonGetCapabilitie + + r->out.result = _netr_LogonGetCapabilities(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1854,7 +1854,7 @@ static bool api_netr_NETRLOGONSETSERVICE + + r->out.result = _netr_NETRLOGONSETSERVICEBITS(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1934,7 +1934,7 @@ static bool api_netr_LogonGetTrustRid(st + + r->out.result = _netr_LogonGetTrustRid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2007,7 +2007,7 @@ static bool api_netr_NETRLOGONCOMPUTESER + + r->out.result = _netr_NETRLOGONCOMPUTESERVERDIGEST(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2080,7 +2080,7 @@ static bool api_netr_NETRLOGONCOMPUTECLI + + r->out.result = _netr_NETRLOGONCOMPUTECLIENTDIGEST(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2167,7 +2167,7 @@ static bool api_netr_ServerAuthenticate3 + + r->out.result = _netr_ServerAuthenticate3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2247,7 +2247,7 @@ static bool api_netr_DsRGetDCNameEx(stru + + r->out.result = _netr_DsRGetDCNameEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2327,7 +2327,7 @@ static bool api_netr_DsRGetSiteName(stru + + r->out.result = _netr_DsRGetSiteName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2408,7 +2408,7 @@ static bool api_netr_LogonGetDomainInfo( + + r->out.result = _netr_LogonGetDomainInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2488,7 +2488,7 @@ static bool api_netr_ServerPasswordSet2( + + r->out.result = _netr_ServerPasswordSet2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2574,7 +2574,7 @@ static bool api_netr_ServerPasswordGet(s + + r->out.result = _netr_ServerPasswordGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2647,7 +2647,7 @@ static bool api_netr_NETRLOGONSENDTOSAM( + + r->out.result = _netr_NETRLOGONSENDTOSAM(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2727,7 +2727,7 @@ static bool api_netr_DsRAddressToSitenam + + r->out.result = _netr_DsRAddressToSitenamesW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2807,7 +2807,7 @@ static bool api_netr_DsRGetDCNameEx2(str + + r->out.result = _netr_DsRGetDCNameEx2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2880,7 +2880,7 @@ static bool api_netr_NETRLOGONGETTIMESER + + r->out.result = _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2960,7 +2960,7 @@ static bool api_netr_NetrEnumerateTruste + + r->out.result = _netr_NetrEnumerateTrustedDomainsEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3040,7 +3040,7 @@ static bool api_netr_DsRAddressToSitenam + + r->out.result = _netr_DsRAddressToSitenamesExW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3120,7 +3120,7 @@ static bool api_netr_DsrGetDcSiteCoverag + + r->out.result = _netr_DsrGetDcSiteCoverageW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3207,7 +3207,7 @@ static bool api_netr_LogonSamLogonEx(str + + r->out.result = _netr_LogonSamLogonEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3287,7 +3287,7 @@ static bool api_netr_DsrEnumerateDomainT + + r->out.result = _netr_DsrEnumerateDomainTrusts(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3360,7 +3360,7 @@ static bool api_netr_DsrDeregisterDNSHos + + r->out.result = _netr_DsrDeregisterDNSHostRecords(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3452,7 +3452,7 @@ static bool api_netr_ServerTrustPassword + + r->out.result = _netr_ServerTrustPasswordsGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3532,7 +3532,7 @@ static bool api_netr_DsRGetForestTrustIn + + r->out.result = _netr_DsRGetForestTrustInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3618,7 +3618,7 @@ static bool api_netr_GetForestTrustInfor + + r->out.result = _netr_GetForestTrustInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3706,7 +3706,7 @@ static bool api_netr_LogonSamLogonWithFl + + r->out.result = _netr_LogonSamLogonWithFlags(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3804,7 +3804,7 @@ static bool api_netr_ServerGetTrustInfo( + + r->out.result = _netr_ServerGetTrustInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3877,7 +3877,7 @@ static bool api_netr_Unused47(struct pip + + r->out.result = _netr_Unused47(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3958,7 +3958,7 @@ static bool api_netr_DsrUpdateReadOnlySe + + r->out.result = _netr_DsrUpdateReadOnlyServerDnsRecords(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_ntlmssp.c ++++ b/source3/librpc/gen_ndr/srv_ntlmssp.c +@@ -44,7 +44,7 @@ static bool api_decode_NEGOTIATE_MESSAGE + + _decode_NEGOTIATE_MESSAGE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_decode_CHALLENGE_MESSAGE + + _decode_CHALLENGE_MESSAGE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_decode_AUTHENTICATE_MESS + + _decode_AUTHENTICATE_MESSAGE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_decode_NTLMv2_CLIENT_CHA + + _decode_NTLMv2_CLIENT_CHALLENGE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_decode_NTLMv2_RESPONSE(s + + _decode_NTLMv2_RESPONSE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_ntprinting.c ++++ b/source3/librpc/gen_ndr/srv_ntprinting.c +@@ -44,7 +44,7 @@ static bool api_decode_ntprinting_form(s + + _decode_ntprinting_form(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_decode_ntprinting_driver + + _decode_ntprinting_driver(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_decode_ntprinting_printe + + _decode_ntprinting_printer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_ntsvcs.c ++++ b/source3/librpc/gen_ndr/srv_ntsvcs.c +@@ -44,7 +44,7 @@ static bool api_PNP_Disconnect(struct pi + + r->out.result = _PNP_Disconnect(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_PNP_Connect(struct pipes + + r->out.result = _PNP_Connect(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -197,7 +197,7 @@ static bool api_PNP_GetVersion(struct pi + + r->out.result = _PNP_GetVersion(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -270,7 +270,7 @@ static bool api_PNP_GetGlobalState(struc + + r->out.result = _PNP_GetGlobalState(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -343,7 +343,7 @@ static bool api_PNP_InitDetection(struct + + r->out.result = _PNP_InitDetection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -416,7 +416,7 @@ static bool api_PNP_ReportLogOn(struct p + + r->out.result = _PNP_ReportLogOn(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -489,7 +489,7 @@ static bool api_PNP_ValidateDeviceInstan + + r->out.result = _PNP_ValidateDeviceInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -562,7 +562,7 @@ static bool api_PNP_GetRootDeviceInstanc + + r->out.result = _PNP_GetRootDeviceInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -635,7 +635,7 @@ static bool api_PNP_GetRelatedDeviceInst + + r->out.result = _PNP_GetRelatedDeviceInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -708,7 +708,7 @@ static bool api_PNP_EnumerateSubKeys(str + + r->out.result = _PNP_EnumerateSubKeys(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -789,7 +789,7 @@ static bool api_PNP_GetDeviceList(struct + + r->out.result = _PNP_GetDeviceList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -869,7 +869,7 @@ static bool api_PNP_GetDeviceListSize(st + + r->out.result = _PNP_GetDeviceListSize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -942,7 +942,7 @@ static bool api_PNP_GetDepth(struct pipe + + r->out.result = _PNP_GetDepth(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1025,7 +1025,7 @@ static bool api_PNP_GetDeviceRegProp(str + + r->out.result = _PNP_GetDeviceRegProp(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1098,7 +1098,7 @@ static bool api_PNP_SetDeviceRegProp(str + + r->out.result = _PNP_SetDeviceRegProp(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1171,7 +1171,7 @@ static bool api_PNP_GetClassInstance(str + + r->out.result = _PNP_GetClassInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1244,7 +1244,7 @@ static bool api_PNP_CreateKey(struct pip + + r->out.result = _PNP_CreateKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1317,7 +1317,7 @@ static bool api_PNP_DeleteRegistryKey(st + + r->out.result = _PNP_DeleteRegistryKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1390,7 +1390,7 @@ static bool api_PNP_GetClassCount(struct + + r->out.result = _PNP_GetClassCount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1463,7 +1463,7 @@ static bool api_PNP_GetClassName(struct + + r->out.result = _PNP_GetClassName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1536,7 +1536,7 @@ static bool api_PNP_DeleteClassKey(struc + + r->out.result = _PNP_DeleteClassKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1609,7 +1609,7 @@ static bool api_PNP_GetInterfaceDeviceAl + + r->out.result = _PNP_GetInterfaceDeviceAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1682,7 +1682,7 @@ static bool api_PNP_GetInterfaceDeviceLi + + r->out.result = _PNP_GetInterfaceDeviceList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1755,7 +1755,7 @@ static bool api_PNP_GetInterfaceDeviceLi + + r->out.result = _PNP_GetInterfaceDeviceListSize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1828,7 +1828,7 @@ static bool api_PNP_RegisterDeviceClassA + + r->out.result = _PNP_RegisterDeviceClassAssociation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1901,7 +1901,7 @@ static bool api_PNP_UnregisterDeviceClas + + r->out.result = _PNP_UnregisterDeviceClassAssociation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1974,7 +1974,7 @@ static bool api_PNP_GetClassRegProp(stru + + r->out.result = _PNP_GetClassRegProp(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2047,7 +2047,7 @@ static bool api_PNP_SetClassRegProp(stru + + r->out.result = _PNP_SetClassRegProp(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2120,7 +2120,7 @@ static bool api_PNP_CreateDevInst(struct + + r->out.result = _PNP_CreateDevInst(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2193,7 +2193,7 @@ static bool api_PNP_DeviceInstanceAction + + r->out.result = _PNP_DeviceInstanceAction(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2266,7 +2266,7 @@ static bool api_PNP_GetDeviceStatus(stru + + r->out.result = _PNP_GetDeviceStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2339,7 +2339,7 @@ static bool api_PNP_SetDeviceProblem(str + + r->out.result = _PNP_SetDeviceProblem(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2412,7 +2412,7 @@ static bool api_PNP_DisableDevInst(struc + + r->out.result = _PNP_DisableDevInst(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2485,7 +2485,7 @@ static bool api_PNP_UninstallDevInst(str + + r->out.result = _PNP_UninstallDevInst(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2558,7 +2558,7 @@ static bool api_PNP_AddID(struct pipes_s + + r->out.result = _PNP_AddID(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2631,7 +2631,7 @@ static bool api_PNP_RegisterDriver(struc + + r->out.result = _PNP_RegisterDriver(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2704,7 +2704,7 @@ static bool api_PNP_QueryRemove(struct p + + r->out.result = _PNP_QueryRemove(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2777,7 +2777,7 @@ static bool api_PNP_RequestDeviceEject(s + + r->out.result = _PNP_RequestDeviceEject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2850,7 +2850,7 @@ static bool api_PNP_IsDockStationPresent + + r->out.result = _PNP_IsDockStationPresent(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2923,7 +2923,7 @@ static bool api_PNP_RequestEjectPC(struc + + r->out.result = _PNP_RequestEjectPC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3005,7 +3005,7 @@ static bool api_PNP_HwProfFlags(struct p + + r->out.result = _PNP_HwProfFlags(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3080,7 +3080,7 @@ static bool api_PNP_GetHwProfInfo(struct + r->out.info = r->in.info; + r->out.result = _PNP_GetHwProfInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3153,7 +3153,7 @@ static bool api_PNP_AddEmptyLogConf(stru + + r->out.result = _PNP_AddEmptyLogConf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3226,7 +3226,7 @@ static bool api_PNP_FreeLogConf(struct p + + r->out.result = _PNP_FreeLogConf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3299,7 +3299,7 @@ static bool api_PNP_GetFirstLogConf(stru + + r->out.result = _PNP_GetFirstLogConf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3372,7 +3372,7 @@ static bool api_PNP_GetNextLogConf(struc + + r->out.result = _PNP_GetNextLogConf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3445,7 +3445,7 @@ static bool api_PNP_GetLogConfPriority(s + + r->out.result = _PNP_GetLogConfPriority(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3518,7 +3518,7 @@ static bool api_PNP_AddResDes(struct pip + + r->out.result = _PNP_AddResDes(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3591,7 +3591,7 @@ static bool api_PNP_FreeResDes(struct pi + + r->out.result = _PNP_FreeResDes(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3664,7 +3664,7 @@ static bool api_PNP_GetNextResDes(struct + + r->out.result = _PNP_GetNextResDes(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3737,7 +3737,7 @@ static bool api_PNP_GetResDesData(struct + + r->out.result = _PNP_GetResDesData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3810,7 +3810,7 @@ static bool api_PNP_GetResDesDataSize(st + + r->out.result = _PNP_GetResDesDataSize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3883,7 +3883,7 @@ static bool api_PNP_ModifyResDes(struct + + r->out.result = _PNP_ModifyResDes(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3956,7 +3956,7 @@ static bool api_PNP_DetectResourceLimit( + + r->out.result = _PNP_DetectResourceLimit(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4029,7 +4029,7 @@ static bool api_PNP_QueryResConfList(str + + r->out.result = _PNP_QueryResConfList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4102,7 +4102,7 @@ static bool api_PNP_SetHwProf(struct pip + + r->out.result = _PNP_SetHwProf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4175,7 +4175,7 @@ static bool api_PNP_QueryArbitratorFreeD + + r->out.result = _PNP_QueryArbitratorFreeData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4248,7 +4248,7 @@ static bool api_PNP_QueryArbitratorFreeS + + r->out.result = _PNP_QueryArbitratorFreeSize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4321,7 +4321,7 @@ static bool api_PNP_RunDetection(struct + + r->out.result = _PNP_RunDetection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4394,7 +4394,7 @@ static bool api_PNP_RegisterNotification + + r->out.result = _PNP_RegisterNotification(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4467,7 +4467,7 @@ static bool api_PNP_UnregisterNotificati + + r->out.result = _PNP_UnregisterNotification(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4540,7 +4540,7 @@ static bool api_PNP_GetCustomDevProp(str + + r->out.result = _PNP_GetCustomDevProp(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4613,7 +4613,7 @@ static bool api_PNP_GetVersionInternal(s + + r->out.result = _PNP_GetVersionInternal(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4686,7 +4686,7 @@ static bool api_PNP_GetBlockedDriverInfo + + r->out.result = _PNP_GetBlockedDriverInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4759,7 +4759,7 @@ static bool api_PNP_GetServerSideDeviceI + + r->out.result = _PNP_GetServerSideDeviceInstallFlags(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_oxidresolver.c ++++ b/source3/librpc/gen_ndr/srv_oxidresolver.c +@@ -63,7 +63,7 @@ static bool api_ResolveOxid(struct pipes + + r->out.result = _ResolveOxid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -136,7 +136,7 @@ static bool api_SimplePing(struct pipes_ + + r->out.result = _SimplePing(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -217,7 +217,7 @@ static bool api_ComplexPing(struct pipes + + r->out.result = _ComplexPing(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -290,7 +290,7 @@ static bool api_ServerAlive(struct pipes + + r->out.result = _ServerAlive(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -388,7 +388,7 @@ static bool api_ResolveOxid2(struct pipe + + r->out.result = _ResolveOxid2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -492,7 +492,7 @@ static bool api_ServerAlive2(struct pipe + + r->out.result = _ServerAlive2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_policyagent.c ++++ b/source3/librpc/gen_ndr/srv_policyagent.c +@@ -44,7 +44,7 @@ static bool api_policyagent_Dummy(struct + + r->out.result = _policyagent_Dummy(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_preg.c ++++ b/source3/librpc/gen_ndr/srv_preg.c +@@ -44,7 +44,7 @@ static bool api_decode_preg_file(struct + + _decode_preg_file(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_rap.c ++++ b/source3/librpc/gen_ndr/srv_rap.c +@@ -51,7 +51,7 @@ static bool api_rap_NetShareEnum(struct + + _rap_NetShareEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -125,7 +125,7 @@ static bool api_rap_NetShareAdd(struct p + ZERO_STRUCT(r->out); + _rap_NetShareAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -205,7 +205,7 @@ static bool api_rap_NetServerEnum2(struc + + _rap_NetServerEnum2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -279,7 +279,7 @@ static bool api_rap_WserverGetInfo(struc + ZERO_STRUCT(r->out); + _rap_WserverGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -359,7 +359,7 @@ static bool api_rap_NetPrintQEnum(struct + + _rap_NetPrintQEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -433,7 +433,7 @@ static bool api_rap_NetPrintQGetInfo(str + ZERO_STRUCT(r->out); + _rap_NetPrintQGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -507,7 +507,7 @@ static bool api_rap_NetPrintJobPause(str + ZERO_STRUCT(r->out); + _rap_NetPrintJobPause(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -581,7 +581,7 @@ static bool api_rap_NetPrintJobContinue( + ZERO_STRUCT(r->out); + _rap_NetPrintJobContinue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -655,7 +655,7 @@ static bool api_rap_NetPrintJobDelete(st + ZERO_STRUCT(r->out); + _rap_NetPrintJobDelete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -729,7 +729,7 @@ static bool api_rap_NetPrintQueuePause(s + ZERO_STRUCT(r->out); + _rap_NetPrintQueuePause(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -803,7 +803,7 @@ static bool api_rap_NetPrintQueueResume( + ZERO_STRUCT(r->out); + _rap_NetPrintQueueResume(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -877,7 +877,7 @@ static bool api_rap_NetPrintQueuePurge(s + ZERO_STRUCT(r->out); + _rap_NetPrintQueuePurge(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -957,7 +957,7 @@ static bool api_rap_NetPrintJobEnum(stru + + _rap_NetPrintJobEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1031,7 +1031,7 @@ static bool api_rap_NetPrintJobGetInfo(s + ZERO_STRUCT(r->out); + _rap_NetPrintJobGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1105,7 +1105,7 @@ static bool api_rap_NetPrintJobSetInfo(s + ZERO_STRUCT(r->out); + _rap_NetPrintJobSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1185,7 +1185,7 @@ static bool api_rap_NetPrintDestEnum(str + + _rap_NetPrintDestEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1259,7 +1259,7 @@ static bool api_rap_NetPrintDestGetInfo( + ZERO_STRUCT(r->out); + _rap_NetPrintDestGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1333,7 +1333,7 @@ static bool api_rap_NetUserPasswordSet2( + ZERO_STRUCT(r->out); + _rap_NetUserPasswordSet2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1407,7 +1407,7 @@ static bool api_rap_NetOEMChangePassword + ZERO_STRUCT(r->out); + _rap_NetOEMChangePassword(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1481,7 +1481,7 @@ static bool api_rap_NetUserGetInfo(struc + ZERO_STRUCT(r->out); + _rap_NetUserGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1561,7 +1561,7 @@ static bool api_rap_NetSessionEnum(struc + + _rap_NetSessionEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1635,7 +1635,7 @@ static bool api_rap_NetSessionGetInfo(st + ZERO_STRUCT(r->out); + _rap_NetSessionGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1709,7 +1709,7 @@ static bool api_rap_NetUserAdd(struct pi + ZERO_STRUCT(r->out); + _rap_NetUserAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1783,7 +1783,7 @@ static bool api_rap_NetUserDelete(struct + ZERO_STRUCT(r->out); + _rap_NetUserDelete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1857,7 +1857,7 @@ static bool api_rap_NetRemoteTOD(struct + ZERO_STRUCT(r->out); + _rap_NetRemoteTOD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_remact.c ++++ b/source3/librpc/gen_ndr/srv_remact.c +@@ -99,7 +99,7 @@ static bool api_RemoteActivation(struct + + r->out.result = _RemoteActivation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_rot.c ++++ b/source3/librpc/gen_ndr/srv_rot.c +@@ -51,7 +51,7 @@ static bool api_rot_add(struct pipes_str + + r->out.result = _rot_add(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -124,7 +124,7 @@ static bool api_rot_remove(struct pipes_ + + r->out.result = _rot_remove(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -197,7 +197,7 @@ static bool api_rot_is_listed(struct pip + + r->out.result = _rot_is_listed(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -277,7 +277,7 @@ static bool api_rot_get_interface_pointe + + r->out.result = _rot_get_interface_pointer(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -350,7 +350,7 @@ static bool api_rot_set_modification_tim + + r->out.result = _rot_set_modification_time(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -430,7 +430,7 @@ static bool api_rot_get_modification_tim + + r->out.result = _rot_get_modification_time(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -510,7 +510,7 @@ static bool api_rot_enum(struct pipes_st + + r->out.result = _rot_enum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_samr.c ++++ b/source3/librpc/gen_ndr/srv_samr.c +@@ -51,7 +51,7 @@ static bool api_samr_Connect(struct pipe + + r->out.result = _samr_Connect(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -126,7 +126,7 @@ static bool api_samr_Close(struct pipes_ + r->out.handle = r->in.handle; + r->out.result = _samr_Close(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -199,7 +199,7 @@ static bool api_samr_SetSecurity(struct + + r->out.result = _samr_SetSecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -279,7 +279,7 @@ static bool api_samr_QuerySecurity(struc + + r->out.result = _samr_QuerySecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -352,7 +352,7 @@ static bool api_samr_Shutdown(struct pip + + r->out.result = _samr_Shutdown(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -432,7 +432,7 @@ static bool api_samr_LookupDomain(struct + + r->out.result = _samr_LookupDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -519,7 +519,7 @@ static bool api_samr_EnumDomains(struct + + r->out.result = _samr_EnumDomains(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -599,7 +599,7 @@ static bool api_samr_OpenDomain(struct p + + r->out.result = _samr_OpenDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -679,7 +679,7 @@ static bool api_samr_QueryDomainInfo(str + + r->out.result = _samr_QueryDomainInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -752,7 +752,7 @@ static bool api_samr_SetDomainInfo(struc + + r->out.result = _samr_SetDomainInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -838,7 +838,7 @@ static bool api_samr_CreateDomainGroup(s + + r->out.result = _samr_CreateDomainGroup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -925,7 +925,7 @@ static bool api_samr_EnumDomainGroups(st + + r->out.result = _samr_EnumDomainGroups(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1011,7 +1011,7 @@ static bool api_samr_CreateUser(struct p + + r->out.result = _samr_CreateUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1098,7 +1098,7 @@ static bool api_samr_EnumDomainUsers(str + + r->out.result = _samr_EnumDomainUsers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1184,7 +1184,7 @@ static bool api_samr_CreateDomAlias(stru + + r->out.result = _samr_CreateDomAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1271,7 +1271,7 @@ static bool api_samr_EnumDomainAliases(s + + r->out.result = _samr_EnumDomainAliases(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1351,7 +1351,7 @@ static bool api_samr_GetAliasMembership( + + r->out.result = _samr_GetAliasMembership(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1437,7 +1437,7 @@ static bool api_samr_LookupNames(struct + + r->out.result = _samr_LookupNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1523,7 +1523,7 @@ static bool api_samr_LookupRids(struct p + + r->out.result = _samr_LookupRids(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1603,7 +1603,7 @@ static bool api_samr_OpenGroup(struct pi + + r->out.result = _samr_OpenGroup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1683,7 +1683,7 @@ static bool api_samr_QueryGroupInfo(stru + + r->out.result = _samr_QueryGroupInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1756,7 +1756,7 @@ static bool api_samr_SetGroupInfo(struct + + r->out.result = _samr_SetGroupInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1829,7 +1829,7 @@ static bool api_samr_AddGroupMember(stru + + r->out.result = _samr_AddGroupMember(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1904,7 +1904,7 @@ static bool api_samr_DeleteDomainGroup(s + r->out.group_handle = r->in.group_handle; + r->out.result = _samr_DeleteDomainGroup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1977,7 +1977,7 @@ static bool api_samr_DeleteGroupMember(s + + r->out.result = _samr_DeleteGroupMember(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2057,7 +2057,7 @@ static bool api_samr_QueryGroupMember(st + + r->out.result = _samr_QueryGroupMember(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2130,7 +2130,7 @@ static bool api_samr_SetMemberAttributes + + r->out.result = _samr_SetMemberAttributesOfGroup(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2210,7 +2210,7 @@ static bool api_samr_OpenAlias(struct pi + + r->out.result = _samr_OpenAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2290,7 +2290,7 @@ static bool api_samr_QueryAliasInfo(stru + + r->out.result = _samr_QueryAliasInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2363,7 +2363,7 @@ static bool api_samr_SetAliasInfo(struct + + r->out.result = _samr_SetAliasInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2438,7 +2438,7 @@ static bool api_samr_DeleteDomAlias(stru + r->out.alias_handle = r->in.alias_handle; + r->out.result = _samr_DeleteDomAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2511,7 +2511,7 @@ static bool api_samr_AddAliasMember(stru + + r->out.result = _samr_AddAliasMember(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2584,7 +2584,7 @@ static bool api_samr_DeleteAliasMember(s + + r->out.result = _samr_DeleteAliasMember(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2664,7 +2664,7 @@ static bool api_samr_GetMembersInAlias(s + + r->out.result = _samr_GetMembersInAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2744,7 +2744,7 @@ static bool api_samr_OpenUser(struct pip + + r->out.result = _samr_OpenUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2819,7 +2819,7 @@ static bool api_samr_DeleteUser(struct p + r->out.user_handle = r->in.user_handle; + r->out.result = _samr_DeleteUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2899,7 +2899,7 @@ static bool api_samr_QueryUserInfo(struc + + r->out.result = _samr_QueryUserInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2972,7 +2972,7 @@ static bool api_samr_SetUserInfo(struct + + r->out.result = _samr_SetUserInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3045,7 +3045,7 @@ static bool api_samr_ChangePasswordUser( + + r->out.result = _samr_ChangePasswordUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3125,7 +3125,7 @@ static bool api_samr_GetGroupsForUser(st + + r->out.result = _samr_GetGroupsForUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3217,7 +3217,7 @@ static bool api_samr_QueryDisplayInfo(st + + r->out.result = _samr_QueryDisplayInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3297,7 +3297,7 @@ static bool api_samr_GetDisplayEnumerati + + r->out.result = _samr_GetDisplayEnumerationIndex(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3370,7 +3370,7 @@ static bool api_samr_TestPrivateFunction + + r->out.result = _samr_TestPrivateFunctionsDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3443,7 +3443,7 @@ static bool api_samr_TestPrivateFunction + + r->out.result = _samr_TestPrivateFunctionsUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3523,7 +3523,7 @@ static bool api_samr_GetUserPwInfo(struc + + r->out.result = _samr_GetUserPwInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3596,7 +3596,7 @@ static bool api_samr_RemoveMemberFromFor + + r->out.result = _samr_RemoveMemberFromForeignDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3676,7 +3676,7 @@ static bool api_samr_QueryDomainInfo2(st + + r->out.result = _samr_QueryDomainInfo2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3756,7 +3756,7 @@ static bool api_samr_QueryUserInfo2(stru + + r->out.result = _samr_QueryUserInfo2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3848,7 +3848,7 @@ static bool api_samr_QueryDisplayInfo2(s + + r->out.result = _samr_QueryDisplayInfo2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3928,7 +3928,7 @@ static bool api_samr_GetDisplayEnumerati + + r->out.result = _samr_GetDisplayEnumerationIndex2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4020,7 +4020,7 @@ static bool api_samr_CreateUser2(struct + + r->out.result = _samr_CreateUser2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4112,7 +4112,7 @@ static bool api_samr_QueryDisplayInfo3(s + + r->out.result = _samr_QueryDisplayInfo3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4185,7 +4185,7 @@ static bool api_samr_AddMultipleMembersT + + r->out.result = _samr_AddMultipleMembersToAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4258,7 +4258,7 @@ static bool api_samr_RemoveMultipleMembe + + r->out.result = _samr_RemoveMultipleMembersFromAlias(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4331,7 +4331,7 @@ static bool api_samr_OemChangePasswordUs + + r->out.result = _samr_OemChangePasswordUser2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4404,7 +4404,7 @@ static bool api_samr_ChangePasswordUser2 + + r->out.result = _samr_ChangePasswordUser2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4484,7 +4484,7 @@ static bool api_samr_GetDomPwInfo(struct + + r->out.result = _samr_GetDomPwInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4564,7 +4564,7 @@ static bool api_samr_Connect2(struct pip + + r->out.result = _samr_Connect2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4637,7 +4637,7 @@ static bool api_samr_SetUserInfo2(struct + + r->out.result = _samr_SetUserInfo2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4710,7 +4710,7 @@ static bool api_samr_SetBootKeyInformati + + r->out.result = _samr_SetBootKeyInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4790,7 +4790,7 @@ static bool api_samr_GetBootKeyInformati + + r->out.result = _samr_GetBootKeyInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4870,7 +4870,7 @@ static bool api_samr_Connect3(struct pip + + r->out.result = _samr_Connect3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4950,7 +4950,7 @@ static bool api_samr_Connect4(struct pip + + r->out.result = _samr_Connect4(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5036,7 +5036,7 @@ static bool api_samr_ChangePasswordUser3 + + r->out.result = _samr_ChangePasswordUser3(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5128,7 +5128,7 @@ static bool api_samr_Connect5(struct pip + + r->out.result = _samr_Connect5(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5208,7 +5208,7 @@ static bool api_samr_RidToSid(struct pip + + r->out.result = _samr_RidToSid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5281,7 +5281,7 @@ static bool api_samr_SetDsrmPassword(str + + r->out.result = _samr_SetDsrmPassword(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5361,7 +5361,7 @@ static bool api_samr_ValidatePassword(st + + r->out.result = _samr_ValidatePassword(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_scerpc.c ++++ b/source3/librpc/gen_ndr/srv_scerpc.c +@@ -44,7 +44,7 @@ static bool api_scerpc_Unknown0(struct p + + r->out.result = _scerpc_Unknown0(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_spoolss.c ++++ b/source3/librpc/gen_ndr/srv_spoolss.c +@@ -63,7 +63,7 @@ static bool api_spoolss_EnumPrinters(str + + r->out.result = _spoolss_EnumPrinters(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -143,7 +143,7 @@ static bool api_spoolss_OpenPrinter(stru + + r->out.result = _spoolss_OpenPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -216,7 +216,7 @@ static bool api_spoolss_SetJob(struct pi + + r->out.result = _spoolss_SetJob(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -302,7 +302,7 @@ static bool api_spoolss_GetJob(struct pi + + r->out.result = _spoolss_GetJob(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -394,7 +394,7 @@ static bool api_spoolss_EnumJobs(struct + + r->out.result = _spoolss_EnumJobs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -474,7 +474,7 @@ static bool api_spoolss_AddPrinter(struc + + r->out.result = _spoolss_AddPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -547,7 +547,7 @@ static bool api_spoolss_DeletePrinter(st + + r->out.result = _spoolss_DeletePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -620,7 +620,7 @@ static bool api_spoolss_SetPrinter(struc + + r->out.result = _spoolss_SetPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -706,7 +706,7 @@ static bool api_spoolss_GetPrinter(struc + + r->out.result = _spoolss_GetPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -779,7 +779,7 @@ static bool api_spoolss_AddPrinterDriver + + r->out.result = _spoolss_AddPrinterDriver(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -871,7 +871,7 @@ static bool api_spoolss_EnumPrinterDrive + + r->out.result = _spoolss_EnumPrinterDrivers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -957,7 +957,7 @@ static bool api_spoolss_GetPrinterDriver + + r->out.result = _spoolss_GetPrinterDriver(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1043,7 +1043,7 @@ static bool api_spoolss_GetPrinterDriver + + r->out.result = _spoolss_GetPrinterDriverDirectory(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1116,7 +1116,7 @@ static bool api_spoolss_DeletePrinterDri + + r->out.result = _spoolss_DeletePrinterDriver(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1189,7 +1189,7 @@ static bool api_spoolss_AddPrintProcesso + + r->out.result = _spoolss_AddPrintProcessor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1281,7 +1281,7 @@ static bool api_spoolss_EnumPrintProcess + + r->out.result = _spoolss_EnumPrintProcessors(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1367,7 +1367,7 @@ static bool api_spoolss_GetPrintProcesso + + r->out.result = _spoolss_GetPrintProcessorDirectory(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1447,7 +1447,7 @@ static bool api_spoolss_StartDocPrinter( + + r->out.result = _spoolss_StartDocPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1520,7 +1520,7 @@ static bool api_spoolss_StartPagePrinter + + r->out.result = _spoolss_StartPagePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1600,7 +1600,7 @@ static bool api_spoolss_WritePrinter(str + + r->out.result = _spoolss_WritePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1673,7 +1673,7 @@ static bool api_spoolss_EndPagePrinter(s + + r->out.result = _spoolss_EndPagePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1746,7 +1746,7 @@ static bool api_spoolss_AbortPrinter(str + + r->out.result = _spoolss_AbortPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1832,7 +1832,7 @@ static bool api_spoolss_ReadPrinter(stru + + r->out.result = _spoolss_ReadPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1905,7 +1905,7 @@ static bool api_spoolss_EndDocPrinter(st + + r->out.result = _spoolss_EndDocPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1986,7 +1986,7 @@ static bool api_spoolss_AddJob(struct pi + + r->out.result = _spoolss_AddJob(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2059,7 +2059,7 @@ static bool api_spoolss_ScheduleJob(stru + + r->out.result = _spoolss_ScheduleJob(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2151,7 +2151,7 @@ static bool api_spoolss_GetPrinterData(s + + r->out.result = _spoolss_GetPrinterData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2224,7 +2224,7 @@ static bool api_spoolss_SetPrinterData(s + + r->out.result = _spoolss_SetPrinterData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2297,7 +2297,7 @@ static bool api_spoolss_WaitForPrinterCh + + r->out.result = _spoolss_WaitForPrinterChange(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2372,7 +2372,7 @@ static bool api_spoolss_ClosePrinter(str + r->out.handle = r->in.handle; + r->out.result = _spoolss_ClosePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2445,7 +2445,7 @@ static bool api_spoolss_AddForm(struct p + + r->out.result = _spoolss_AddForm(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2518,7 +2518,7 @@ static bool api_spoolss_DeleteForm(struc + + r->out.result = _spoolss_DeleteForm(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2604,7 +2604,7 @@ static bool api_spoolss_GetForm(struct p + + r->out.result = _spoolss_GetForm(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2677,7 +2677,7 @@ static bool api_spoolss_SetForm(struct p + + r->out.result = _spoolss_SetForm(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2769,7 +2769,7 @@ static bool api_spoolss_EnumForms(struct + + r->out.result = _spoolss_EnumForms(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2861,7 +2861,7 @@ static bool api_spoolss_EnumPorts(struct + + r->out.result = _spoolss_EnumPorts(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2953,7 +2953,7 @@ static bool api_spoolss_EnumMonitors(str + + r->out.result = _spoolss_EnumMonitors(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3026,7 +3026,7 @@ static bool api_spoolss_AddPort(struct p + + r->out.result = _spoolss_AddPort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3099,7 +3099,7 @@ static bool api_spoolss_ConfigurePort(st + + r->out.result = _spoolss_ConfigurePort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3172,7 +3172,7 @@ static bool api_spoolss_DeletePort(struc + + r->out.result = _spoolss_DeletePort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3252,7 +3252,7 @@ static bool api_spoolss_CreatePrinterIC( + + r->out.result = _spoolss_CreatePrinterIC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3325,7 +3325,7 @@ static bool api_spoolss_PlayGDIScriptOnP + + r->out.result = _spoolss_PlayGDIScriptOnPrinterIC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3400,7 +3400,7 @@ static bool api_spoolss_DeletePrinterIC( + r->out.gdi_handle = r->in.gdi_handle; + r->out.result = _spoolss_DeletePrinterIC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3473,7 +3473,7 @@ static bool api_spoolss_AddPrinterConnec + + r->out.result = _spoolss_AddPrinterConnection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3546,7 +3546,7 @@ static bool api_spoolss_DeletePrinterCon + + r->out.result = _spoolss_DeletePrinterConnection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3619,7 +3619,7 @@ static bool api_spoolss_PrinterMessageBo + + r->out.result = _spoolss_PrinterMessageBox(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3692,7 +3692,7 @@ static bool api_spoolss_AddMonitor(struc + + r->out.result = _spoolss_AddMonitor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3765,7 +3765,7 @@ static bool api_spoolss_DeleteMonitor(st + + r->out.result = _spoolss_DeleteMonitor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3838,7 +3838,7 @@ static bool api_spoolss_DeletePrintProce + + r->out.result = _spoolss_DeletePrintProcessor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3911,7 +3911,7 @@ static bool api_spoolss_AddPrintProvidor + + r->out.result = _spoolss_AddPrintProvidor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3984,7 +3984,7 @@ static bool api_spoolss_DeletePrintProvi + + r->out.result = _spoolss_DeletePrintProvidor(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4076,7 +4076,7 @@ static bool api_spoolss_EnumPrintProcDat + + r->out.result = _spoolss_EnumPrintProcDataTypes(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4149,7 +4149,7 @@ static bool api_spoolss_ResetPrinter(str + + r->out.result = _spoolss_ResetPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4247,7 +4247,7 @@ static bool api_spoolss_GetPrinterDriver + + r->out.result = _spoolss_GetPrinterDriver2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4320,7 +4320,7 @@ static bool api_spoolss_FindFirstPrinter + + r->out.result = _spoolss_FindFirstPrinterChangeNotification(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4393,7 +4393,7 @@ static bool api_spoolss_FindNextPrinterC + + r->out.result = _spoolss_FindNextPrinterChangeNotification(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4466,7 +4466,7 @@ static bool api_spoolss_FindClosePrinter + + r->out.result = _spoolss_FindClosePrinterNotify(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4539,7 +4539,7 @@ static bool api_spoolss_RouterFindFirstP + + r->out.result = _spoolss_RouterFindFirstPrinterChangeNotificationOld(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4619,7 +4619,7 @@ static bool api_spoolss_ReplyOpenPrinter + + r->out.result = _spoolss_ReplyOpenPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4692,7 +4692,7 @@ static bool api_spoolss_RouterReplyPrint + + r->out.result = _spoolss_RouterReplyPrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4767,7 +4767,7 @@ static bool api_spoolss_ReplyClosePrinte + r->out.handle = r->in.handle; + r->out.result = _spoolss_ReplyClosePrinter(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4840,7 +4840,7 @@ static bool api_spoolss_AddPortEx(struct + + r->out.result = _spoolss_AddPortEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4913,7 +4913,7 @@ static bool api_spoolss_RouterFindFirstP + + r->out.result = _spoolss_RouterFindFirstPrinterChangeNotification(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4986,7 +4986,7 @@ static bool api_spoolss_SpoolerInit(stru + + r->out.result = _spoolss_SpoolerInit(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5059,7 +5059,7 @@ static bool api_spoolss_ResetPrinterEx(s + + r->out.result = _spoolss_ResetPrinterEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5132,7 +5132,7 @@ static bool api_spoolss_RemoteFindFirstP + + r->out.result = _spoolss_RemoteFindFirstPrinterChangeNotifyEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5212,7 +5212,7 @@ static bool api_spoolss_RouterReplyPrint + + r->out.result = _spoolss_RouterReplyPrinterEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5292,7 +5292,7 @@ static bool api_spoolss_RouterRefreshPri + + r->out.result = _spoolss_RouterRefreshPrinterChangeNotify(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5365,7 +5365,7 @@ static bool api_spoolss_44(struct pipes_ + + r->out.result = _spoolss_44(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5445,7 +5445,7 @@ static bool api_spoolss_OpenPrinterEx(st + + r->out.result = _spoolss_OpenPrinterEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5525,7 +5525,7 @@ static bool api_spoolss_AddPrinterEx(str + + r->out.result = _spoolss_AddPrinterEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5598,7 +5598,7 @@ static bool api_spoolss_SetPort(struct p + + r->out.result = _spoolss_SetPort(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5702,7 +5702,7 @@ static bool api_spoolss_EnumPrinterData( + + r->out.result = _spoolss_EnumPrinterData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5775,7 +5775,7 @@ static bool api_spoolss_DeletePrinterDat + + r->out.result = _spoolss_DeletePrinterData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5848,7 +5848,7 @@ static bool api_spoolss_4a(struct pipes_ + + r->out.result = _spoolss_4a(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5921,7 +5921,7 @@ static bool api_spoolss_4b(struct pipes_ + + r->out.result = _spoolss_4b(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -5994,7 +5994,7 @@ static bool api_spoolss_4c(struct pipes_ + + r->out.result = _spoolss_4c(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6067,7 +6067,7 @@ static bool api_spoolss_SetPrinterDataEx + + r->out.result = _spoolss_SetPrinterDataEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6159,7 +6159,7 @@ static bool api_spoolss_GetPrinterDataEx + + r->out.result = _spoolss_GetPrinterDataEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6251,7 +6251,7 @@ static bool api_spoolss_EnumPrinterDataE + + r->out.result = _spoolss_EnumPrinterDataEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6343,7 +6343,7 @@ static bool api_spoolss_EnumPrinterKey(s + + r->out.result = _spoolss_EnumPrinterKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6416,7 +6416,7 @@ static bool api_spoolss_DeletePrinterDat + + r->out.result = _spoolss_DeletePrinterDataEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6489,7 +6489,7 @@ static bool api_spoolss_DeletePrinterKey + + r->out.result = _spoolss_DeletePrinterKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6562,7 +6562,7 @@ static bool api_spoolss_53(struct pipes_ + + r->out.result = _spoolss_53(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6635,7 +6635,7 @@ static bool api_spoolss_DeletePrinterDri + + r->out.result = _spoolss_DeletePrinterDriverEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6708,7 +6708,7 @@ static bool api_spoolss_AddPerMachineCon + + r->out.result = _spoolss_AddPerMachineConnection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6781,7 +6781,7 @@ static bool api_spoolss_DeletePerMachine + + r->out.result = _spoolss_DeletePerMachineConnection(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6854,7 +6854,7 @@ static bool api_spoolss_EnumPerMachineCo + + r->out.result = _spoolss_EnumPerMachineConnections(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -6941,7 +6941,7 @@ static bool api_spoolss_XcvData(struct p + + r->out.result = _spoolss_XcvData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7014,7 +7014,7 @@ static bool api_spoolss_AddPrinterDriver + + r->out.result = _spoolss_AddPrinterDriverEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7087,7 +7087,7 @@ static bool api_spoolss_5a(struct pipes_ + + r->out.result = _spoolss_5a(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7160,7 +7160,7 @@ static bool api_spoolss_5b(struct pipes_ + + r->out.result = _spoolss_5b(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7233,7 +7233,7 @@ static bool api_spoolss_5c(struct pipes_ + + r->out.result = _spoolss_5c(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7306,7 +7306,7 @@ static bool api_spoolss_5d(struct pipes_ + + r->out.result = _spoolss_5d(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7379,7 +7379,7 @@ static bool api_spoolss_5e(struct pipes_ + + r->out.result = _spoolss_5e(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7452,7 +7452,7 @@ static bool api_spoolss_5f(struct pipes_ + + r->out.result = _spoolss_5f(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7525,7 +7525,7 @@ static bool api_spoolss_60(struct pipes_ + + r->out.result = _spoolss_60(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7598,7 +7598,7 @@ static bool api_spoolss_61(struct pipes_ + + r->out.result = _spoolss_61(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7671,7 +7671,7 @@ static bool api_spoolss_62(struct pipes_ + + r->out.result = _spoolss_62(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7744,7 +7744,7 @@ static bool api_spoolss_63(struct pipes_ + + r->out.result = _spoolss_63(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7817,7 +7817,7 @@ static bool api_spoolss_64(struct pipes_ + + r->out.result = _spoolss_64(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7890,7 +7890,7 @@ static bool api_spoolss_65(struct pipes_ + + r->out.result = _spoolss_65(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -7970,7 +7970,7 @@ static bool api_spoolss_GetCorePrinterDr + + r->out.result = _spoolss_GetCorePrinterDrivers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8043,7 +8043,7 @@ static bool api_spoolss_67(struct pipes_ + + r->out.result = _spoolss_67(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8124,7 +8124,7 @@ static bool api_spoolss_GetPrinterDriver + + r->out.result = _spoolss_GetPrinterDriverPackagePath(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8197,7 +8197,7 @@ static bool api_spoolss_69(struct pipes_ + + r->out.result = _spoolss_69(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8270,7 +8270,7 @@ static bool api_spoolss_6a(struct pipes_ + + r->out.result = _spoolss_6a(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8343,7 +8343,7 @@ static bool api_spoolss_6b(struct pipes_ + + r->out.result = _spoolss_6b(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8416,7 +8416,7 @@ static bool api_spoolss_6c(struct pipes_ + + r->out.result = _spoolss_6c(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -8489,7 +8489,7 @@ static bool api_spoolss_6d(struct pipes_ + + r->out.result = _spoolss_6d(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_srvsvc.c ++++ b/source3/librpc/gen_ndr/srv_srvsvc.c +@@ -53,7 +53,7 @@ static bool api_srvsvc_NetCharDevEnum(st + + r->out.result = _srvsvc_NetCharDevEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -133,7 +133,7 @@ static bool api_srvsvc_NetCharDevGetInfo + + r->out.result = _srvsvc_NetCharDevGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -206,7 +206,7 @@ static bool api_srvsvc_NetCharDevControl + + r->out.result = _srvsvc_NetCharDevControl(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -288,7 +288,7 @@ static bool api_srvsvc_NetCharDevQEnum(s + + r->out.result = _srvsvc_NetCharDevQEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -368,7 +368,7 @@ static bool api_srvsvc_NetCharDevQGetInf + + r->out.result = _srvsvc_NetCharDevQGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -443,7 +443,7 @@ static bool api_srvsvc_NetCharDevQSetInf + r->out.parm_error = r->in.parm_error; + r->out.result = _srvsvc_NetCharDevQSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -516,7 +516,7 @@ static bool api_srvsvc_NetCharDevQPurge( + + r->out.result = _srvsvc_NetCharDevQPurge(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -589,7 +589,7 @@ static bool api_srvsvc_NetCharDevQPurgeS + + r->out.result = _srvsvc_NetCharDevQPurgeSelf(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -671,7 +671,7 @@ static bool api_srvsvc_NetConnEnum(struc + + r->out.result = _srvsvc_NetConnEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -753,7 +753,7 @@ static bool api_srvsvc_NetFileEnum(struc + + r->out.result = _srvsvc_NetFileEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -833,7 +833,7 @@ static bool api_srvsvc_NetFileGetInfo(st + + r->out.result = _srvsvc_NetFileGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -906,7 +906,7 @@ static bool api_srvsvc_NetFileClose(stru + + r->out.result = _srvsvc_NetFileClose(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -988,7 +988,7 @@ static bool api_srvsvc_NetSessEnum(struc + + r->out.result = _srvsvc_NetSessEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1061,7 +1061,7 @@ static bool api_srvsvc_NetSessDel(struct + + r->out.result = _srvsvc_NetSessDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1136,7 +1136,7 @@ static bool api_srvsvc_NetShareAdd(struc + r->out.parm_error = r->in.parm_error; + r->out.result = _srvsvc_NetShareAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1218,7 +1218,7 @@ static bool api_srvsvc_NetShareEnumAll(s + + r->out.result = _srvsvc_NetShareEnumAll(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1298,7 +1298,7 @@ static bool api_srvsvc_NetShareGetInfo(s + + r->out.result = _srvsvc_NetShareGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1373,7 +1373,7 @@ static bool api_srvsvc_NetShareSetInfo(s + r->out.parm_error = r->in.parm_error; + r->out.result = _srvsvc_NetShareSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1446,7 +1446,7 @@ static bool api_srvsvc_NetShareDel(struc + + r->out.result = _srvsvc_NetShareDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1519,7 +1519,7 @@ static bool api_srvsvc_NetShareDelSticky + + r->out.result = _srvsvc_NetShareDelSticky(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1599,7 +1599,7 @@ static bool api_srvsvc_NetShareCheck(str + + r->out.result = _srvsvc_NetShareCheck(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1679,7 +1679,7 @@ static bool api_srvsvc_NetSrvGetInfo(str + + r->out.result = _srvsvc_NetSrvGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1754,7 +1754,7 @@ static bool api_srvsvc_NetSrvSetInfo(str + r->out.parm_error = r->in.parm_error; + r->out.result = _srvsvc_NetSrvSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1836,7 +1836,7 @@ static bool api_srvsvc_NetDiskEnum(struc + + r->out.result = _srvsvc_NetDiskEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1916,7 +1916,7 @@ static bool api_srvsvc_NetServerStatisti + + r->out.result = _srvsvc_NetServerStatisticsGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1989,7 +1989,7 @@ static bool api_srvsvc_NetTransportAdd(s + + r->out.result = _srvsvc_NetTransportAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2071,7 +2071,7 @@ static bool api_srvsvc_NetTransportEnum( + + r->out.result = _srvsvc_NetTransportEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2144,7 +2144,7 @@ static bool api_srvsvc_NetTransportDel(s + + r->out.result = _srvsvc_NetTransportDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2224,7 +2224,7 @@ static bool api_srvsvc_NetRemoteTOD(stru + + r->out.result = _srvsvc_NetRemoteTOD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2297,7 +2297,7 @@ static bool api_srvsvc_NetSetServiceBits + + r->out.result = _srvsvc_NetSetServiceBits(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2377,7 +2377,7 @@ static bool api_srvsvc_NetPathType(struc + + r->out.result = _srvsvc_NetPathType(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2458,7 +2458,7 @@ static bool api_srvsvc_NetPathCanonicali + + r->out.result = _srvsvc_NetPathCanonicalize(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2531,7 +2531,7 @@ static bool api_srvsvc_NetPathCompare(st + + r->out.result = _srvsvc_NetPathCompare(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2604,7 +2604,7 @@ static bool api_srvsvc_NetNameValidate(s + + r->out.result = _srvsvc_NetNameValidate(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2677,7 +2677,7 @@ static bool api_srvsvc_NETRPRNAMECANONIC + + r->out.result = _srvsvc_NETRPRNAMECANONICALIZE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2750,7 +2750,7 @@ static bool api_srvsvc_NetPRNameCompare( + + r->out.result = _srvsvc_NetPRNameCompare(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2832,7 +2832,7 @@ static bool api_srvsvc_NetShareEnum(stru + + r->out.result = _srvsvc_NetShareEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2912,7 +2912,7 @@ static bool api_srvsvc_NetShareDelStart( + + r->out.result = _srvsvc_NetShareDelStart(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2987,7 +2987,7 @@ static bool api_srvsvc_NetShareDelCommit + r->out.hnd = r->in.hnd; + r->out.result = _srvsvc_NetShareDelCommit(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3067,7 +3067,7 @@ static bool api_srvsvc_NetGetFileSecurit + + r->out.result = _srvsvc_NetGetFileSecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3140,7 +3140,7 @@ static bool api_srvsvc_NetSetFileSecurit + + r->out.result = _srvsvc_NetSetFileSecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3213,7 +3213,7 @@ static bool api_srvsvc_NetServerTranspor + + r->out.result = _srvsvc_NetServerTransportAddEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3286,7 +3286,7 @@ static bool api_srvsvc_NetServerSetServi + + r->out.result = _srvsvc_NetServerSetServiceBitsEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3359,7 +3359,7 @@ static bool api_srvsvc_NETRDFSGETVERSION + + r->out.result = _srvsvc_NETRDFSGETVERSION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3432,7 +3432,7 @@ static bool api_srvsvc_NETRDFSCREATELOCA + + r->out.result = _srvsvc_NETRDFSCREATELOCALPARTITION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3505,7 +3505,7 @@ static bool api_srvsvc_NETRDFSDELETELOCA + + r->out.result = _srvsvc_NETRDFSDELETELOCALPARTITION(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3578,7 +3578,7 @@ static bool api_srvsvc_NETRDFSSETLOCALVO + + r->out.result = _srvsvc_NETRDFSSETLOCALVOLUMESTATE(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3651,7 +3651,7 @@ static bool api_srvsvc_NETRDFSSETSERVERI + + r->out.result = _srvsvc_NETRDFSSETSERVERINFO(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3724,7 +3724,7 @@ static bool api_srvsvc_NETRDFSCREATEEXIT + + r->out.result = _srvsvc_NETRDFSCREATEEXITPOINT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3797,7 +3797,7 @@ static bool api_srvsvc_NETRDFSDELETEEXIT + + r->out.result = _srvsvc_NETRDFSDELETEEXITPOINT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3870,7 +3870,7 @@ static bool api_srvsvc_NETRDFSMODIFYPREF + + r->out.result = _srvsvc_NETRDFSMODIFYPREFIX(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3943,7 +3943,7 @@ static bool api_srvsvc_NETRDFSFIXLOCALVO + + r->out.result = _srvsvc_NETRDFSFIXLOCALVOLUME(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4016,7 +4016,7 @@ static bool api_srvsvc_NETRDFSMANAGERREP + + r->out.result = _srvsvc_NETRDFSMANAGERREPORTSITEINFO(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4089,7 +4089,7 @@ static bool api_srvsvc_NETRSERVERTRANSPO + + r->out.result = _srvsvc_NETRSERVERTRANSPORTDELEX(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_svcctl.c ++++ b/source3/librpc/gen_ndr/srv_svcctl.c +@@ -46,7 +46,7 @@ static bool api_svcctl_CloseServiceHandl + r->out.handle = r->in.handle; + r->out.result = _svcctl_CloseServiceHandle(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -126,7 +126,7 @@ static bool api_svcctl_ControlService(st + + r->out.result = _svcctl_ControlService(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -199,7 +199,7 @@ static bool api_svcctl_DeleteService(str + + r->out.result = _svcctl_DeleteService(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -279,7 +279,7 @@ static bool api_svcctl_LockServiceDataba + + r->out.result = _svcctl_LockServiceDatabase(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -365,7 +365,7 @@ static bool api_svcctl_QueryServiceObjec + + r->out.result = _svcctl_QueryServiceObjectSecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -438,7 +438,7 @@ static bool api_svcctl_SetServiceObjectS + + r->out.result = _svcctl_SetServiceObjectSecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -518,7 +518,7 @@ static bool api_svcctl_QueryServiceStatu + + r->out.result = _svcctl_QueryServiceStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -591,7 +591,7 @@ static bool api_svcctl_SetServiceStatus( + + r->out.result = _svcctl_SetServiceStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -666,7 +666,7 @@ static bool api_svcctl_UnlockServiceData + r->out.lock = r->in.lock; + r->out.result = _svcctl_UnlockServiceDatabase(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -739,7 +739,7 @@ static bool api_svcctl_NotifyBootConfigS + + r->out.result = _svcctl_NotifyBootConfigStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -812,7 +812,7 @@ static bool api_svcctl_SCSetServiceBitsW + + r->out.result = _svcctl_SCSetServiceBitsW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -892,7 +892,7 @@ static bool api_svcctl_ChangeServiceConf + + r->out.result = _svcctl_ChangeServiceConfigW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -973,7 +973,7 @@ static bool api_svcctl_CreateServiceW(st + + r->out.result = _svcctl_CreateServiceW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1065,7 +1065,7 @@ static bool api_svcctl_EnumDependentServ + + r->out.result = _svcctl_EnumDependentServicesW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1158,7 +1158,7 @@ static bool api_svcctl_EnumServicesStatu + + r->out.result = _svcctl_EnumServicesStatusW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1238,7 +1238,7 @@ static bool api_svcctl_OpenSCManagerW(st + + r->out.result = _svcctl_OpenSCManagerW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1318,7 +1318,7 @@ static bool api_svcctl_OpenServiceW(stru + + r->out.result = _svcctl_OpenServiceW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1404,7 +1404,7 @@ static bool api_svcctl_QueryServiceConfi + + r->out.result = _svcctl_QueryServiceConfigW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1490,7 +1490,7 @@ static bool api_svcctl_QueryServiceLockS + + r->out.result = _svcctl_QueryServiceLockStatusW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1563,7 +1563,7 @@ static bool api_svcctl_StartServiceW(str + + r->out.result = _svcctl_StartServiceW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1644,7 +1644,7 @@ static bool api_svcctl_GetServiceDisplay + + r->out.result = _svcctl_GetServiceDisplayNameW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1725,7 +1725,7 @@ static bool api_svcctl_GetServiceKeyName + + r->out.result = _svcctl_GetServiceKeyNameW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1798,7 +1798,7 @@ static bool api_svcctl_SCSetServiceBitsA + + r->out.result = _svcctl_SCSetServiceBitsA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1878,7 +1878,7 @@ static bool api_svcctl_ChangeServiceConf + + r->out.result = _svcctl_ChangeServiceConfigA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1958,7 +1958,7 @@ static bool api_svcctl_CreateServiceA(st + + r->out.result = _svcctl_CreateServiceA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2050,7 +2050,7 @@ static bool api_svcctl_EnumDependentServ + + r->out.result = _svcctl_EnumDependentServicesA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2143,7 +2143,7 @@ static bool api_svcctl_EnumServicesStatu + + r->out.result = _svcctl_EnumServicesStatusA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2223,7 +2223,7 @@ static bool api_svcctl_OpenSCManagerA(st + + r->out.result = _svcctl_OpenSCManagerA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2296,7 +2296,7 @@ static bool api_svcctl_OpenServiceA(stru + + r->out.result = _svcctl_OpenServiceA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2382,7 +2382,7 @@ static bool api_svcctl_QueryServiceConfi + + r->out.result = _svcctl_QueryServiceConfigA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2468,7 +2468,7 @@ static bool api_svcctl_QueryServiceLockS + + r->out.result = _svcctl_QueryServiceLockStatusA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2541,7 +2541,7 @@ static bool api_svcctl_StartServiceA(str + + r->out.result = _svcctl_StartServiceA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2622,7 +2622,7 @@ static bool api_svcctl_GetServiceDisplay + + r->out.result = _svcctl_GetServiceDisplayNameA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2703,7 +2703,7 @@ static bool api_svcctl_GetServiceKeyName + + r->out.result = _svcctl_GetServiceKeyNameA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2776,7 +2776,7 @@ static bool api_svcctl_GetCurrentGroupeS + + r->out.result = _svcctl_GetCurrentGroupeStateW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2849,7 +2849,7 @@ static bool api_svcctl_EnumServiceGroupW + + r->out.result = _svcctl_EnumServiceGroupW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2922,7 +2922,7 @@ static bool api_svcctl_ChangeServiceConf + + r->out.result = _svcctl_ChangeServiceConfig2A(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2995,7 +2995,7 @@ static bool api_svcctl_ChangeServiceConf + + r->out.result = _svcctl_ChangeServiceConfig2W(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3081,7 +3081,7 @@ static bool api_svcctl_QueryServiceConfi + + r->out.result = _svcctl_QueryServiceConfig2A(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3167,7 +3167,7 @@ static bool api_svcctl_QueryServiceConfi + + r->out.result = _svcctl_QueryServiceConfig2W(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3253,7 +3253,7 @@ static bool api_svcctl_QueryServiceStatu + + r->out.result = _svcctl_QueryServiceStatusEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3352,7 +3352,7 @@ static bool api_EnumServicesStatusExA(st + + r->out.result = _EnumServicesStatusExA(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3445,7 +3445,7 @@ static bool api_EnumServicesStatusExW(st + + r->out.result = _EnumServicesStatusExW(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3518,7 +3518,7 @@ static bool api_svcctl_SCSendTSMessage(s + + r->out.result = _svcctl_SCSendTSMessage(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_trkwks.c ++++ b/source3/librpc/gen_ndr/srv_trkwks.c +@@ -44,7 +44,7 @@ static bool api_trkwks_Unknown0(struct p + + r->out.result = _trkwks_Unknown0(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_unixinfo.c ++++ b/source3/librpc/gen_ndr/srv_unixinfo.c +@@ -51,7 +51,7 @@ static bool api_unixinfo_SidToUid(struct + + r->out.result = _unixinfo_SidToUid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -131,7 +131,7 @@ static bool api_unixinfo_UidToSid(struct + + r->out.result = _unixinfo_UidToSid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -211,7 +211,7 @@ static bool api_unixinfo_SidToGid(struct + + r->out.result = _unixinfo_SidToGid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -291,7 +291,7 @@ static bool api_unixinfo_GidToSid(struct + + r->out.result = _unixinfo_GidToSid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -372,7 +372,7 @@ static bool api_unixinfo_GetPWUid(struct + + r->out.result = _unixinfo_GetPWUid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_w32time.c ++++ b/source3/librpc/gen_ndr/srv_w32time.c +@@ -44,7 +44,7 @@ static bool api_w32time_SyncTime(struct + + r->out.result = _w32time_SyncTime(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_w32time_GetNetLogonServi + + r->out.result = _w32time_GetNetLogonServiceBits(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_w32time_QueryProviderSta + + r->out.result = _w32time_QueryProviderStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_wbint.c ++++ b/source3/librpc/gen_ndr/srv_wbint.c +@@ -51,7 +51,7 @@ static bool api_wbint_Ping(struct pipes_ + + _wbint_Ping(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -143,7 +143,7 @@ static bool api_wbint_LookupSid(struct p + + r->out.result = _wbint_LookupSid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -229,7 +229,7 @@ static bool api_wbint_LookupSids(struct + + r->out.result = _wbint_LookupSids(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -315,7 +315,7 @@ static bool api_wbint_LookupName(struct + + r->out.result = _wbint_LookupName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -395,7 +395,7 @@ static bool api_wbint_Sid2Uid(struct pip + + r->out.result = _wbint_Sid2Uid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -475,7 +475,7 @@ static bool api_wbint_Sid2Gid(struct pip + + r->out.result = _wbint_Sid2Gid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -550,7 +550,7 @@ static bool api_wbint_Sids2UnixIDs(struc + r->out.ids = r->in.ids; + r->out.result = _wbint_Sids2UnixIDs(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -630,7 +630,7 @@ static bool api_wbint_Uid2Sid(struct pip + + r->out.result = _wbint_Uid2Sid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -710,7 +710,7 @@ static bool api_wbint_Gid2Sid(struct pip + + r->out.result = _wbint_Gid2Sid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -790,7 +790,7 @@ static bool api_wbint_AllocateUid(struct + + r->out.result = _wbint_AllocateUid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -870,7 +870,7 @@ static bool api_wbint_AllocateGid(struct + + r->out.result = _wbint_AllocateGid(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -950,7 +950,7 @@ static bool api_wbint_QueryUser(struct p + + r->out.result = _wbint_QueryUser(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1030,7 +1030,7 @@ static bool api_wbint_LookupUserAliases( + + r->out.result = _wbint_LookupUserAliases(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1110,7 +1110,7 @@ static bool api_wbint_LookupUserGroups(s + + r->out.result = _wbint_LookupUserGroups(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1190,7 +1190,7 @@ static bool api_wbint_QuerySequenceNumbe + + r->out.result = _wbint_QuerySequenceNumber(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1270,7 +1270,7 @@ static bool api_wbint_LookupGroupMembers + + r->out.result = _wbint_LookupGroupMembers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1350,7 +1350,7 @@ static bool api_wbint_QueryUserList(stru + + r->out.result = _wbint_QueryUserList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1430,7 +1430,7 @@ static bool api_wbint_QueryGroupList(str + + r->out.result = _wbint_QueryGroupList(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1510,7 +1510,7 @@ static bool api_wbint_DsGetDcName(struct + + r->out.result = _wbint_DsGetDcName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1596,7 +1596,7 @@ static bool api_wbint_LookupRids(struct + + r->out.result = _wbint_LookupRids(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1669,7 +1669,7 @@ static bool api_wbint_CheckMachineAccoun + + r->out.result = _wbint_CheckMachineAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1742,7 +1742,7 @@ static bool api_wbint_ChangeMachineAccou + + r->out.result = _wbint_ChangeMachineAccount(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1815,7 +1815,7 @@ static bool api_wbint_PingDc(struct pipe + + r->out.result = _wbint_PingDc(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_winreg.c ++++ b/source3/librpc/gen_ndr/srv_winreg.c +@@ -51,7 +51,7 @@ static bool api_winreg_OpenHKCR(struct p + + r->out.result = _winreg_OpenHKCR(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -131,7 +131,7 @@ static bool api_winreg_OpenHKCU(struct p + + r->out.result = _winreg_OpenHKCU(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -211,7 +211,7 @@ static bool api_winreg_OpenHKLM(struct p + + r->out.result = _winreg_OpenHKLM(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -291,7 +291,7 @@ static bool api_winreg_OpenHKPD(struct p + + r->out.result = _winreg_OpenHKPD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -371,7 +371,7 @@ static bool api_winreg_OpenHKU(struct pi + + r->out.result = _winreg_OpenHKU(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -446,7 +446,7 @@ static bool api_winreg_CloseKey(struct p + r->out.handle = r->in.handle; + r->out.result = _winreg_CloseKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -527,7 +527,7 @@ static bool api_winreg_CreateKey(struct + + r->out.result = _winreg_CreateKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -600,7 +600,7 @@ static bool api_winreg_DeleteKey(struct + + r->out.result = _winreg_DeleteKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -673,7 +673,7 @@ static bool api_winreg_DeleteValue(struc + + r->out.result = _winreg_DeleteValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -750,7 +750,7 @@ static bool api_winreg_EnumKey(struct pi + r->out.last_changed_time = r->in.last_changed_time; + r->out.result = _winreg_EnumKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -829,7 +829,7 @@ static bool api_winreg_EnumValue(struct + r->out.length = r->in.length; + r->out.result = _winreg_EnumValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -902,7 +902,7 @@ static bool api_winreg_FlushKey(struct p + + r->out.result = _winreg_FlushKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -977,7 +977,7 @@ static bool api_winreg_GetKeySecurity(st + r->out.sd = r->in.sd; + r->out.result = _winreg_GetKeySecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1050,7 +1050,7 @@ static bool api_winreg_LoadKey(struct pi + + r->out.result = _winreg_LoadKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1123,7 +1123,7 @@ static bool api_winreg_NotifyChangeKeyVa + + r->out.result = _winreg_NotifyChangeKeyValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1203,7 +1203,7 @@ static bool api_winreg_OpenKey(struct pi + + r->out.result = _winreg_OpenKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1326,7 +1326,7 @@ static bool api_winreg_QueryInfoKey(stru + + r->out.result = _winreg_QueryInfoKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1404,7 +1404,7 @@ static bool api_winreg_QueryValue(struct + r->out.data_length = r->in.data_length; + r->out.result = _winreg_QueryValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1477,7 +1477,7 @@ static bool api_winreg_ReplaceKey(struct + + r->out.result = _winreg_ReplaceKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1550,7 +1550,7 @@ static bool api_winreg_RestoreKey(struct + + r->out.result = _winreg_RestoreKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1623,7 +1623,7 @@ static bool api_winreg_SaveKey(struct pi + + r->out.result = _winreg_SaveKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1696,7 +1696,7 @@ static bool api_winreg_SetKeySecurity(st + + r->out.result = _winreg_SetKeySecurity(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1769,7 +1769,7 @@ static bool api_winreg_SetValue(struct p + + r->out.result = _winreg_SetValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1842,7 +1842,7 @@ static bool api_winreg_UnLoadKey(struct + + r->out.result = _winreg_UnLoadKey(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1915,7 +1915,7 @@ static bool api_winreg_InitiateSystemShu + + r->out.result = _winreg_InitiateSystemShutdown(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1988,7 +1988,7 @@ static bool api_winreg_AbortSystemShutdo + + r->out.result = _winreg_AbortSystemShutdown(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2068,7 +2068,7 @@ static bool api_winreg_GetVersion(struct + + r->out.result = _winreg_GetVersion(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2148,7 +2148,7 @@ static bool api_winreg_OpenHKCC(struct p + + r->out.result = _winreg_OpenHKCC(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2228,7 +2228,7 @@ static bool api_winreg_OpenHKDD(struct p + + r->out.result = _winreg_OpenHKDD(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2310,7 +2310,7 @@ static bool api_winreg_QueryMultipleValu + + r->out.result = _winreg_QueryMultipleValues(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2383,7 +2383,7 @@ static bool api_winreg_InitiateSystemShu + + r->out.result = _winreg_InitiateSystemShutdownEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2456,7 +2456,7 @@ static bool api_winreg_SaveKeyEx(struct + + r->out.result = _winreg_SaveKeyEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2536,7 +2536,7 @@ static bool api_winreg_OpenHKPT(struct p + + r->out.result = _winreg_OpenHKPT(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2616,7 +2616,7 @@ static bool api_winreg_OpenHKPN(struct p + + r->out.result = _winreg_OpenHKPN(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2703,7 +2703,7 @@ static bool api_winreg_QueryMultipleValu + + r->out.result = _winreg_QueryMultipleValues2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2776,7 +2776,7 @@ static bool api_winreg_DeleteKeyEx(struc + + r->out.result = _winreg_DeleteKeyEx(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_wkssvc.c ++++ b/source3/librpc/gen_ndr/srv_wkssvc.c +@@ -51,7 +51,7 @@ static bool api_wkssvc_NetWkstaGetInfo(s + + r->out.result = _wkssvc_NetWkstaGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -126,7 +126,7 @@ static bool api_wkssvc_NetWkstaSetInfo(s + r->out.parm_error = r->in.parm_error; + r->out.result = _wkssvc_NetWkstaSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -208,7 +208,7 @@ static bool api_wkssvc_NetWkstaEnumUsers + + r->out.result = _wkssvc_NetWkstaEnumUsers(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -288,7 +288,7 @@ static bool api_wkssvc_NetrWkstaUserGetI + + r->out.result = _wkssvc_NetrWkstaUserGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -363,7 +363,7 @@ static bool api_wkssvc_NetrWkstaUserSetI + r->out.parm_err = r->in.parm_err; + r->out.result = _wkssvc_NetrWkstaUserSetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -445,7 +445,7 @@ static bool api_wkssvc_NetWkstaTransport + + r->out.result = _wkssvc_NetWkstaTransportEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -520,7 +520,7 @@ static bool api_wkssvc_NetrWkstaTranspor + r->out.parm_err = r->in.parm_err; + r->out.result = _wkssvc_NetrWkstaTransportAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -593,7 +593,7 @@ static bool api_wkssvc_NetrWkstaTranspor + + r->out.result = _wkssvc_NetrWkstaTransportDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -668,7 +668,7 @@ static bool api_wkssvc_NetrUseAdd(struct + r->out.parm_err = r->in.parm_err; + r->out.result = _wkssvc_NetrUseAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -748,7 +748,7 @@ static bool api_wkssvc_NetrUseGetInfo(st + + r->out.result = _wkssvc_NetrUseGetInfo(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -821,7 +821,7 @@ static bool api_wkssvc_NetrUseDel(struct + + r->out.result = _wkssvc_NetrUseDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -903,7 +903,7 @@ static bool api_wkssvc_NetrUseEnum(struc + + r->out.result = _wkssvc_NetrUseEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -976,7 +976,7 @@ static bool api_wkssvc_NetrMessageBuffer + + r->out.result = _wkssvc_NetrMessageBufferSend(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1056,7 +1056,7 @@ static bool api_wkssvc_NetrWorkstationSt + + r->out.result = _wkssvc_NetrWorkstationStatisticsGet(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1129,7 +1129,7 @@ static bool api_wkssvc_NetrLogonDomainNa + + r->out.result = _wkssvc_NetrLogonDomainNameAdd(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1202,7 +1202,7 @@ static bool api_wkssvc_NetrLogonDomainNa + + r->out.result = _wkssvc_NetrLogonDomainNameDel(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1275,7 +1275,7 @@ static bool api_wkssvc_NetrJoinDomain(st + + r->out.result = _wkssvc_NetrJoinDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1348,7 +1348,7 @@ static bool api_wkssvc_NetrUnjoinDomain( + + r->out.result = _wkssvc_NetrUnjoinDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1421,7 +1421,7 @@ static bool api_wkssvc_NetrRenameMachine + + r->out.result = _wkssvc_NetrRenameMachineInDomain(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1494,7 +1494,7 @@ static bool api_wkssvc_NetrValidateName( + + r->out.result = _wkssvc_NetrValidateName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1575,7 +1575,7 @@ static bool api_wkssvc_NetrGetJoinInform + + r->out.result = _wkssvc_NetrGetJoinInformation(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1656,7 +1656,7 @@ static bool api_wkssvc_NetrGetJoinableOu + + r->out.result = _wkssvc_NetrGetJoinableOus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1729,7 +1729,7 @@ static bool api_wkssvc_NetrJoinDomain2(s + + r->out.result = _wkssvc_NetrJoinDomain2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1802,7 +1802,7 @@ static bool api_wkssvc_NetrUnjoinDomain2 + + r->out.result = _wkssvc_NetrUnjoinDomain2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1875,7 +1875,7 @@ static bool api_wkssvc_NetrRenameMachine + + r->out.result = _wkssvc_NetrRenameMachineInDomain2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1948,7 +1948,7 @@ static bool api_wkssvc_NetrValidateName2 + + r->out.result = _wkssvc_NetrValidateName2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2029,7 +2029,7 @@ static bool api_wkssvc_NetrGetJoinableOu + + r->out.result = _wkssvc_NetrGetJoinableOus2(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2102,7 +2102,7 @@ static bool api_wkssvc_NetrAddAlternateC + + r->out.result = _wkssvc_NetrAddAlternateComputerName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2175,7 +2175,7 @@ static bool api_wkssvc_NetrRemoveAlterna + + r->out.result = _wkssvc_NetrRemoveAlternateComputerName(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2248,7 +2248,7 @@ static bool api_wkssvc_NetrSetPrimaryCom + + r->out.result = _wkssvc_NetrSetPrimaryComputername(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2328,7 +2328,7 @@ static bool api_wkssvc_NetrEnumerateComp + + r->out.result = _wkssvc_NetrEnumerateComputerNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_wmi.c ++++ b/source3/librpc/gen_ndr/srv_wmi.c +@@ -51,7 +51,7 @@ static bool api_Delete(struct pipes_stru + + r->out.result = _Delete(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -155,7 +155,7 @@ static bool api_OpenNamespace(struct pip + + r->out.result = _OpenNamespace(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -235,7 +235,7 @@ static bool api_CancelAsyncCall(struct p + + r->out.result = _CancelAsyncCall(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -321,7 +321,7 @@ static bool api_QueryObjectSink(struct p + + r->out.result = _QueryObjectSink(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -403,7 +403,7 @@ static bool api_GetObject(struct pipes_s + + r->out.result = _GetObject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -483,7 +483,7 @@ static bool api_GetObjectAsync(struct pi + + r->out.result = _GetObjectAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -564,7 +564,7 @@ static bool api_PutClass(struct pipes_st + + r->out.result = _PutClass(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -644,7 +644,7 @@ static bool api_PutClassAsync(struct pip + + r->out.result = _PutClassAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -725,7 +725,7 @@ static bool api_DeleteClass(struct pipes + + r->out.result = _DeleteClass(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -805,7 +805,7 @@ static bool api_DeleteClassAsync(struct + + r->out.result = _DeleteClassAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -891,7 +891,7 @@ static bool api_CreateClassEnum(struct p + + r->out.result = _CreateClassEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -971,7 +971,7 @@ static bool api_CreateClassEnumAsync(str + + r->out.result = _CreateClassEnumAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1052,7 +1052,7 @@ static bool api_PutInstance(struct pipes + + r->out.result = _PutInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1132,7 +1132,7 @@ static bool api_PutInstanceAsync(struct + + r->out.result = _PutInstanceAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1213,7 +1213,7 @@ static bool api_DeleteInstance(struct pi + + r->out.result = _DeleteInstance(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1293,7 +1293,7 @@ static bool api_DeleteInstanceAsync(stru + + r->out.result = _DeleteInstanceAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1379,7 +1379,7 @@ static bool api_CreateInstanceEnum(struc + + r->out.result = _CreateInstanceEnum(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1459,7 +1459,7 @@ static bool api_CreateInstanceEnumAsync( + + r->out.result = _CreateInstanceEnumAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1545,7 +1545,7 @@ static bool api_ExecQuery(struct pipes_s + + r->out.result = _ExecQuery(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1625,7 +1625,7 @@ static bool api_ExecQueryAsync(struct pi + + r->out.result = _ExecQueryAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1711,7 +1711,7 @@ static bool api_ExecNotificationQuery(st + + r->out.result = _ExecNotificationQuery(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1791,7 +1791,7 @@ static bool api_ExecNotificationQueryAsy + + r->out.result = _ExecNotificationQueryAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1873,7 +1873,7 @@ static bool api_ExecMethod(struct pipes_ + + r->out.result = _ExecMethod(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1953,7 +1953,7 @@ static bool api_ExecMethodAsync(struct p + + r->out.result = _ExecMethodAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2077,7 +2077,7 @@ static bool api_Reset(struct pipes_struc + + r->out.result = _Reset(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2169,7 +2169,7 @@ static bool api_IEnumWbemClassObject_Nex + + r->out.result = _IEnumWbemClassObject_Next(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2249,7 +2249,7 @@ static bool api_NextAsync(struct pipes_s + + r->out.result = _NextAsync(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2335,7 +2335,7 @@ static bool api_IEnumWbemClassObject_Clo + + r->out.result = _IEnumWbemClassObject_Clone(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2415,7 +2415,7 @@ static bool api_Skip(struct pipes_struct + + r->out.result = _Skip(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2527,7 +2527,7 @@ static bool api_Clone(struct pipes_struc + + r->out.result = _Clone(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2607,7 +2607,7 @@ static bool api_GetNames(struct pipes_st + + r->out.result = _GetNames(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2687,7 +2687,7 @@ static bool api_BeginEnumeration(struct + + r->out.result = _BeginEnumeration(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2767,7 +2767,7 @@ static bool api_Next(struct pipes_struct + + r->out.result = _Next(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2847,7 +2847,7 @@ static bool api_EndEnumeration(struct pi + + r->out.result = _EndEnumeration(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -2927,7 +2927,7 @@ static bool api_SetValue(struct pipes_st + + r->out.result = _SetValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3007,7 +3007,7 @@ static bool api_GetValue(struct pipes_st + + r->out.result = _GetValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3087,7 +3087,7 @@ static bool api_DeleteValue(struct pipes + + r->out.result = _DeleteValue(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3167,7 +3167,7 @@ static bool api_DeleteAll(struct pipes_s + + r->out.result = _DeleteAll(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3283,7 +3283,7 @@ static bool api_EstablishPosition(struct + + r->out.result = _EstablishPosition(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3369,7 +3369,7 @@ static bool api_RequestChallenge(struct + + r->out.result = _RequestChallenge(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3455,7 +3455,7 @@ static bool api_WBEMLogin(struct pipes_s + + r->out.result = _WBEMLogin(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3541,7 +3541,7 @@ static bool api_NTLMLogin(struct pipes_s + + r->out.result = _NTLMLogin(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3664,7 +3664,7 @@ static bool api_IWbemWCOSmartEnum_Next(s + + r->out.result = _IWbemWCOSmartEnum_Next(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3772,7 +3772,7 @@ static bool api_Fetch(struct pipes_struc + + r->out.result = _Fetch(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3858,7 +3858,7 @@ static bool api_Test(struct pipes_struct + + r->out.result = _Test(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -3967,7 +3967,7 @@ static bool api_GetResultObject(struct p + + r->out.result = _GetResultObject(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4053,7 +4053,7 @@ static bool api_GetResultString(struct p + + r->out.result = _GetResultString(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4139,7 +4139,7 @@ static bool api_GetResultServices(struct + + r->out.result = _GetResultServices(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4225,7 +4225,7 @@ static bool api_GetCallStatus(struct pip + + r->out.result = _GetCallStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4330,7 +4330,7 @@ static bool api_SetStatus(struct pipes_s + + r->out.result = _SetStatus(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -4410,7 +4410,7 @@ static bool api_Indicate(struct pipes_st + + r->out.result = _Indicate(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_wzcsvc.c ++++ b/source3/librpc/gen_ndr/srv_wzcsvc.c +@@ -44,7 +44,7 @@ static bool api_wzcsvc_EnumInterfaces(st + + _wzcsvc_EnumInterfaces(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -117,7 +117,7 @@ static bool api_wzcsvc_QueryInterface(st + + _wzcsvc_QueryInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -190,7 +190,7 @@ static bool api_wzcsvc_SetInterface(stru + + _wzcsvc_SetInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -263,7 +263,7 @@ static bool api_wzcsvc_RefreshInterface( + + _wzcsvc_RefreshInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -336,7 +336,7 @@ static bool api_wzcsvc_QueryContext(stru + + _wzcsvc_QueryContext(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -409,7 +409,7 @@ static bool api_wzcsvc_SetContext(struct + + _wzcsvc_SetContext(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -482,7 +482,7 @@ static bool api_wzcsvc_EapolUIResponse(s + + _wzcsvc_EapolUIResponse(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -555,7 +555,7 @@ static bool api_wzcsvc_EapolGetCustomAut + + _wzcsvc_EapolGetCustomAuthData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -628,7 +628,7 @@ static bool api_wzcsvc_EapolSetCustomAut + + _wzcsvc_EapolSetCustomAuthData(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -701,7 +701,7 @@ static bool api_wzcsvc_EapolGetInterface + + _wzcsvc_EapolGetInterfaceParams(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -774,7 +774,7 @@ static bool api_wzcsvc_EapolSetInterface + + _wzcsvc_EapolSetInterfaceParams(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -847,7 +847,7 @@ static bool api_wzcsvc_EapolReAuthentica + + _wzcsvc_EapolReAuthenticateInterface(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -920,7 +920,7 @@ static bool api_wzcsvc_EapolQueryInterfa + + _wzcsvc_EapolQueryInterfaceState(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -993,7 +993,7 @@ static bool api_wzcsvc_OpenWZCDbLogSessi + + _wzcsvc_OpenWZCDbLogSession(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1066,7 +1066,7 @@ static bool api_wzcsvc_CloseWZCDbLogSess + + _wzcsvc_CloseWZCDbLogSession(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1139,7 +1139,7 @@ static bool api_wzcsvc_EnumWZCDbLogRecor + + _wzcsvc_EnumWZCDbLogRecords(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1212,7 +1212,7 @@ static bool api_wzcsvc_FlushWZCdbLog(str + + _wzcsvc_FlushWZCdbLog(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +@@ -1285,7 +1285,7 @@ static bool api_wzcsvc_GetWZCDbLogRecord + + _wzcsvc_GetWZCDbLogRecord(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; +--- a/source3/librpc/gen_ndr/srv_xattr.c ++++ b/source3/librpc/gen_ndr/srv_xattr.c +@@ -44,7 +44,7 @@ static bool api_xattr_parse_DOSATTRIB(st + + _xattr_parse_DOSATTRIB(p, r); + +- if (p->rng_fault_state) { ++ if (p->fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; diff --git a/package/network/services/samba36/patches/022-CVE-2015-5370-v3-6.patch b/package/network/services/samba36/patches/022-CVE-2015-5370-v3-6.patch new file mode 100644 index 0000000000..36656ab882 --- /dev/null +++ b/package/network/services/samba36/patches/022-CVE-2015-5370-v3-6.patch @@ -0,0 +1,1791 @@ +From 8716bb5e03cc4f10e2d4edc704d8defe7e8045f1 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Thu, 16 Jul 2015 22:46:05 +0200 +Subject: [PATCH 01/40] CVE-2015-5370: dcerpc.idl: add + DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Günther Deschner +--- + librpc/idl/dcerpc.idl | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/librpc/idl/dcerpc.idl ++++ b/librpc/idl/dcerpc.idl +@@ -475,9 +475,11 @@ interface dcerpc + const uint8 DCERPC_PFC_OFFSET = 3; + const uint8 DCERPC_DREP_OFFSET = 4; + const uint8 DCERPC_FRAG_LEN_OFFSET = 8; ++ const uint32 DCERPC_FRAG_MAX_SIZE = 5840; + const uint8 DCERPC_AUTH_LEN_OFFSET = 10; + const uint8 DCERPC_CALL_ID_OFFSET = 12; + const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; ++ const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */ + + /* little-endian flag */ + const uint8 DCERPC_DREP_LE = 0x10; +--- a/librpc/rpc/dcerpc_util.c ++++ b/librpc/rpc/dcerpc_util.c +@@ -92,31 +92,49 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB + * + * @return - A NTSTATUS error code. + */ +-NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, ++NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, + TALLOC_CTX *mem_ctx, +- DATA_BLOB *pkt_trailer, ++ const DATA_BLOB *pkt_trailer, + struct dcerpc_auth *auth, +- uint32_t *auth_length, ++ uint32_t *_auth_length, + bool auth_data_only) + { + struct ndr_pull *ndr; + enum ndr_err_code ndr_err; +- uint32_t data_and_pad; ++ uint16_t data_and_pad; ++ uint16_t auth_length; ++ uint32_t tmp_length; + +- data_and_pad = pkt_trailer->length +- - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length); ++ ZERO_STRUCTP(auth); ++ if (_auth_length != NULL) { ++ *_auth_length = 0; ++ } ++ ++ /* Paranoia checks for auth_length. The caller should check this... */ ++ if (pkt->auth_length == 0) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ ++ /* Paranoia checks for auth_length. The caller should check this... */ ++ if (pkt->auth_length > pkt->frag_length) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ tmp_length = DCERPC_NCACN_PAYLOAD_OFFSET; ++ tmp_length += DCERPC_AUTH_TRAILER_LENGTH; ++ tmp_length += pkt->auth_length; ++ if (tmp_length > pkt->frag_length) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ if (pkt_trailer->length > UINT16_MAX) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } + +- /* paranoia check for pad size. This would be caught anyway by +- the ndr_pull_advance() a few lines down, but it scared +- Jeremy enough for him to call me, so we might as well check +- it now, just to prevent someone posting a bogus YouTube +- video in the future. +- */ +- if (data_and_pad > pkt_trailer->length) { +- return NT_STATUS_INFO_LENGTH_MISMATCH; ++ auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length; ++ if (pkt_trailer->length < auth_length) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; + } + +- *auth_length = pkt_trailer->length - data_and_pad; ++ data_and_pad = pkt_trailer->length - auth_length; + + ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx); + if (!ndr) { +@@ -136,14 +154,28 @@ NTSTATUS dcerpc_pull_auth_trailer(struct + ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(ndr); ++ ZERO_STRUCTP(auth); + return ndr_map_error2ntstatus(ndr_err); + } + ++ if (data_and_pad < auth->auth_pad_length) { ++ DEBUG(1, (__location__ ": ERROR: pad length mismatch. " ++ "Calculated %u got %u\n", ++ (unsigned)data_and_pad, ++ (unsigned)auth->auth_pad_length)); ++ talloc_free(ndr); ++ ZERO_STRUCTP(auth); ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ + if (auth_data_only && data_and_pad != auth->auth_pad_length) { +- DEBUG(1, (__location__ ": WARNING: pad length mismatch. " ++ DEBUG(1, (__location__ ": ERROR: pad length mismatch. " + "Calculated %u got %u\n", + (unsigned)data_and_pad, + (unsigned)auth->auth_pad_length)); ++ talloc_free(ndr); ++ ZERO_STRUCTP(auth); ++ return NT_STATUS_RPC_PROTOCOL_ERROR; + } + + DEBUG(6,(__location__ ": auth_pad_length %u\n", +@@ -152,6 +184,83 @@ NTSTATUS dcerpc_pull_auth_trailer(struct + talloc_steal(mem_ctx, auth->credentials.data); + talloc_free(ndr); + ++ if (_auth_length != NULL) { ++ *_auth_length = auth_length; ++ } ++ ++ return NT_STATUS_OK; ++} ++ ++/** ++* @brief Verify the fields in ncacn_packet header. ++* ++* @param pkt - The ncacn_packet strcuture ++* @param ptype - The expected PDU type ++* @param max_auth_info - The maximum size of a possible auth trailer ++* @param required_flags - The required flags for the pdu. ++* @param optional_flags - The possible optional flags for the pdu. ++* ++* @return - A NTSTATUS error code. ++*/ ++NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, ++ enum dcerpc_pkt_type ptype, ++ size_t max_auth_info, ++ uint8_t required_flags, ++ uint8_t optional_flags) ++{ ++ if (pkt->rpc_vers != 5) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (pkt->rpc_vers_minor != 0) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (pkt->auth_length > pkt->frag_length) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (pkt->ptype != ptype) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (max_auth_info > UINT16_MAX) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ ++ if (pkt->auth_length > 0) { ++ size_t max_auth_length; ++ ++ if (max_auth_info <= DCERPC_AUTH_TRAILER_LENGTH) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ max_auth_length = max_auth_info - DCERPC_AUTH_TRAILER_LENGTH; ++ ++ if (pkt->auth_length > max_auth_length) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ } ++ ++ if ((pkt->pfc_flags & required_flags) != required_flags) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ if (pkt->pfc_flags & ~(optional_flags|required_flags)) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ ++ if (pkt->drep[0] & ~DCERPC_DREP_LE) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ if (pkt->drep[1] != 0) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ if (pkt->drep[2] != 0) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ if (pkt->drep[3] != 0) { ++ return NT_STATUS_RPC_PROTOCOL_ERROR; ++ } ++ + return NT_STATUS_OK; + } + +--- a/librpc/rpc/rpc_common.h ++++ b/librpc/rpc/rpc_common.h +@@ -158,12 +158,17 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB + * + * @return - A NTSTATUS error code. + */ +-NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, ++NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, + TALLOC_CTX *mem_ctx, +- DATA_BLOB *pkt_trailer, ++ const DATA_BLOB *pkt_trailer, + struct dcerpc_auth *auth, + uint32_t *auth_length, + bool auth_data_only); ++NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, ++ enum dcerpc_pkt_type ptype, ++ size_t max_auth_info, ++ uint8_t required_flags, ++ uint8_t optional_flags); + struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +--- a/source3/librpc/rpc/dcerpc_helpers.c ++++ b/source3/librpc/rpc/dcerpc_helpers.c +@@ -210,47 +210,6 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_ + } + + /** +-* @brief Decodes a dcerpc_auth blob +-* +-* @param mem_ctx The memory context on which to allocate the packet +-* elements +-* @param blob The blob of data to decode +-* @param r An empty dcerpc_auth structure, must not be NULL +-* +-* @return a NTSTATUS error code +-*/ +-NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, +- const DATA_BLOB *blob, +- struct dcerpc_auth *r, +- bool bigendian) +-{ +- enum ndr_err_code ndr_err; +- struct ndr_pull *ndr; +- +- ndr = ndr_pull_init_blob(blob, mem_ctx); +- if (!ndr) { +- return NT_STATUS_NO_MEMORY; +- } +- if (bigendian) { +- ndr->flags |= LIBNDR_FLAG_BIGENDIAN; +- } +- +- ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, r); +- +- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { +- talloc_free(ndr); +- return ndr_map_error2ntstatus(ndr_err); +- } +- talloc_free(ndr); +- +- if (DEBUGLEVEL >= 10) { +- NDR_PRINT_DEBUG(dcerpc_auth, r); +- } +- +- return NT_STATUS_OK; +-} +- +-/** + * @brief Calculate how much data we can in a packet, including calculating + * auth token and pad lengths. + * +@@ -782,7 +741,7 @@ NTSTATUS dcerpc_add_auth_footer(struct p + auth->auth_type, + auth->auth_level, + pad_len, +- 1 /* context id. */, ++ auth->auth_context_id, + &auth_blob, + &auth_info); + if (!NT_STATUS_IS_OK(status)) { +@@ -844,19 +803,18 @@ NTSTATUS dcerpc_add_auth_footer(struct p + * + * @param auth The auth data for the connection + * @param pkt The actual ncacn_packet +-* @param pkt_trailer The stub_and_verifier part of the packet ++* @param pkt_trailer [in][out] The stub_and_verifier part of the packet, ++* the auth_trailer and padding will be removed. + * @param header_size The header size + * @param raw_pkt The whole raw packet data blob +-* @param pad_len [out] The padding length used in the packet + * + * @return A NTSTATUS error code + */ + NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, + struct ncacn_packet *pkt, + DATA_BLOB *pkt_trailer, +- size_t header_size, +- DATA_BLOB *raw_pkt, +- size_t *pad_len) ++ uint8_t header_size, ++ DATA_BLOB *raw_pkt) + { + struct schannel_state *schannel_auth; + struct auth_ntlmssp_state *ntlmssp_ctx; +@@ -868,6 +826,14 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + DATA_BLOB full_pkt; + DATA_BLOB data; + ++ /* ++ * These check should be done in the caller. ++ */ ++ SMB_ASSERT(raw_pkt->length == pkt->frag_length); ++ SMB_ASSERT(header_size <= pkt->frag_length); ++ SMB_ASSERT(pkt_trailer->length < pkt->frag_length); ++ SMB_ASSERT((pkt_trailer->length + header_size) <= pkt->frag_length); ++ + switch (auth->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + DEBUG(10, ("Requested Privacy.\n")); +@@ -881,7 +847,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + if (pkt->auth_length != 0) { + break; + } +- *pad_len = 0; + return NT_STATUS_OK; + + case DCERPC_AUTH_LEVEL_NONE: +@@ -890,7 +855,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + "authenticated connection!\n")); + return NT_STATUS_INVALID_PARAMETER; + } +- *pad_len = 0; + return NT_STATUS_OK; + + default: +@@ -899,16 +863,8 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + return NT_STATUS_INVALID_PARAMETER; + } + +- /* Paranioa checks for auth_length. */ +- if (pkt->auth_length > pkt->frag_length) { +- return NT_STATUS_INFO_LENGTH_MISMATCH; +- } +- if (((unsigned int)pkt->auth_length +- + DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) || +- ((unsigned int)pkt->auth_length +- + DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) { +- /* Integer wrap attempt. */ +- return NT_STATUS_INFO_LENGTH_MISMATCH; ++ if (pkt->auth_length == 0) { ++ return NT_STATUS_INVALID_PARAMETER; + } + + status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer, +@@ -917,10 +873,23 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + return status; + } + ++ if (auth_info.auth_type != auth->auth_type) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ ++ if (auth_info.auth_level != auth->auth_level) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ ++ if (auth_info.auth_context_id != auth->auth_context_id) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ ++ pkt_trailer->length -= auth_length; + data = data_blob_const(raw_pkt->data + header_size, +- pkt_trailer->length - auth_length); +- full_pkt = data_blob_const(raw_pkt->data, +- raw_pkt->length - auth_info.credentials.length); ++ pkt_trailer->length); ++ full_pkt = data_blob_const(raw_pkt->data, raw_pkt->length); ++ full_pkt.length -= auth_info.credentials.length; + + switch (auth->auth_type) { + case DCERPC_AUTH_TYPE_NONE: +@@ -996,10 +965,13 @@ NTSTATUS dcerpc_check_auth(struct pipe_a + * pkt_trailer actually has a copy of the raw data, and they + * are still both used in later calls */ + if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { ++ if (pkt_trailer->length != data.length) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } + memcpy(pkt_trailer->data, data.data, data.length); + } + +- *pad_len = auth_info.auth_pad_length; ++ pkt_trailer->length -= auth_info.auth_pad_length; + data_blob_free(&auth_info.credentials); + return NT_STATUS_OK; + } +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -404,9 +404,9 @@ static NTSTATUS cli_pipe_validate_curren + DATA_BLOB *rdata, + DATA_BLOB *reply_pdu) + { +- struct dcerpc_response *r; ++ const struct dcerpc_response *r = NULL; ++ DATA_BLOB tmp_stub = data_blob_null; + NTSTATUS ret = NT_STATUS_OK; +- size_t pad_len = 0; + + /* + * Point the return values at the real data including the RPC +@@ -414,50 +414,128 @@ static NTSTATUS cli_pipe_validate_curren + */ + *rdata = *pdu; + ++ if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && ++ !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { ++ /* ++ * TODO: do we still need this hack which was introduced ++ * in commit a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0. ++ * ++ * I don't even know what AS/U might be... ++ */ ++ DEBUG(5, (__location__ ": bug in server (AS/U?), setting " ++ "fragment first/last ON.\n")); ++ pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; ++ } ++ + /* Ensure we have the correct type. */ + switch (pkt->ptype) { +- case DCERPC_PKT_ALTER_RESP: ++ case DCERPC_PKT_BIND_NAK: ++ DEBUG(1, (__location__ ": Bind NACK received from %s!\n", ++ rpccli_pipe_txt(talloc_tos(), cli))); ++ ++ ret = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_BIND_NAK, ++ 0, /* max_auth_info */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST, ++ 0); /* optional flags */ ++ if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ return ret; ++ } ++ ++ /* Use this for now... */ ++ return NT_STATUS_NETWORK_ACCESS_DENIED; ++ + case DCERPC_PKT_BIND_ACK: ++ ret = dcerpc_verify_ncacn_packet_header(pkt, ++ expected_pkt_type, ++ pkt->u.bind_ack.auth_info.length, ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST, ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); ++ if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ return ret; ++ } + +- /* Client code never receives this kind of packets */ + break; + ++ case DCERPC_PKT_ALTER_RESP: ++ ret = dcerpc_verify_ncacn_packet_header(pkt, ++ expected_pkt_type, ++ pkt->u.alter_resp.auth_info.length, ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST, ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); ++ if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ return ret; ++ } ++ ++ break; + + case DCERPC_PKT_RESPONSE: + + r = &pkt->u.response; + ++ ret = dcerpc_verify_ncacn_packet_header(pkt, ++ expected_pkt_type, ++ r->stub_and_verifier.length, ++ 0, /* required_flags */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST); ++ if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ return ret; ++ } ++ ++ tmp_stub.data = r->stub_and_verifier.data; ++ tmp_stub.length = r->stub_and_verifier.length; ++ + /* Here's where we deal with incoming sign/seal. */ + ret = dcerpc_check_auth(cli->auth, pkt, +- &r->stub_and_verifier, ++ &tmp_stub, + DCERPC_RESPONSE_LENGTH, +- pdu, &pad_len); ++ pdu); + if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +- if (pkt->frag_length < DCERPC_RESPONSE_LENGTH + pad_len) { +- return NT_STATUS_BUFFER_TOO_SMALL; +- } +- + /* Point the return values at the NDR data. */ +- rdata->data = r->stub_and_verifier.data; ++ *rdata = tmp_stub; + +- if (pkt->auth_length) { +- /* We've already done integer wrap tests in +- * dcerpc_check_auth(). */ +- rdata->length = r->stub_and_verifier.length +- - pad_len +- - DCERPC_AUTH_TRAILER_LENGTH +- - pkt->auth_length; +- } else { +- rdata->length = r->stub_and_verifier.length; +- } +- +- DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n", ++ DEBUG(10, ("Got pdu len %lu, data_len %lu\n", + (long unsigned int)pdu->length, +- (long unsigned int)rdata->length, +- (unsigned int)pad_len)); ++ (long unsigned int)rdata->length)); + + /* + * If this is the first reply, and the allocation hint is +@@ -478,14 +556,24 @@ static NTSTATUS cli_pipe_validate_curren + + break; + +- case DCERPC_PKT_BIND_NAK: +- DEBUG(1, (__location__ ": Bind NACK received from %s!\n", +- rpccli_pipe_txt(talloc_tos(), cli))); +- /* Use this for now... */ +- return NT_STATUS_NETWORK_ACCESS_DENIED; +- + case DCERPC_PKT_FAULT: + ++ ret = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_FAULT, ++ 0, /* max_auth_info */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST, ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE); ++ if (!NT_STATUS_IS_OK(ret)) { ++ DEBUG(1, (__location__ ": Connection to %s got an unexpected " ++ "RPC packet type - %u, expected %u: %s\n", ++ rpccli_pipe_txt(talloc_tos(), cli), ++ pkt->ptype, expected_pkt_type, ++ nt_errstr(ret))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ return ret; ++ } ++ + DEBUG(1, (__location__ ": RPC fault code %s received " + "from %s!\n", + dcerpc_errstr(talloc_tos(), +@@ -502,13 +590,6 @@ static NTSTATUS cli_pipe_validate_curren + return NT_STATUS_RPC_PROTOCOL_ERROR; + } + +- if (pkt->ptype != expected_pkt_type) { +- DEBUG(3, (__location__ ": Connection to %s got an unexpected " +- "RPC packet type - %u, not %u\n", +- rpccli_pipe_txt(talloc_tos(), cli), +- pkt->ptype, expected_pkt_type)); +- return NT_STATUS_RPC_PROTOCOL_ERROR; +- } + + if (pkt->call_id != call_id) { + DEBUG(3, (__location__ ": Connection to %s got an unexpected " +@@ -518,17 +599,6 @@ static NTSTATUS cli_pipe_validate_curren + return NT_STATUS_RPC_PROTOCOL_ERROR; + } + +- /* Do this just before return - we don't want to modify any rpc header +- data before now as we may have needed to do cryptographic actions on +- it before. */ +- +- if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && +- !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { +- DEBUG(5, (__location__ ": bug in server (AS/U?), setting " +- "fragment first/last ON.\n")); +- pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; +- } +- + return NT_STATUS_OK; + } + +@@ -883,6 +953,12 @@ static void rpc_api_pipe_got_pdu(struct + + state->pkt = talloc(state, struct ncacn_packet); + if (!state->pkt) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); + tevent_req_nterror(req, NT_STATUS_NO_MEMORY); + return; + } +@@ -892,18 +968,16 @@ static void rpc_api_pipe_got_pdu(struct + state->pkt, + !state->endianess); + if (!NT_STATUS_IS_OK(status)) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); + tevent_req_nterror(req, status); + return; + } + +- if (state->incoming_frag.length != state->pkt->frag_length) { +- DEBUG(5, ("Incorrect pdu length %u, expected %u\n", +- (unsigned int)state->incoming_frag.length, +- (unsigned int)state->pkt->frag_length)); +- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); +- return; +- } +- + status = cli_pipe_validate_current_pdu(state, + state->cli, state->pkt, + &state->incoming_frag, +@@ -917,6 +991,28 @@ static void rpc_api_pipe_got_pdu(struct + (unsigned)state->reply_pdu_offset, + nt_errstr(status))); + ++ if (state->pkt->ptype != DCERPC_PKT_FAULT && !NT_STATUS_IS_OK(status)) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ } + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; +@@ -941,7 +1037,24 @@ static void rpc_api_pipe_got_pdu(struct + "%s\n", + state->endianess?"little":"big", + state->pkt->drep[0]?"little":"big")); +- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); ++ return; ++ } ++ ++ if (state->reply_pdu_offset + rdata.length > MAX_RPC_DATA_SIZE) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); + return; + } + +@@ -949,6 +1062,12 @@ static void rpc_api_pipe_got_pdu(struct + if (state->reply_pdu.length < state->reply_pdu_offset + rdata.length) { + if (!data_blob_realloc(NULL, &state->reply_pdu, + state->reply_pdu_offset + rdata.length)) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); + tevent_req_nterror(req, NT_STATUS_NO_MEMORY); + return; + } +@@ -978,6 +1097,14 @@ static void rpc_api_pipe_got_pdu(struct + subreq = get_complete_frag_send(state, state->ev, state->cli, + state->call_id, + &state->incoming_frag); ++ if (subreq == NULL) { ++ /* ++ * TODO: do a real async disconnect ... ++ * ++ * For now do it sync... ++ */ ++ TALLOC_FREE(state->cli->transport); ++ } + if (tevent_req_nomem(subreq, req)) { + return; + } +@@ -1247,7 +1374,7 @@ static NTSTATUS create_rpc_bind_req(TALL + auth->auth_type, + auth->auth_level, + 0, /* auth_pad_length */ +- 1, /* auth_context_id */ ++ auth->auth_context_id, + &auth_token, + &auth_info); + if (!NT_STATUS_IS_OK(ret)) { +@@ -1749,9 +1876,8 @@ static bool check_bind_response(const st + + static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, + struct rpc_pipe_client *cli, +- uint32 rpc_call_id, +- enum dcerpc_AuthType auth_type, +- enum dcerpc_AuthLevel auth_level, ++ struct pipe_auth_data *auth, ++ uint32_t rpc_call_id, + DATA_BLOB *pauth_blob, + DATA_BLOB *rpc_out) + { +@@ -1761,10 +1887,10 @@ static NTSTATUS create_rpc_bind_auth3(TA + u.auth3._pad = 0; + + status = dcerpc_push_dcerpc_auth(mem_ctx, +- auth_type, +- auth_level, ++ auth->auth_type, ++ auth->auth_level, + 0, /* auth_pad_length */ +- 1, /* auth_context_id */ ++ auth->auth_context_id, + pauth_blob, + &u.auth3.auth_info); + if (!NT_STATUS_IS_OK(status)) { +@@ -1794,9 +1920,8 @@ static NTSTATUS create_rpc_bind_auth3(TA + ********************************************************************/ + + static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx, +- enum dcerpc_AuthType auth_type, +- enum dcerpc_AuthLevel auth_level, +- uint32 rpc_call_id, ++ struct pipe_auth_data *auth, ++ uint32_t rpc_call_id, + const struct ndr_syntax_id *abstract, + const struct ndr_syntax_id *transfer, + const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ +@@ -1806,10 +1931,10 @@ static NTSTATUS create_rpc_alter_context + NTSTATUS status; + + status = dcerpc_push_dcerpc_auth(mem_ctx, +- auth_type, +- auth_level, ++ auth->auth_type, ++ auth->auth_level, + 0, /* auth_pad_length */ +- 1, /* auth_context_id */ ++ auth->auth_context_id, + pauth_blob, + &auth_info); + if (!NT_STATUS_IS_OK(status)) { +@@ -1957,30 +2082,45 @@ static void rpc_pipe_bind_step_one_done( + rpc_pipe_bind_step_two_trigger(req); + return; + +- case DCERPC_AUTH_TYPE_NTLMSSP: +- case DCERPC_AUTH_TYPE_SPNEGO: +- case DCERPC_AUTH_TYPE_KRB5: +- /* Paranoid lenght checks */ +- if (pkt->frag_length < DCERPC_AUTH_TRAILER_LENGTH +- + pkt->auth_length) { +- tevent_req_nterror(req, +- NT_STATUS_INFO_LENGTH_MISMATCH); ++ default: ++ if (pkt->auth_length == 0) { ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); + return; + } + /* get auth credentials */ +- status = dcerpc_pull_dcerpc_auth(talloc_tos(), +- &pkt->u.bind_ack.auth_info, +- &auth, false); ++ status = dcerpc_pull_auth_trailer(pkt, talloc_tos(), ++ &pkt->u.bind_ack.auth_info, ++ &auth, NULL, true); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to pull dcerpc auth: %s.\n", + nt_errstr(status))); + tevent_req_nterror(req, status); + return; + } +- break; + +- default: +- goto err_out; ++ if (auth.auth_type != pauth->auth_type) { ++ DEBUG(0, (__location__ " Auth type %u mismatch expected %u.\n", ++ auth.auth_type, pauth->auth_type)); ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); ++ return; ++ } ++ ++ if (auth.auth_level != pauth->auth_level) { ++ DEBUG(0, (__location__ " Auth level %u mismatch expected %u.\n", ++ auth.auth_level, pauth->auth_level)); ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); ++ return; ++ } ++ ++ if (auth.auth_context_id != pauth->auth_context_id) { ++ DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n", ++ (unsigned)auth.auth_context_id, ++ (unsigned)pauth->auth_context_id)); ++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); ++ return; ++ } ++ ++ break; + } + + /* +@@ -2226,9 +2366,7 @@ static NTSTATUS rpc_bind_next_send(struc + /* Now prepare the alter context pdu. */ + data_blob_free(&state->rpc_out); + +- status = create_rpc_alter_context(state, +- auth->auth_type, +- auth->auth_level, ++ status = create_rpc_alter_context(state, auth, + state->rpc_call_id, + &state->cli->abstract_syntax, + &state->cli->transfer_syntax, +@@ -2261,10 +2399,8 @@ static NTSTATUS rpc_bind_finish_send(str + /* Now prepare the auth3 context pdu. */ + data_blob_free(&state->rpc_out); + +- status = create_rpc_bind_auth3(state, state->cli, ++ status = create_rpc_bind_auth3(state, state->cli, auth, + state->rpc_call_id, +- auth->auth_type, +- auth->auth_level, + auth_token, + &state->rpc_out); + if (!NT_STATUS_IS_OK(status)) { +@@ -2498,8 +2634,9 @@ static struct tevent_req *rpccli_bh_disc + /* + * TODO: do a real async disconnect ... + * +- * For now the caller needs to free rpc_cli ++ * For now we do it sync... + */ ++ TALLOC_FREE(hs->rpc_cli->transport); + hs->rpc_cli = NULL; + + tevent_req_done(req); +@@ -2636,6 +2773,7 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC + + result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM; + result->auth_level = DCERPC_AUTH_LEVEL_CONNECT; ++ result->auth_context_id = 1; + + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, ""); +@@ -2660,6 +2798,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CT + + result->auth_type = DCERPC_AUTH_TYPE_NONE; + result->auth_level = DCERPC_AUTH_LEVEL_NONE; ++ result->auth_context_id = 0; + + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, ""); +@@ -2697,6 +2836,7 @@ static NTSTATUS rpccli_ntlmssp_bind_data + + result->auth_type = auth_type; + result->auth_level = auth_level; ++ result->auth_context_id = 1; + + result->user_name = talloc_strdup(result, username); + result->domain = talloc_strdup(result, domain); +@@ -2768,6 +2908,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLO + + result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL; + result->auth_level = auth_level; ++ result->auth_context_id = 1; + + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, domain); +@@ -3432,6 +3573,7 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct c + } + auth->auth_type = DCERPC_AUTH_TYPE_KRB5; + auth->auth_level = auth_level; ++ auth->auth_context_id = 1; + + if (!username) { + username = ""; +@@ -3502,6 +3644,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(s + } + auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; + auth->auth_level = auth_level; ++ auth->auth_context_id = 1; + + if (!username) { + username = ""; +@@ -3576,6 +3719,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmss + } + auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; + auth->auth_level = auth_level; ++ auth->auth_context_id = 1; + + if (!username) { + username = ""; +--- a/source4/rpc_server/dcesrv_auth.c ++++ b/source4/rpc_server/dcesrv_auth.c +@@ -46,7 +46,7 @@ bool dcesrv_auth_bind(struct dcesrv_call + NTSTATUS status; + uint32_t auth_length; + +- if (pkt->u.bind.auth_info.length == 0) { ++ if (pkt->auth_length == 0) { + dce_conn->auth_state.auth_info = NULL; + return true; + } +@@ -108,7 +108,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dce + struct dcesrv_connection *dce_conn = call->conn; + NTSTATUS status; + +- if (!call->conn->auth_state.gensec_security) { ++ if (call->pkt.auth_length == 0) { + return NT_STATUS_OK; + } + +@@ -155,10 +155,16 @@ bool dcesrv_auth_auth3(struct dcesrv_cal + NTSTATUS status; + uint32_t auth_length; + +- /* We can't work without an existing gensec state, and an new blob to feed it */ +- if (!dce_conn->auth_state.auth_info || +- !dce_conn->auth_state.gensec_security || +- pkt->u.auth3.auth_info.length == 0) { ++ if (pkt->auth_length == 0) { ++ return false; ++ } ++ ++ if (!dce_conn->auth_state.auth_info) { ++ return false; ++ } ++ ++ /* We can't work without an existing gensec state */ ++ if (!dce_conn->auth_state.gensec_security) { + return false; + } + +@@ -203,7 +209,7 @@ bool dcesrv_auth_alter(struct dcesrv_cal + uint32_t auth_length; + + /* on a pure interface change there is no auth blob */ +- if (pkt->u.alter.auth_info.length == 0) { ++ if (pkt->auth_length == 0) { + return true; + } + +@@ -238,8 +244,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dc + + /* on a pure interface change there is no auth_info structure + setup */ +- if (!call->conn->auth_state.auth_info || +- dce_conn->auth_state.auth_info->credentials.length == 0) { ++ if (call->pkt.auth_length == 0) { + return NT_STATUS_OK; + } + +@@ -315,6 +320,11 @@ bool dcesrv_auth_request(struct dcesrv_c + return false; + } + ++ if (pkt->auth_length == 0) { ++ DEBUG(1,("dcesrv_auth_request: unexpected auth_length of 0\n")); ++ return false; ++ } ++ + status = dcerpc_pull_auth_trailer(pkt, call, + &pkt->u.request.stub_and_verifier, + &auth, &auth_length, false); +--- a/source4/librpc/rpc/dcerpc.c ++++ b/source4/librpc/rpc/dcerpc.c +@@ -701,6 +701,14 @@ static NTSTATUS ncacn_pull_request_auth( + return NT_STATUS_INVALID_LEVEL; + } + ++ if (pkt->auth_length == 0) { ++ return NT_STATUS_INVALID_NETWORK_RESPONSE; ++ } ++ ++ if (c->security_state.generic_state == NULL) { ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ + status = dcerpc_pull_auth_trailer(pkt, mem_ctx, + &pkt->u.response.stub_and_verifier, + &auth, &auth_length, false); +@@ -1074,7 +1082,7 @@ static void dcerpc_bind_recv_handler(str + } + + /* the bind_ack might contain a reply set of credentials */ +- if (conn->security_state.auth_info && pkt->u.bind_ack.auth_info.length) { ++ if (conn->security_state.auth_info && pkt->auth_length) { + NTSTATUS status; + uint32_t auth_length; + status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.bind_ack.auth_info, +@@ -1847,8 +1855,7 @@ static void dcerpc_alter_recv_handler(st + } + + /* the alter_resp might contain a reply set of credentials */ +- if (recv_pipe->conn->security_state.auth_info && +- pkt->u.alter_resp.auth_info.length) { ++ if (recv_pipe->conn->security_state.auth_info && pkt->auth_length) { + struct dcecli_connection *conn = recv_pipe->conn; + NTSTATUS status; + uint32_t auth_length; +--- a/source3/librpc/rpc/dcerpc.h ++++ b/source3/librpc/rpc/dcerpc.h +@@ -42,6 +42,7 @@ struct pipe_auth_data { + bool verified_bitmask1; + + void *auth_ctx; ++ uint32_t auth_context_id; + + /* Only the client code uses these 3 for now */ + char *domain; +@@ -71,10 +72,6 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_ + uint32_t auth_context_id, + const DATA_BLOB *credentials, + DATA_BLOB *blob); +-NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, +- const DATA_BLOB *blob, +- struct dcerpc_auth *r, +- bool bigendian); + NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, + size_t header_len, size_t data_left, + size_t max_xmit_frag, size_t pad_alignment, +@@ -85,9 +82,8 @@ NTSTATUS dcerpc_add_auth_footer(struct p + NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, + struct ncacn_packet *pkt, + DATA_BLOB *pkt_trailer, +- size_t header_size, +- DATA_BLOB *raw_pkt, +- size_t *pad_len); ++ uint8_t header_size, ++ DATA_BLOB *raw_pkt); + + /* The following definitions come from librpc/rpc/rpc_common.c */ + +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -42,6 +42,7 @@ + #include "auth.h" + #include "ntdomain.h" + #include "rpc_server/srv_pipe.h" ++#include "../librpc/gen_ndr/ndr_dcerpc.h" + #include "../librpc/ndr/ndr_dcerpc.h" + + #undef DBGC_CLASS +@@ -270,10 +271,14 @@ static bool setup_bind_nak(struct pipes_ + p->out_data.data_sent_length = 0; + p->out_data.current_pdu_sent = 0; + ++ set_incoming_fault(p); + TALLOC_FREE(p->auth.auth_ctx); + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; + p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; + p->pipe_bound = False; ++ p->allow_bind = false; ++ p->allow_alter = false; ++ p->allow_auth3 = false; + + return True; + } +@@ -339,16 +344,46 @@ static bool check_bind_req(struct pipes_ + DEBUG(3,("check_bind_req for %s\n", + get_pipe_name_from_syntax(talloc_tos(), abstract))); + ++ ok = ndr_syntax_id_equal(transfer, &ndr_transfer_syntax); ++ if (!ok) { ++ DEBUG(1,("check_bind_req unknown transfer syntax for " ++ "%s context_id=%u\n", ++ get_pipe_name_from_syntax(talloc_tos(), abstract), ++ (unsigned)context_id)); ++ return false; ++ } ++ ++ for (context_fns = p->contexts; ++ context_fns != NULL; ++ context_fns = context_fns->next) ++ { ++ if (context_fns->context_id != context_id) { ++ continue; ++ } ++ ++ ok = ndr_syntax_id_equal(&context_fns->syntax, ++ abstract); ++ if (ok) { ++ return true; ++ } ++ ++ DEBUG(1,("check_bind_req: changing abstract syntax for " ++ "%s context_id=%u into %s not supported\n", ++ get_pipe_name_from_syntax(talloc_tos(), &context_fns->syntax), ++ (unsigned)context_id, ++ get_pipe_name_from_syntax(talloc_tos(), abstract))); ++ return false; ++ } ++ + /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ +- if (rpc_srv_pipe_exists_by_id(abstract) && +- ndr_syntax_id_equal(transfer, &ndr_transfer_syntax)) { +- DEBUG(3, ("check_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", +- rpc_srv_get_pipe_cli_name(abstract), +- rpc_srv_get_pipe_srv_name(abstract))); +- } else { ++ if (!rpc_srv_pipe_exists_by_id(abstract)) { + return false; + } + ++ DEBUG(3, ("check_bind_req: %s -> %s rpc service\n", ++ rpc_srv_get_pipe_cli_name(abstract), ++ rpc_srv_get_pipe_srv_name(abstract))); ++ + context_fns = SMB_MALLOC_P(struct pipe_rpc_fns); + if (context_fns == NULL) { + DEBUG(0,("check_bind_req: malloc() failed!\n")); +@@ -447,6 +482,7 @@ static bool pipe_spnego_auth_bind(struct + + p->auth.auth_ctx = spnego_ctx; + p->auth.auth_type = DCERPC_AUTH_TYPE_SPNEGO; ++ p->auth.auth_context_id = auth_info->auth_context_id; + + DEBUG(10, ("SPNEGO auth started\n")); + +@@ -557,6 +593,7 @@ static bool pipe_schannel_auth_bind(stru + /* We're finished with this bind - no more packets. */ + p->auth.auth_ctx = schannel_auth; + p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL; ++ p->auth.auth_context_id = auth_info->auth_context_id; + + p->pipe_bound = True; + +@@ -601,6 +638,7 @@ static bool pipe_ntlmssp_auth_bind(struc + + p->auth.auth_ctx = ntlmssp_state; + p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; ++ p->auth.auth_context_id = auth_info->auth_context_id; + + DEBUG(10, (__location__ ": NTLMSSP auth started\n")); + +@@ -776,6 +814,11 @@ static NTSTATUS pipe_auth_verify_final(s + void *mech_ctx; + NTSTATUS status; + ++ if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { ++ p->pipe_bound = true; ++ return NT_STATUS_OK; ++ } ++ + switch (p->auth.auth_type) { + case DCERPC_AUTH_TYPE_NTLMSSP: + ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, +@@ -867,16 +910,38 @@ static bool api_pipe_bind_req(struct pip + DATA_BLOB auth_resp = data_blob_null; + DATA_BLOB auth_blob = data_blob_null; + +- /* No rebinds on a bound pipe - use alter context. */ +- if (p->pipe_bound) { +- DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound " +- "pipe %s.\n", +- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); ++ if (!p->allow_bind) { ++ DEBUG(2,("Pipe not in allow bind state\n")); + return setup_bind_nak(p, pkt); + } ++ p->allow_bind = false; ++ ++ status = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_BIND, ++ pkt->u.bind.auth_info.length, ++ 0, /* required flags */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST | ++ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | ++ 0x08 | /* this is not defined, but should be ignored */ ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | ++ DCERPC_PFC_FLAG_MAYBE | ++ DCERPC_PFC_FLAG_OBJECT_UUID); ++ if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", ++ nt_errstr(status))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ goto err_exit; ++ } + + if (pkt->u.bind.num_contexts == 0) { +- DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n")); ++ DEBUG(1, ("api_pipe_bind_req: no rpc contexts around\n")); ++ goto err_exit; ++ } ++ ++ if (pkt->u.bind.ctx_list[0].num_transfer_syntaxes == 0) { ++ DEBUG(1, ("api_pipe_bind_req: no transfer syntaxes around\n")); + goto err_exit; + } + +@@ -960,25 +1025,12 @@ static bool api_pipe_bind_req(struct pip + * Check if this is an authenticated bind request. + */ + if (pkt->auth_length) { +- /* Quick length check. Won't catch a bad auth footer, +- * prevents overrun. */ +- +- if (pkt->frag_length < RPC_HEADER_LEN + +- DCERPC_AUTH_TRAILER_LENGTH + +- pkt->auth_length) { +- DEBUG(0,("api_pipe_bind_req: auth_len (%u) " +- "too long for fragment %u.\n", +- (unsigned int)pkt->auth_length, +- (unsigned int)pkt->frag_length)); +- goto err_exit; +- } +- + /* + * Decode the authentication verifier. + */ +- status = dcerpc_pull_dcerpc_auth(pkt, +- &pkt->u.bind.auth_info, +- &auth_info, p->endian); ++ status = dcerpc_pull_auth_trailer(pkt, pkt, ++ &pkt->u.bind.auth_info, ++ &auth_info, NULL, true); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); + goto err_exit; +@@ -1072,6 +1124,7 @@ static bool api_pipe_bind_req(struct pip + p->pipe_bound = True; + /* The session key was initialized from the SMB + * session in make_internal_rpc_pipe_p */ ++ p->auth.auth_context_id = 0; + } + + ZERO_STRUCT(u.bind_ack); +@@ -1113,15 +1166,15 @@ static bool api_pipe_bind_req(struct pip + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", + nt_errstr(status))); ++ goto err_exit; + } + + if (auth_resp.length) { +- + status = dcerpc_push_dcerpc_auth(pkt, + auth_type, + auth_info.auth_level, +- 0, +- 1, /* auth_context_id */ ++ 0, /* pad_len */ ++ p->auth.auth_context_id, + &auth_resp, + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { +@@ -1152,6 +1205,22 @@ static bool api_pipe_bind_req(struct pip + p->out_data.current_pdu_sent = 0; + + TALLOC_FREE(auth_blob.data); ++ ++ if (bind_ack_ctx.result == 0) { ++ p->allow_alter = true; ++ p->allow_auth3 = true; ++ if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { ++ status = pipe_auth_verify_final(p); ++ if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(0, ("pipe_auth_verify_final failed: %s\n", ++ nt_errstr(status))); ++ goto err_exit; ++ } ++ } ++ } else { ++ goto err_exit; ++ } ++ + return True; + + err_exit: +@@ -1176,18 +1245,39 @@ bool api_pipe_bind_auth3(struct pipes_st + + DEBUG(5, ("api_pipe_bind_auth3: decode request. %d\n", __LINE__)); + +- if (pkt->auth_length == 0) { +- DEBUG(0, ("No auth field sent for bind request!\n")); ++ if (!p->allow_auth3) { ++ DEBUG(1, ("Pipe not in allow auth3 state.\n")); + goto err; + } + +- /* Ensure there's enough data for an authenticated request. */ +- if (pkt->frag_length < RPC_HEADER_LEN +- + DCERPC_AUTH_TRAILER_LENGTH +- + pkt->auth_length) { +- DEBUG(0,("api_pipe_ntlmssp_auth_process: auth_len " +- "%u is too large.\n", +- (unsigned int)pkt->auth_length)); ++ status = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_AUTH3, ++ pkt->u.auth3.auth_info.length, ++ 0, /* required flags */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST | ++ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | ++ 0x08 | /* this is not defined, but should be ignored */ ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | ++ DCERPC_PFC_FLAG_MAYBE | ++ DCERPC_PFC_FLAG_OBJECT_UUID); ++ if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", ++ nt_errstr(status))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ goto err; ++ } ++ ++ /* We can only finish if the pipe is unbound for now */ ++ if (p->pipe_bound) { ++ DEBUG(0, (__location__ ": Pipe already bound, " ++ "AUTH3 not supported!\n")); ++ goto err; ++ } ++ ++ if (pkt->auth_length == 0) { ++ DEBUG(1, ("No auth field sent for auth3 request!\n")); + goto err; + } + +@@ -1195,9 +1285,9 @@ bool api_pipe_bind_auth3(struct pipes_st + * Decode the authentication verifier response. + */ + +- status = dcerpc_pull_dcerpc_auth(pkt, +- &pkt->u.auth3.auth_info, +- &auth_info, p->endian); ++ status = dcerpc_pull_auth_trailer(pkt, pkt, ++ &pkt->u.auth3.auth_info, ++ &auth_info, NULL, true); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n")); + goto err; +@@ -1215,6 +1305,21 @@ bool api_pipe_bind_auth3(struct pipes_st + goto err; + } + ++ if (auth_info.auth_level != p->auth.auth_level) { ++ DEBUG(1, ("Auth level mismatch! Client sent %d, " ++ "but auth was started as level %d!\n", ++ auth_info.auth_level, p->auth.auth_level)); ++ goto err; ++ } ++ ++ if (auth_info.auth_context_id != p->auth.auth_context_id) { ++ DEBUG(0, ("Auth context id mismatch! Client sent %u, " ++ "but auth was started as level %u!\n", ++ (unsigned)auth_info.auth_context_id, ++ (unsigned)p->auth.auth_context_id)); ++ goto err; ++ } ++ + switch (auth_info.auth_type) { + case DCERPC_AUTH_TYPE_NTLMSSP: + ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, +@@ -1267,6 +1372,10 @@ bool api_pipe_bind_auth3(struct pipes_st + return true; + + err: ++ p->pipe_bound = false; ++ p->allow_bind = false; ++ p->allow_alter = false; ++ p->allow_auth3 = false; + + TALLOC_FREE(p->auth.auth_ctx); + return false; +@@ -1284,7 +1393,7 @@ static bool api_pipe_alter_context(struc + uint16 assoc_gid; + NTSTATUS status; + union dcerpc_payload u; +- struct dcerpc_ack_ctx bind_ack_ctx; ++ struct dcerpc_ack_ctx alter_ack_ctx; + DATA_BLOB auth_resp = data_blob_null; + DATA_BLOB auth_blob = data_blob_null; + int pad_len = 0; +@@ -1294,8 +1403,42 @@ static bool api_pipe_alter_context(struc + + DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__)); + +- if (pkt->u.bind.assoc_group_id != 0) { +- assoc_gid = pkt->u.bind.assoc_group_id; ++ if (!p->allow_alter) { ++ DEBUG(1, ("Pipe not in allow alter state.\n")); ++ goto err_exit; ++ } ++ ++ status = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_ALTER, ++ pkt->u.alter.auth_info.length, ++ 0, /* required flags */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST | ++ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | ++ 0x08 | /* this is not defined, but should be ignored */ ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | ++ DCERPC_PFC_FLAG_MAYBE | ++ DCERPC_PFC_FLAG_OBJECT_UUID); ++ if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", ++ nt_errstr(status))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ goto err_exit; ++ } ++ ++ if (pkt->u.alter.num_contexts == 0) { ++ DEBUG(1, ("api_pipe_alter_context: no rpc contexts around\n")); ++ goto err_exit; ++ } ++ ++ if (pkt->u.alter.ctx_list[0].num_transfer_syntaxes == 0) { ++ DEBUG(1, ("api_pipe_alter_context: no transfer syntaxes around\n")); ++ goto err_exit; ++ } ++ ++ if (pkt->u.alter.assoc_group_id != 0) { ++ assoc_gid = pkt->u.alter.assoc_group_id; + } else { + assoc_gid = 0x53f0; + } +@@ -1305,59 +1448,45 @@ static bool api_pipe_alter_context(struc + */ + + /* If the requested abstract synt uuid doesn't match our client pipe, +- reject the bind_ack & set the transfer interface synt to all 0's, ++ reject the alter_ack & set the transfer interface synt to all 0's, + ver 0 (observed when NT5 attempts to bind to abstract interfaces + unknown to NT4) + Needed when adding entries to a DACL from NT5 - SK */ + + if (check_bind_req(p, +- &pkt->u.bind.ctx_list[0].abstract_syntax, +- &pkt->u.bind.ctx_list[0].transfer_syntaxes[0], +- pkt->u.bind.ctx_list[0].context_id)) { +- +- bind_ack_ctx.result = 0; +- bind_ack_ctx.reason = 0; +- bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0]; ++ &pkt->u.alter.ctx_list[0].abstract_syntax, ++ &pkt->u.alter.ctx_list[0].transfer_syntaxes[0], ++ pkt->u.alter.ctx_list[0].context_id)) { ++ ++ alter_ack_ctx.result = 0; ++ alter_ack_ctx.reason = 0; ++ alter_ack_ctx.syntax = pkt->u.alter.ctx_list[0].transfer_syntaxes[0]; + } else { +- p->pipe_bound = False; + /* Rejection reason: abstract syntax not supported */ +- bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; +- bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; +- bind_ack_ctx.syntax = null_ndr_syntax_id; ++ alter_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; ++ alter_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; ++ alter_ack_ctx.syntax = null_ndr_syntax_id; + } + + /* + * Check if this is an authenticated alter context request. + */ + if (pkt->auth_length) { +- /* Quick length check. Won't catch a bad auth footer, +- * prevents overrun. */ +- +- if (pkt->frag_length < RPC_HEADER_LEN + +- DCERPC_AUTH_TRAILER_LENGTH + +- pkt->auth_length) { +- DEBUG(0,("api_pipe_alter_context: auth_len (%u) " +- "too long for fragment %u.\n", +- (unsigned int)pkt->auth_length, +- (unsigned int)pkt->frag_length )); ++ /* We can only finish if the pipe is unbound for now */ ++ if (p->pipe_bound) { ++ DEBUG(0, (__location__ ": Pipe already bound, " ++ "Altering Context not yet supported!\n")); + goto err_exit; + } + +- status = dcerpc_pull_dcerpc_auth(pkt, +- &pkt->u.bind.auth_info, +- &auth_info, p->endian); ++ status = dcerpc_pull_auth_trailer(pkt, pkt, ++ &pkt->u.alter.auth_info, ++ &auth_info, NULL, true); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); + goto err_exit; + } + +- /* We can only finish if the pipe is unbound for now */ +- if (p->pipe_bound) { +- DEBUG(0, (__location__ ": Pipe already bound, " +- "Altering Context not yet supported!\n")); +- goto err_exit; +- } +- + if (auth_info.auth_type != p->auth.auth_type) { + DEBUG(0, ("Auth type mismatch! Client sent %d, " + "but auth was started as type %d!\n", +@@ -1365,6 +1494,20 @@ static bool api_pipe_alter_context(struc + goto err_exit; + } + ++ if (auth_info.auth_level != p->auth.auth_level) { ++ DEBUG(0, ("Auth level mismatch! Client sent %d, " ++ "but auth was started as level %d!\n", ++ auth_info.auth_level, p->auth.auth_level)); ++ goto err_exit; ++ } ++ ++ if (auth_info.auth_context_id != p->auth.auth_context_id) { ++ DEBUG(0, ("Auth context id mismatch! Client sent %u, " ++ "but auth was started as level %u!\n", ++ (unsigned)auth_info.auth_context_id, ++ (unsigned)p->auth.auth_context_id)); ++ goto err_exit; ++ } + + switch (auth_info.auth_type) { + case DCERPC_AUTH_TYPE_SPNEGO: +@@ -1431,7 +1574,7 @@ static bool api_pipe_alter_context(struc + u.alter_resp.secondary_address_size = 1; + + u.alter_resp.num_results = 1; +- u.alter_resp.ctx_list = &bind_ack_ctx; ++ u.alter_resp.ctx_list = &alter_ack_ctx; + + /* NOTE: We leave the auth_info empty so we can calculate the padding + * later and then append the auth_info --simo */ +@@ -1451,8 +1594,9 @@ static bool api_pipe_alter_context(struc + &u, + &p->out_data.frag); + if (!NT_STATUS_IS_OK(status)) { +- DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", ++ DEBUG(0, ("Failed to marshall alter_resp packet. (%s)\n", + nt_errstr(status))); ++ goto err_exit; + } + + if (auth_resp.length) { +@@ -1469,7 +1613,7 @@ static bool api_pipe_alter_context(struc + auth_info.auth_type, + auth_info.auth_level, + pad_len, +- 1, /* auth_context_id */ ++ p->auth.auth_context_id, + &auth_resp, + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { +@@ -1618,6 +1762,7 @@ static bool api_pipe_request(struct pipe + + if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { + DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); ++ set_incoming_fault(p); + setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); + data_blob_free(&p->out_data.rdata); + TALLOC_FREE(frame); +@@ -1756,7 +1901,11 @@ void set_incoming_fault(struct pipes_str + data_blob_free(&p->in_data.data); + p->in_data.pdu_needed_len = 0; + p->in_data.pdu.length = 0; +- p->fault_state = DCERPC_FAULT_CANT_PERFORM; ++ p->fault_state = DCERPC_NCA_S_PROTO_ERROR; ++ ++ p->allow_alter = false; ++ p->allow_auth3 = false; ++ p->pipe_bound = false; + + DEBUG(10, ("Setting fault state\n")); + } +@@ -1767,7 +1916,6 @@ static NTSTATUS dcesrv_auth_request(stru + { + NTSTATUS status; + size_t hdr_size = DCERPC_REQUEST_LENGTH; +- size_t pad_len; + + DEBUG(10, ("Checking request auth.\n")); + +@@ -1778,25 +1926,11 @@ static NTSTATUS dcesrv_auth_request(stru + /* in case of sealing this function will unseal the data in place */ + status = dcerpc_check_auth(auth, pkt, + &pkt->u.request.stub_and_verifier, +- hdr_size, raw_pkt, +- &pad_len); ++ hdr_size, raw_pkt); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + +- +- /* remove padding and auth trailer, +- * this way the caller will get just the data */ +- if (pkt->auth_length) { +- size_t trail_len = pad_len +- + DCERPC_AUTH_TRAILER_LENGTH +- + pkt->auth_length; +- if (pkt->u.request.stub_and_verifier.length < trail_len) { +- return NT_STATUS_INFO_LENGTH_MISMATCH; +- } +- pkt->u.request.stub_and_verifier.length -= trail_len; +- } +- + return NT_STATUS_OK; + } + +@@ -1816,6 +1950,29 @@ static bool process_request_pdu(struct p + return False; + } + ++ /* ++ * We don't ignore DCERPC_PFC_FLAG_PENDING_CANCEL. ++ * TODO: we can reject it with DCERPC_FAULT_NO_CALL_ACTIVE later. ++ */ ++ status = dcerpc_verify_ncacn_packet_header(pkt, ++ DCERPC_PKT_REQUEST, ++ pkt->u.request.stub_and_verifier.length, ++ 0, /* required_flags */ ++ DCERPC_PFC_FLAG_FIRST | ++ DCERPC_PFC_FLAG_LAST | ++ 0x08 | /* this is not defined, but should be ignored */ ++ DCERPC_PFC_FLAG_CONC_MPX | ++ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | ++ DCERPC_PFC_FLAG_MAYBE | ++ DCERPC_PFC_FLAG_OBJECT_UUID); ++ if (!NT_STATUS_IS_OK(status)) { ++ DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", ++ nt_errstr(status))); ++ NDR_PRINT_DEBUG(ncacn_packet, pkt); ++ set_incoming_fault(p); ++ return false; ++ } ++ + /* Store the opnum */ + p->opnum = pkt->u.request.opnum; + +@@ -2065,7 +2222,7 @@ done: + "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(), + &p->syntax))); + set_incoming_fault(p); +- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); ++ setup_fault_pdu(p, NT_STATUS(DCERPC_NCA_S_PROTO_ERROR)); + TALLOC_FREE(pkt); + } else { + /* +--- a/source3/include/ntdomain.h ++++ b/source3/include/ntdomain.h +@@ -135,6 +135,13 @@ struct pipes_struct { + bool pipe_bound; + + /* ++ * States we can be in. ++ */ ++ bool allow_alter; ++ bool allow_bind; ++ bool allow_auth3; ++ ++ /* + * Set the DCERPC_FAULT to return. + */ + +--- a/source3/rpc_server/rpc_ncacn_np.c ++++ b/source3/rpc_server/rpc_ncacn_np.c +@@ -171,6 +171,7 @@ struct pipes_struct *make_internal_rpc_p + + p->syntax = *syntax; + p->transport = NCALRPC; ++ p->allow_bind = true; + + DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", + get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open)); +@@ -780,6 +781,7 @@ static NTSTATUS rpc_pipe_open_external(T + } + result->auth->auth_type = DCERPC_AUTH_TYPE_NONE; + result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE; ++ result->auth->auth_context_id = 0; + + status = rpccli_anon_bind_data(result, &auth); + if (!NT_STATUS_IS_OK(status)) { +--- a/source3/rpc_server/rpc_server.c ++++ b/source3/rpc_server/rpc_server.c +@@ -102,6 +102,7 @@ static int make_server_pipes_struct(TALL + p->syntax = id; + p->transport = transport; + p->ncalrpc_as_system = ncalrpc_as_system; ++ p->allow_bind = true; + + p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); + if (!p->mem_ctx) { +@@ -663,6 +664,12 @@ static void named_pipe_packet_done(struc + goto fail; + } + ++ if (npc->p->fault_state != 0) { ++ DEBUG(2, ("Disconnect after fault\n")); ++ sys_errno = EINVAL; ++ goto fail; ++ } ++ + /* clear out any data that may have been left around */ + npc->count = 0; + TALLOC_FREE(npc->iov); +@@ -1391,6 +1398,12 @@ static void dcerpc_ncacn_packet_done(str + goto fail; + } + ++ if (ncacn_conn->p->fault_state != 0) { ++ DEBUG(2, ("Disconnect after fault\n")); ++ sys_errno = EINVAL; ++ goto fail; ++ } ++ + /* clear out any data that may have been left around */ + ncacn_conn->count = 0; + TALLOC_FREE(ncacn_conn->iov); diff --git a/package/network/services/samba36/patches/023-CVE-2016-2110-v3-6.patch b/package/network/services/samba36/patches/023-CVE-2016-2110-v3-6.patch new file mode 100644 index 0000000000..0da66bf487 --- /dev/null +++ b/package/network/services/samba36/patches/023-CVE-2016-2110-v3-6.patch @@ -0,0 +1,255 @@ +From 202d69267c8550b850438877fb51c3d2c992949d Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Tue, 1 Dec 2015 08:46:45 +0100 +Subject: [PATCH 01/10] CVE-2016-2110: s3:ntlmssp: set and use + ntlmssp_state->allow_lm_key +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Günther Deschner +--- + source3/libsmb/ntlmssp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/source3/libsmb/ntlmssp.c ++++ b/source3/libsmb/ntlmssp.c +@@ -176,17 +176,19 @@ void ntlmssp_want_feature_list(struct nt + * also add NTLMSSP_NEGOTIATE_SEAL here. JRA. + */ + if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; + } + if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; + } + if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; + } + if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) { + ntlmssp_state->use_ccache = true; + } ++ ++ ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; + } + + /** +@@ -199,17 +201,20 @@ void ntlmssp_want_feature(struct ntlmssp + { + /* As per JRA's comment above */ + if (feature & NTLMSSP_FEATURE_SESSION_KEY) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; + } + if (feature & NTLMSSP_FEATURE_SIGN) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; + } + if (feature & NTLMSSP_FEATURE_SEAL) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; + } + if (feature & NTLMSSP_FEATURE_CCACHE) { + ntlmssp_state->use_ccache = true; + } ++ ++ ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; + } + + /** +@@ -387,7 +392,12 @@ static NTSTATUS ntlmssp_client_initial(s + } + + if (ntlmssp_state->use_ntlmv2) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; ++ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2; ++ ntlmssp_state->allow_lm_key = false; ++ } ++ ++ if (ntlmssp_state->allow_lm_key) { ++ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; + } + + /* generate the ntlmssp negotiate packet */ +@@ -422,6 +432,86 @@ static NTSTATUS ntlmssp_client_initial(s + return NT_STATUS_MORE_PROCESSING_REQUIRED; + } + ++static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, ++ uint32_t flags) ++{ ++ uint32_t missing_flags = ntlmssp_state->required_flags; ++ ++ if (flags & NTLMSSP_NEGOTIATE_UNICODE) { ++ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; ++ ntlmssp_state->unicode = true; ++ } else { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE; ++ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; ++ ntlmssp_state->unicode = false; ++ } ++ ++ /* ++ * NTLMSSP_NEGOTIATE_NTLM2 (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) ++ * has priority over NTLMSSP_NEGOTIATE_LM_KEY ++ */ ++ if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; ++ } ++ ++ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_LM_KEY)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_128)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_56)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; ++ } ++ ++ if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) { ++ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL; ++ } ++ ++ if ((flags & NTLMSSP_REQUEST_TARGET)) { ++ ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; ++ } ++ ++ missing_flags &= ~ntlmssp_state->neg_flags; ++ if (missing_flags != 0) { ++ NTSTATUS status = NT_STATUS_RPC_SEC_PKG_ERROR; ++ DEBUG(1, ("%s: Got challenge flags[0x%08x] " ++ "- possible downgrade detected! " ++ "missing_flags[0x%08x] - %s\n", ++ __func__, ++ (unsigned)flags, ++ (unsigned)missing_flags, ++ nt_errstr(status))); ++ debug_ntlmssp_flags(missing_flags); ++ DEBUGADD(4, ("neg_flags[0x%08x]\n", ++ (unsigned)ntlmssp_state->neg_flags)); ++ debug_ntlmssp_flags(ntlmssp_state->neg_flags); ++ ++ return status; ++ } ++ ++ return NT_STATUS_OK; ++} ++ + /** + * Next state function for the Challenge Packet. Generate an auth packet. + * +@@ -448,6 +538,26 @@ static NTSTATUS ntlmssp_client_challenge + DATA_BLOB encrypted_session_key = data_blob_null; + NTSTATUS nt_status = NT_STATUS_OK; + ++ if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", ++ "NTLMSSP", ++ &ntlmssp_command, ++ &server_domain_blob, ++ &chal_flags)) { ++ DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); ++ dump_data(2, reply.data, reply.length); ++ ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ data_blob_free(&server_domain_blob); ++ ++ DEBUG(3, ("Got challenge flags:\n")); ++ debug_ntlmssp_flags(chal_flags); ++ ++ nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags); ++ if (!NT_STATUS_IS_OK(nt_status)) { ++ return nt_status; ++ } ++ + if (ntlmssp_state->use_ccache) { + struct wbcCredentialCacheParams params; + struct wbcCredentialCacheInfo *info = NULL; +@@ -498,17 +608,6 @@ static NTSTATUS ntlmssp_client_challenge + + noccache: + +- if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", +- "NTLMSSP", +- &ntlmssp_command, +- &server_domain_blob, +- &chal_flags)) { +- DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); +- dump_data(2, reply.data, reply.length); +- +- return NT_STATUS_INVALID_PARAMETER; +- } +- + if (DEBUGLEVEL >= 10) { + struct CHALLENGE_MESSAGE *challenge = talloc( + talloc_tos(), struct CHALLENGE_MESSAGE); +@@ -525,13 +624,6 @@ noccache: + } + } + +- data_blob_free(&server_domain_blob); +- +- DEBUG(3, ("Got challenge flags:\n")); +- debug_ntlmssp_flags(chal_flags); +- +- ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth()); +- + if (ntlmssp_state->unicode) { + if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { + chal_parse_string = "CdUdbddB"; +@@ -769,6 +861,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX + ntlmssp_state->unicode = True; + + ntlmssp_state->use_ntlmv2 = use_ntlmv2; ++ ntlmssp_state->allow_lm_key = lp_client_lanman_auth(); + + ntlmssp_state->expected_state = NTLMSSP_INITIAL; + +@@ -780,6 +873,10 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX + NTLMSSP_NEGOTIATE_KEY_EXCH | + NTLMSSP_REQUEST_TARGET; + ++ if (ntlmssp_state->use_ntlmv2) { ++ ntlmssp_state->allow_lm_key = false; ++ } ++ + ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); + if (!ntlmssp_state->client.netbios_name) { + talloc_free(ntlmssp_state); +--- a/libcli/auth/ntlmssp.h ++++ b/libcli/auth/ntlmssp.h +@@ -83,6 +83,7 @@ struct ntlmssp_state + DATA_BLOB nt_resp; + DATA_BLOB session_key; + ++ uint32_t required_flags; + uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ + + /** diff --git a/package/network/services/samba36/patches/024-CVE-2016-2111-v3-6.patch b/package/network/services/samba36/patches/024-CVE-2016-2111-v3-6.patch new file mode 100644 index 0000000000..7f7f413c2f --- /dev/null +++ b/package/network/services/samba36/patches/024-CVE-2016-2111-v3-6.patch @@ -0,0 +1,681 @@ +From ee105156fa151ebfd34b8febc2928e144b3b7b0e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Sat, 26 Sep 2015 01:29:10 +0200 +Subject: [PATCH 01/15] CVE-2016-2111: s3:rpc_server/netlogon: always go + through netr_creds_server_step_check() + +The ensures we apply the "server schannel = yes" restrictions. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 + +Pair-Programmed-With: Stefan Metzmacher + +Signed-off-by: Guenther Deschner +Signed-off-by: Stefan Metzmacher +--- + source3/rpc_server/netlogon/srv_netlog_nt.c | 24 ++++++++++++++---------- + 1 file changed, 14 insertions(+), 10 deletions(-) + +--- a/source3/rpc_server/netlogon/srv_netlog_nt.c ++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c +@@ -1508,6 +1508,7 @@ static NTSTATUS _netr_LogonSamLogon_base + case NetlogonNetworkTransitiveInformation: + { + const char *wksname = nt_workstation; ++ const char *workgroup = lp_workgroup(); + + status = make_auth_context_fixed(talloc_tos(), &auth_context, + logon->network->challenge); +@@ -1532,6 +1533,14 @@ static NTSTATUS _netr_LogonSamLogon_base + logon->network->nt.length)) { + status = NT_STATUS_NO_MEMORY; + } ++ ++ if (NT_STATUS_IS_OK(status)) { ++ status = NTLMv2_RESPONSE_verify_netlogon_creds( ++ user_info->client.account_name, ++ user_info->client.domain_name, ++ user_info->password.response.nt, ++ creds, workgroup); ++ } + break; + } + case NetlogonInteractiveInformation: +@@ -1636,6 +1645,14 @@ static NTSTATUS _netr_LogonSamLogon_base + r->out.validation->sam3); + break; + case 6: ++ /* Only allow this if the pipe is protected. */ ++ if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { ++ DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n", ++ get_remote_machine_name())); ++ status = NT_STATUS_INVALID_PARAMETER; ++ break; ++ } ++ + status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16, + r->out.validation->sam6); + break; +@@ -2271,11 +2288,13 @@ NTSTATUS _netr_GetForestTrustInformation + + /* TODO: check server name */ + +- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), +- r->in.computer_name, +- r->in.credential, +- r->out.return_authenticator, +- &creds); ++ become_root(); ++ status = netr_creds_server_step_check(p, p->mem_ctx, ++ r->in.computer_name, ++ r->in.credential, ++ r->out.return_authenticator, ++ &creds); ++ unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } +@@ -2371,11 +2390,13 @@ NTSTATUS _netr_ServerGetTrustInfo(struct + + /* TODO: check server name */ + +- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), +- r->in.computer_name, +- r->in.credential, +- r->out.return_authenticator, +- &creds); ++ become_root(); ++ status = netr_creds_server_step_check(p, p->mem_ctx, ++ r->in.computer_name, ++ r->in.credential, ++ r->out.return_authenticator, ++ &creds); ++ unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } +--- a/source4/torture/rpc/samba3rpc.c ++++ b/source4/torture/rpc/samba3rpc.c +@@ -1122,8 +1122,8 @@ static bool schan(struct torture_context + generate_random_buffer(chal.data, chal.length); + names_blob = NTLMv2_generate_names_blob( + mem_ctx, +- cli_credentials_get_workstation(user_creds), +- cli_credentials_get_domain(user_creds)); ++ cli_credentials_get_workstation(wks_creds), ++ cli_credentials_get_domain(wks_creds)); + status = cli_credentials_get_ntlm_response( + user_creds, mem_ctx, &flags, chal, names_blob, + &lm_resp, &nt_resp, NULL, NULL); +--- a/libcli/auth/proto.h ++++ b/libcli/auth/proto.h +@@ -139,6 +139,11 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ct + const DATA_BLOB *names_blob, + DATA_BLOB *lm_response, DATA_BLOB *nt_response, + DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; ++NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, ++ const char *account_domain, ++ const DATA_BLOB response, ++ const struct netlogon_creds_CredentialState *creds, ++ const char *workgroup); + + /*********************************************************** + encode a password buffer with a unicode password. The buffer +--- a/libcli/auth/smbencrypt.c ++++ b/libcli/auth/smbencrypt.c +@@ -26,7 +26,7 @@ + #include "../libcli/auth/msrpc_parse.h" + #include "../lib/crypto/crypto.h" + #include "../libcli/auth/libcli_auth.h" +-#include "../librpc/gen_ndr/ntlmssp.h" ++#include "../librpc/gen_ndr/ndr_ntlmssp.h" + + void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]) + { +@@ -522,6 +522,146 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ct + lm_response, nt_response, lm_session_key, user_session_key); + } + ++NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, ++ const char *account_domain, ++ const DATA_BLOB response, ++ const struct netlogon_creds_CredentialState *creds, ++ const char *workgroup) ++{ ++ TALLOC_CTX *frame = NULL; ++ /* RespType + HiRespType */ ++ static const char *magic = "\x01\x01"; ++ int cmp; ++ struct NTLMv2_RESPONSE v2_resp; ++ enum ndr_err_code err; ++ const struct AV_PAIR *av_nb_cn = NULL; ++ const struct AV_PAIR *av_nb_dn = NULL; ++ ++ if (response.length < 48) { ++ /* ++ * NTLMv2_RESPONSE has at least 48 bytes. ++ */ ++ return NT_STATUS_OK; ++ } ++ ++ cmp = memcmp(response.data + 16, magic, 2); ++ if (cmp != 0) { ++ /* ++ * It doesn't look like a valid NTLMv2_RESPONSE ++ */ ++ return NT_STATUS_OK; ++ } ++ ++ frame = talloc_stackframe(); ++ ++ err = ndr_pull_struct_blob(&response, frame, &v2_resp, ++ (ndr_pull_flags_fn_t)ndr_pull_NTLMv2_RESPONSE); ++ if (!NDR_ERR_CODE_IS_SUCCESS(err)) { ++ NTSTATUS status; ++ status = ndr_map_error2ntstatus(err); ++ DEBUG(2,("Failed to parse NTLMv2_RESPONSE " ++ "length %u - %s - %s\n", ++ (unsigned)response.length, ++ ndr_map_error2string(err), ++ nt_errstr(status))); ++ dump_data(2, response.data, response.length); ++ TALLOC_FREE(frame); ++ return status; ++ } ++ ++ if (DEBUGLVL(10)) { ++ NDR_PRINT_DEBUG(NTLMv2_RESPONSE, &v2_resp); ++ } ++ ++ /* ++ * Make sure the netbios computer name in the ++ * NTLMv2_RESPONSE matches the computer name ++ * in the secure channel credentials for workstation ++ * trusts. ++ * ++ * And the netbios domain name matches our ++ * workgroup. ++ * ++ * This prevents workstations from requesting ++ * the session key of NTLMSSP sessions of clients ++ * to other hosts. ++ */ ++ if (creds->secure_channel_type == SEC_CHAN_WKSTA) { ++ av_nb_cn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, ++ MsvAvNbComputerName); ++ av_nb_dn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, ++ MsvAvNbDomainName); ++ } ++ ++ if (av_nb_cn != NULL) { ++ const char *v = NULL; ++ char *a = NULL; ++ size_t len; ++ ++ v = av_nb_cn->Value.AvNbComputerName; ++ ++ a = talloc_strdup(frame, creds->account_name); ++ if (a == NULL) { ++ TALLOC_FREE(frame); ++ return NT_STATUS_NO_MEMORY; ++ } ++ len = strlen(a); ++ if (len > 0 && a[len - 1] == '$') { ++ a[len - 1] = '\0'; ++ } ++ ++#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ ++ cmp = strcasecmp_m(a, v); ++#else /* smbd */ ++ cmp = StrCaseCmp(a, v); ++#endif ++ if (cmp != 0) { ++ DEBUG(2,("%s: NTLMv2_RESPONSE with " ++ "NbComputerName[%s] rejected " ++ "for user[%s\\%s] " ++ "against SEC_CHAN_WKSTA[%s/%s] " ++ "in workgroup[%s]\n", ++ __func__, v, ++ account_domain, ++ account_name, ++ creds->computer_name, ++ creds->account_name, ++ workgroup)); ++ TALLOC_FREE(frame); ++ return NT_STATUS_LOGON_FAILURE; ++ } ++ } ++ if (av_nb_dn != NULL) { ++ const char *v = NULL; ++ ++ v = av_nb_dn->Value.AvNbDomainName; ++ ++#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ ++ cmp = strcasecmp_m(workgroup, v); ++#else /* smbd */ ++ cmp = StrCaseCmp(workgroup, v); ++#endif ++ if (cmp != 0) { ++ DEBUG(2,("%s: NTLMv2_RESPONSE with " ++ "NbDomainName[%s] rejected " ++ "for user[%s\\%s] " ++ "against SEC_CHAN_WKSTA[%s/%s] " ++ "in workgroup[%s]\n", ++ __func__, v, ++ account_domain, ++ account_name, ++ creds->computer_name, ++ creds->account_name, ++ workgroup)); ++ TALLOC_FREE(frame); ++ return NT_STATUS_LOGON_FAILURE; ++ } ++ } ++ ++ TALLOC_FREE(frame); ++ return NT_STATUS_OK; ++} ++ + /*********************************************************** + encode a password buffer with a unicode password. The buffer + is filled with random data to make it harder to attack. +--- a/libcli/auth/wscript_build ++++ b/libcli/auth/wscript_build +@@ -19,7 +19,7 @@ bld.SAMBA_SUBSYSTEM('MSRPC_PARSE', + + bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH', + source='credentials.c session.c smbencrypt.c smbdes.c', +- public_deps='MSRPC_PARSE', ++ public_deps='MSRPC_PARSE NDR_NTLMSSP', + public_headers='credentials.h:domain_credentials.h' + ) + +--- a/source3/Makefile.in ++++ b/source3/Makefile.in +@@ -783,6 +783,7 @@ GROUPDB_OBJ = groupdb/mapping.o groupdb/ + PROFILE_OBJ = profile/profile.o + PROFILES_OBJ = utils/profiles.o \ + $(LIBSMB_ERR_OBJ) \ ++ $(LIBNDR_NTLMSSP_OBJ) \ + $(PARAM_OBJ) \ + $(LIB_OBJ) $(LIB_DUMMY_OBJ) \ + $(POPT_LIB_OBJ) \ +@@ -995,10 +996,10 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(P + STATUS_OBJ = utils/status.o utils/status_profile.o \ + $(LOCKING_OBJ) $(PARAM_OBJ) \ + $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ +- $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ) ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) + + SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ +- $(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ) ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ) + + SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ + $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ +@@ -1012,11 +1013,11 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OB + + TESTPARM_OBJ = utils/testparm.o \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ +- $(LIBSMB_ERR_OBJ) ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) + + SMBTA_UTIL_OBJ = utils/smbta-util.o $(PARAM_OBJ) $(POPT_LIB_OBJ) \ + $(LIB_NONSMBD_OBJ) \ +- $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ) ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) + + TEST_LP_LOAD_OBJ = param/test_lp_load.o \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ +@@ -1146,6 +1147,7 @@ SMBCONFTORT_OBJ = $(SMBCONFTORT_OBJ0) \ + $(LIB_NONSMBD_OBJ) \ + $(PARAM_OBJ) \ + $(LIBSMB_ERR_OBJ) \ ++ $(LIBNDR_NTLMSSP_OBJ) \ + $(POPT_LIB_OBJ) + + PTHREADPOOLTEST_OBJ = lib/pthreadpool/pthreadpool.o \ +@@ -1229,7 +1231,7 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ + $(LIBNDR_GEN_OBJ0) + + NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \ +- $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) ++ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) + + SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ + torture/denytest.o torture/mangle_test.o \ +@@ -1253,6 +1255,7 @@ MASKTEST_OBJ = torture/masktest.o $(PARA + $(LIBNDR_GEN_OBJ0) + + MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) \ ++ $(LIBNDR_NTLMSSP_OBJ) \ + $(LIB_NONSMBD_OBJ) \ + $(LIBNDR_GEN_OBJ0) + +@@ -1269,7 +1272,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_ + + VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) + +-SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) ++SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) + + LOG2PCAP_OBJ = utils/log2pcaphex.o + +@@ -1297,17 +1300,17 @@ SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LI + EVTLOGADM_OBJ0 = utils/eventlogadm.o + + EVTLOGADM_OBJ = $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ +- $(LIBSMB_ERR_OBJ) $(LIB_EVENTLOG_OBJ) \ ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIB_EVENTLOG_OBJ) \ + librpc/gen_ndr/ndr_eventlog.o \ + librpc/gen_ndr/ndr_lsa.o + + SHARESEC_OBJ0 = utils/sharesec.o + SHARESEC_OBJ = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ +- $(LIBSMB_ERR_OBJ) \ ++ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) \ + $(POPT_LIB_OBJ) + + TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \ +- $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) ++ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) + + REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \ + @libreplacedir@/test/getifaddrs.o \ +@@ -1323,7 +1326,7 @@ SMBFILTER_OBJ = utils/smbfilter.o $(PARA + $(LIBNDR_GEN_OBJ0) + + WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \ +- $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ) ++ $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIBNMB_OBJ) + + PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ + pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o +@@ -1531,12 +1534,14 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp. + DBWRAP_TOOL_OBJ = utils/dbwrap_tool.o \ + $(PARAM_OBJ) \ + $(LIB_NONSMBD_OBJ) \ +- $(LIBSMB_ERR_OBJ) ++ $(LIBSMB_ERR_OBJ) \ ++ $(LIBNDR_NTLMSSP_OBJ) + + DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \ + $(PARAM_OBJ) \ + $(LIB_NONSMBD_OBJ) \ + $(LIBSMB_ERR_OBJ) \ ++ $(LIBNDR_NTLMSSP_OBJ) \ + $(POPT_LIB_OBJ) + + SPLIT_TOKENS_OBJ = utils/split_tokens.o \ +--- a/source4/torture/raw/samba3misc.c ++++ b/source4/torture/raw/samba3misc.c +@@ -340,6 +340,7 @@ bool torture_samba3_badpath(struct tortu + bool ret = true; + TALLOC_CTX *mem_ctx; + bool nt_status_support; ++ bool client_ntlmv2_auth; + + if (!(mem_ctx = talloc_init("torture_samba3_badpath"))) { + d_printf("talloc_init failed\n"); +@@ -347,20 +348,17 @@ bool torture_samba3_badpath(struct tortu + } + + nt_status_support = lpcfg_nt_status_support(torture->lp_ctx); ++ client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx); + +- if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes")) { +- printf("Could not set 'nt status support = yes'\n"); +- goto fail; +- } ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n"); ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n"); + + if (!torture_open_connection(&cli_nt, torture, 0)) { + goto fail; + } + +- if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no")) { +- printf("Could not set 'nt status support = yes'\n"); +- goto fail; +- } ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n"); ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n"); + + if (!torture_open_connection(&cli_dos, torture, 1)) { + goto fail; +@@ -373,6 +371,12 @@ bool torture_samba3_badpath(struct tortu + } + + smbcli_deltree(cli_nt->tree, dirname); ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", ++ nt_status_support ? "yes":"no"), ++ ret, fail, "Could not set 'nt status support' back to where it was\n"); ++ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", ++ client_ntlmv2_auth ? "yes":"no"), ++ ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n"); + + status = smbcli_mkdir(cli_nt->tree, dirname); + if (!NT_STATUS_IS_OK(status)) { +--- a/source4/torture/basic/base.c ++++ b/source4/torture/basic/base.c +@@ -1476,6 +1476,7 @@ static bool torture_chkpath_test(struct + static bool torture_samba3_errorpaths(struct torture_context *tctx) + { + bool nt_status_support; ++ bool client_ntlmv2_auth; + struct smbcli_state *cli_nt = NULL, *cli_dos = NULL; + bool result = false; + int fnum; +@@ -1485,18 +1486,27 @@ static bool torture_samba3_errorpaths(st + NTSTATUS status; + + nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx); ++ client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx); + + if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) { + torture_comment(tctx, "Could not set 'nt status support = yes'\n"); + goto fail; + } ++ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) { ++ torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n"); ++ goto fail; ++ } + + if (!torture_open_connection(&cli_nt, tctx, 0)) { + goto fail; + } + + if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) { +- torture_comment(tctx, "Could not set 'nt status support = yes'\n"); ++ torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n"); ++ goto fail; ++ } ++ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) { ++ torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n"); + goto fail; + } + +@@ -1506,7 +1516,12 @@ static bool torture_samba3_errorpaths(st + + if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", + nt_status_support ? "yes":"no")) { +- torture_comment(tctx, "Could not reset 'nt status support = yes'"); ++ torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'"); ++ goto fail; ++ } ++ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", ++ client_ntlmv2_auth ? "yes":"no")) { ++ torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'"); + goto fail; + } + +--- a/source3/libsmb/cliconnect.c ++++ b/source3/libsmb/cliconnect.c +@@ -2077,6 +2077,17 @@ NTSTATUS cli_session_setup(struct cli_st + NTSTATUS status; + + /* otherwise do a NT1 style session setup */ ++ if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) { ++ /* ++ * Don't send an NTLMv2 response without NTLMSSP ++ * if we want to use spnego support ++ */ ++ DEBUG(1, ("Server does not support EXTENDED_SECURITY " ++ " but 'client use spnego = yes" ++ " and 'client ntlmv2 auth = yes'\n")); ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + status = cli_session_setup_nt1(cli, user, pass, passlen, + ntpass, ntpasslen, workgroup); + if (!NT_STATUS_IS_OK(status)) { +--- a/docs-xml/smbdotconf/protocol/clientusespnego.xml ++++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml +@@ -9,6 +9,11 @@ + supporting servers (including WindowsXP, Windows2000 and Samba + 3.0) to agree upon an authentication + mechanism. This enables Kerberos authentication in particular. ++ ++ When is also set to ++ yes extended security (SPNEGO) is required ++ in order to use NTLMv2 only within NTLMSSP. This behavior was ++ introduced with the patches for CVE-2016-2111. + + + yes +--- a/docs-xml/smbdotconf/security/clientntlmv2auth.xml ++++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml +@@ -28,6 +28,11 @@ + NTLMv2 by default, and some sites (particularly those following + 'best practice' security polices) only allow NTLMv2 responses, and + not the weaker LM or NTLM. ++ ++ When is also set to ++ yes extended security (SPNEGO) is required ++ in order to use NTLMv2 only within NTLMSSP. This behavior was ++ introduced with the patches for CVE-2016-2111. + + yes + +--- /dev/null ++++ b/docs-xml/smbdotconf/security/rawntlmv2auth.xml +@@ -0,0 +1,19 @@ ++ ++ ++ This parameter determines whether or not smbd ++ 8 will allow SMB1 clients without ++ extended security (without SPNEGO) to use NTLMv2 authentication. ++ ++ If this option, lanman auth ++ and ntlm auth are all disabled, ++ then only clients with SPNEGO support will be permitted. ++ That means NTLMv2 is only supported within NTLMSSP. ++ ++ ++lanman auth ++ntlm auth ++no ++ +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -1489,6 +1489,7 @@ bool lp_map_untrusted_to_domain(void); + int lp_restrict_anonymous(void); + bool lp_lanman_auth(void); + bool lp_ntlm_auth(void); ++bool lp_raw_ntlmv2_auth(void); + bool lp_client_plaintext_auth(void); + bool lp_client_lanman_auth(void); + bool lp_client_ntlmv2_auth(void); +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -336,6 +336,7 @@ struct global { + bool bAllowTrustedDomains; + bool bLanmanAuth; + bool bNTLMAuth; ++ bool bRawNTLMv2Auth; + bool bUseSpnego; + bool bClientLanManAuth; + bool bClientNTLMv2Auth; +@@ -1383,6 +1384,15 @@ static struct parm_struct parm_table[] = + .flags = FLAG_ADVANCED, + }, + { ++ .label = "raw NTLMv2 auth", ++ .type = P_BOOL, ++ .p_class = P_GLOBAL, ++ .ptr = &Globals.bRawNTLMv2Auth, ++ .special = NULL, ++ .enum_list = NULL, ++ .flags = FLAG_ADVANCED, ++ }, ++ { + .label = "client NTLMv2 auth", + .type = P_BOOL, + .p_class = P_GLOBAL, +@@ -5337,6 +5347,7 @@ static void init_globals(bool reinit_glo + Globals.bClientPlaintextAuth = False; /* Do NOT use a plaintext password even if is requested by the server */ + Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */ + Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */ ++ Globals.bRawNTLMv2Auth = false; /* Allow NTLMv2 without NTLMSSP */ + Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ + /* Note, that we will also use NTLM2 session security (which is different), if it is available */ + +@@ -5819,6 +5830,7 @@ FN_GLOBAL_BOOL(lp_map_untrusted_to_domai + FN_GLOBAL_INTEGER(lp_restrict_anonymous, &Globals.restrict_anonymous) + FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth) + FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) ++FN_GLOBAL_BOOL(lp_raw_ntlmv2_auth, &Globals.bRawNTLMv2Auth) + FN_GLOBAL_BOOL(lp_client_plaintext_auth, &Globals.bClientPlaintextAuth) + FN_GLOBAL_BOOL(lp_client_lanman_auth, &Globals.bClientLanManAuth) + FN_GLOBAL_BOOL(lp_client_ntlmv2_auth, &Globals.bClientNTLMv2Auth) +--- a/source3/auth/auth_util.c ++++ b/source3/auth/auth_util.c +@@ -30,6 +30,7 @@ + #include "../lib/util/util_pw.h" + #include "lib/winbind_util.h" + #include "passdb.h" ++#include "../lib/tsocket/tsocket.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_AUTH +@@ -367,6 +368,19 @@ NTSTATUS make_user_info_for_reply_enc(st + const char *client_domain, + DATA_BLOB lm_resp, DATA_BLOB nt_resp) + { ++ bool allow_raw = lp_raw_ntlmv2_auth(); ++ ++ if (!allow_raw && nt_resp.length >= 48) { ++ /* ++ * NTLMv2_RESPONSE has at least 48 bytes ++ * and should only be supported via NTLMSSP. ++ */ ++ DEBUG(2,("Rejecting raw NTLMv2 authentication with " ++ "user [%s\\%s]\n", ++ client_domain, smb_name)); ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ + return make_user_info_map(user_info, smb_name, + client_domain, + get_remote_machine_name(), +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -127,6 +127,7 @@ sub setup_dc($$) + domain master = yes + domain logons = yes + lanman auth = yes ++ raw NTLMv2 auth = yes + "; + + my $vars = $self->provision($path, +@@ -230,6 +231,7 @@ sub setup_secserver($$$) + my $secserver_options = " + security = server + password server = $s3dcvars->{SERVER_IP} ++ client ntlmv2 auth = no + "; + + my $ret = $self->provision($prefix, diff --git a/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch b/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch new file mode 100644 index 0000000000..78e0a66979 --- /dev/null +++ b/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch @@ -0,0 +1,129 @@ +From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 30 Mar 2016 16:55:44 +0200 +Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing + ntlmssp_have_feature() + +Signed-off-by: Andreas Schneider +--- + source3/include/proto.h | 1 + + source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntl + NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; + void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); + void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); ++bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); + NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, + const DATA_BLOB in, DATA_BLOB *out) ; + NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, +--- a/source3/libsmb/ntlmssp.c ++++ b/source3/libsmb/ntlmssp.c +@@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlms + return NT_STATUS_OK; + } + ++bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, ++ uint32_t feature) ++{ ++ if (feature & NTLMSSP_FEATURE_SIGN) { ++ if (ntlmssp_state->session_key.length == 0) { ++ return false; ++ } ++ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { ++ return true; ++ } ++ } ++ ++ if (feature & NTLMSSP_FEATURE_SEAL) { ++ if (ntlmssp_state->session_key.length == 0) { ++ return false; ++ } ++ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { ++ return true; ++ } ++ } ++ ++ if (feature & NTLMSSP_FEATURE_SESSION_KEY) { ++ if (ntlmssp_state->session_key.length > 0) { ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + /** + * Request features for the NTLMSSP negotiation + * +--- a/source3/libads/sasl.c ++++ b/source3/libads/sasl.c +@@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmss + /* we have a reference conter on ntlmssp_state, if we are signing + then the state will be kept by the signing engine */ + ++ if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) { ++ bool ok; ++ ++ ok = ntlmssp_have_feature(ntlmssp_state, ++ NTLMSSP_FEATURE_SEAL); ++ if (!ok) { ++ DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n")); ++ TALLOC_FREE(ntlmssp_state); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); ++ } ++ ++ ok = ntlmssp_have_feature(ntlmssp_state, ++ NTLMSSP_FEATURE_SIGN); ++ if (!ok) { ++ DEBUG(0,("The ntlmssp feature signing request, but unavailable\n")); ++ TALLOC_FREE(ntlmssp_state); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); ++ } ++ ++ } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) { ++ bool ok; ++ ++ ok = ntlmssp_have_feature(ntlmssp_state, ++ NTLMSSP_FEATURE_SIGN); ++ if (!ok) { ++ DEBUG(0,("The gensec feature signing request, but unavailable\n")); ++ TALLOC_FREE(ntlmssp_state); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); ++ } ++ } ++ + if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { + ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE; + ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE; +--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml ++++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +@@ -34,11 +34,9 @@ + + + +- The default value is plain which is not irritable +- to KRB5 clock skew errors. That implies synchronizing the time +- with the KDC in the case of using sign or +- seal. ++ The default value is sign. That implies synchronizing the time ++ with the KDC in the case of using Kerberos. + + +-plain ++sign + +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_glo + Globals.ldap_debug_level = 0; + Globals.ldap_debug_threshold = 10; + ++ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN; ++ + /* This is what we tell the afs client. in reality we set the token + * to never expire, though, when this runs out the afs client will + * forget the token. Set to 0 to get NEVERDATE.*/ diff --git a/package/network/services/samba36/patches/026-CVE-2016-2115-v3-6.patch b/package/network/services/samba36/patches/026-CVE-2016-2115-v3-6.patch new file mode 100644 index 0000000000..5618fb4eff --- /dev/null +++ b/package/network/services/samba36/patches/026-CVE-2016-2115-v3-6.patch @@ -0,0 +1,256 @@ +From 513bd34e4523e49e742487be32a7239111486a12 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Sat, 27 Feb 2016 03:43:58 +0100 +Subject: [PATCH 1/4] CVE-2016-2115: docs-xml: add "client ipc signing" option + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Ralph Boehme +--- + docs-xml/smbdotconf/security/clientipcsigning.xml | 23 +++++++++++++++++++++++ + docs-xml/smbdotconf/security/clientsigning.xml | 3 +++ + source3/include/proto.h | 1 + + source3/param/loadparm.c | 12 ++++++++++++ + 4 files changed, 39 insertions(+) + create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml + +--- /dev/null ++++ b/docs-xml/smbdotconf/security/clientipcsigning.xml +@@ -0,0 +1,23 @@ ++ ++ ++ This controls whether the client is allowed or required to use SMB signing for IPC$ ++ connections as DCERPC transport inside of winbind. Possible values ++ are auto, mandatory ++ and disabled. ++ ++ ++ When set to auto, SMB signing is offered, but not enforced and if set ++ to disabled, SMB signing is not offered either. ++ ++ Connections from winbindd to Active Directory Domain Controllers ++ always enforce signing. ++ ++ ++client signing ++ ++mandatory ++ +--- a/docs-xml/smbdotconf/security/clientsigning.xml ++++ b/docs-xml/smbdotconf/security/clientsigning.xml +@@ -12,6 +12,9 @@ + When set to auto, SMB signing is offered, but not enforced. + When set to mandatory, SMB signing is required and if set + to disabled, SMB signing is not offered either. ++ ++ IPC$ connections for DCERPC e.g. in winbindd, are handled by the ++ option. + + + +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -1690,9 +1690,11 @@ int lp_winbind_cache_time(void); + int lp_winbind_reconnect_delay(void); + int lp_winbind_max_clients(void); + const char **lp_winbind_nss_info(void); ++bool lp_winbind_sealed_pipes(void); + int lp_algorithmic_rid_base(void); + int lp_name_cache_timeout(void); + int lp_client_signing(void); ++int lp_client_ipc_signing(void); + int lp_server_signing(void); + int lp_client_ldap_sasl_wrapping(void); + char *lp_parm_talloc_string(int snum, const char *type, const char *option, const char *def); +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -215,6 +215,7 @@ struct global { + int winbind_expand_groups; + bool bWinbindRefreshTickets; + bool bWinbindOfflineLogon; ++ bool bWinbindSealedPipes; + bool bWinbindNormalizeNames; + bool bWinbindRpcOnly; + bool bCreateKrb5Conf; +@@ -366,6 +367,7 @@ struct global { + int restrict_anonymous; + int name_cache_timeout; + int client_signing; ++ int client_ipc_signing; + int server_signing; + int client_ldap_sasl_wrapping; + int iUsershareMaxShares; +@@ -2319,6 +2321,15 @@ static struct parm_struct parm_table[] = + .flags = FLAG_ADVANCED, + }, + { ++ .label = "client ipc signing", ++ .type = P_ENUM, ++ .p_class = P_GLOBAL, ++ .ptr = &Globals.client_ipc_signing, ++ .special = NULL, ++ .enum_list = enum_smb_signing_vals, ++ .flags = FLAG_ADVANCED, ++ }, ++ { + .label = "server signing", + .type = P_ENUM, + .p_class = P_GLOBAL, +@@ -4765,6 +4776,15 @@ static struct parm_struct parm_table[] = + .flags = FLAG_ADVANCED, + }, + { ++ .label = "winbind sealed pipes", ++ .type = P_BOOL, ++ .p_class = P_GLOBAL, ++ .ptr = &Globals.bWinbindSealedPipes, ++ .special = NULL, ++ .enum_list = NULL, ++ .flags = FLAG_ADVANCED, ++ }, ++ { + .label = "winbind normalize names", + .type = P_BOOL, + .p_class = P_GLOBAL, +@@ -5458,6 +5478,7 @@ static void init_globals(bool reinit_glo + Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); + Globals.bWinbindRefreshTickets = False; + Globals.bWinbindOfflineLogon = False; ++ Globals.bWinbindSealedPipes = True; + + Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */ + Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */ +@@ -5470,6 +5491,7 @@ static void init_globals(bool reinit_glo + Globals.bClientUseSpnego = True; + + Globals.client_signing = Auto; ++ Globals.client_ipc_signing = Required; + Globals.server_signing = False; + + Globals.bDeferSharingViolations = True; +@@ -5736,6 +5758,7 @@ FN_GLOBAL_BOOL(lp_winbind_nested_groups, + FN_GLOBAL_INTEGER(lp_winbind_expand_groups, &Globals.winbind_expand_groups) + FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets) + FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon) ++FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes) + FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames) + FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly) + FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf) +@@ -6071,6 +6094,7 @@ FN_GLOBAL_LIST(lp_winbind_nss_info, &Glo + FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) + FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) + FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) ++FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing) + FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing) + FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping) + +@@ -9700,6 +9724,20 @@ static bool lp_load_ex(const char *pszFn + lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1"); + } + ++ if (!lp_is_in_client()) { ++ switch (lp_client_ipc_signing()) { ++ case Required: ++ lp_set_cmdline("client signing", "mandatory"); ++ break; ++ case Auto: ++ lp_set_cmdline("client signing", "auto"); ++ break; ++ case False: ++ lp_set_cmdline("client signing", "disabled"); ++ break; ++ } ++ } ++ + init_iconv(); + + bAllowIncludeRegistry = true; +--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c ++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c +@@ -2480,7 +2480,7 @@ static bool spoolss_connect_to_client(st + "", /* username */ + "", /* domain */ + "", /* password */ +- 0, lp_client_signing()); ++ 0, False); + + if ( !NT_STATUS_IS_OK( ret ) ) { + DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n", +--- /dev/null ++++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml +@@ -0,0 +1,15 @@ ++ ++ ++ This option controls whether any requests from winbindd to domain controllers ++ pipe will be sealed. Disabling sealing can be useful for debugging ++ purposes. ++ ++ The behavior can be controlled per netbios domain ++ by using 'winbind sealed pipes:NETBIOSDOMAIN = no' as option. ++ ++ ++yes ++ +--- a/source3/winbindd/winbindd_cm.c ++++ b/source3/winbindd/winbindd_cm.c +@@ -2384,6 +2384,15 @@ NTSTATUS cm_connect_sam(struct winbindd_ + TALLOC_FREE(conn->samr_pipe); + + anonymous: ++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { ++ status = NT_STATUS_DOWNGRADE_DETECTED; ++ DEBUG(1, ("Unwilling to make SAMR connection to domain %s " ++ "without connection level security, " ++ "must set 'winbind sealed pipes = false' " ++ "to proceed: %s\n", ++ domain->name, nt_errstr(status))); ++ goto done; ++ } + + /* Finally fall back to anonymous. */ + status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id, +@@ -2610,6 +2619,16 @@ NTSTATUS cm_connect_lsa(struct winbindd_ + + anonymous: + ++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { ++ result = NT_STATUS_DOWNGRADE_DETECTED; ++ DEBUG(1, ("Unwilling to make LSA connection to domain %s " ++ "without connection level security, " ++ "must set 'winbind sealed pipes = false' " ++ "to proceed: %s\n", ++ domain->name, nt_errstr(result))); ++ goto done; ++ } ++ + result = cli_rpc_pipe_open_noauth(conn->cli, + &ndr_table_lsarpc.syntax_id, + &conn->lsa_pipe); +@@ -2749,7 +2768,18 @@ NTSTATUS cm_connect_netlogon(struct winb + + no_schannel: + if ((lp_client_schannel() == False) || +- ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { ++ ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { ++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { ++ result = NT_STATUS_DOWNGRADE_DETECTED; ++ DEBUG(1, ("Unwilling to make connection to domain %s " ++ "without connection level security, " ++ "must set 'winbind sealed pipes = false' " ++ "to proceed: %s\n", ++ domain->name, nt_errstr(result))); ++ TALLOC_FREE(netlogon_pipe); ++ invalidate_cm_connection(conn); ++ return result; ++ } + /* + * NetSamLogonEx only works for schannel + */ diff --git a/package/network/services/samba36/patches/027-CVE-2016-2118-v3-6.patch b/package/network/services/samba36/patches/027-CVE-2016-2118-v3-6.patch new file mode 100644 index 0000000000..06c1b0b521 --- /dev/null +++ b/package/network/services/samba36/patches/027-CVE-2016-2118-v3-6.patch @@ -0,0 +1,308 @@ +From d68424b5ef92f5810760f90e9eeb664572a61e4e Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Tue, 15 Dec 2015 14:49:36 +0100 +Subject: [PATCH 01/10] CVE-2016-2118: s3: rpcclient: change the default auth + level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY + +ncacn_ip_tcp:server should get the same protection as ncacn_np:server +if authentication and smb signing is used. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 + +Signed-off-by: Stefan Metzmacher + +(cherry picked from commit dab41dee8a4fb27dbf3913b0e44a4cc726e3ac98) +--- + source3/rpcclient/rpcclient.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -1062,10 +1062,9 @@ out_free: + } + } + if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) { +- /* If neither Integrity or Privacy are requested then +- * Use just Connect level */ ++ /* If nothing is requested then default to integrity */ + if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { +- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; ++ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + } + } + +--- a/source4/librpc/rpc/dcerpc_util.c ++++ b/source4/librpc/rpc/dcerpc_util.c +@@ -593,15 +593,15 @@ struct composite_context *dcerpc_pipe_au + + /* Perform an authenticated DCE-RPC bind + */ +- if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) { ++ if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) { + /* + we are doing an authenticated connection, +- but not using sign or seal. We must force +- the CONNECT dcerpc auth type as a NONE auth +- type doesn't allow authentication +- information to be passed. ++ which needs to use [connect], [sign] or [seal]. ++ If nothing is specified, we default to [sign] now. ++ This give roughly the same protection as ++ ncacn_np with smb signing. + */ +- conn->flags |= DCERPC_CONNECT; ++ conn->flags |= DCERPC_SIGN; + } + + if (s->binding->flags & DCERPC_AUTH_SPNEGO) { +--- /dev/null ++++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml +@@ -0,0 +1,22 @@ ++ ++ ++ This option controls whether DCERPC services are allowed to ++ be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, ++ but no per message integrity nor privacy protection. ++ ++ The behavior can be controlled per interface name (e.g. lsarpc, netlogon, samr, srvsvc, ++ winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = no' as option. ++ ++ This option yields precedence to the implentation specific restrictions. ++ E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY. ++ While others like samr and lsarpc have a hardcoded default of no. ++ ++ ++ ++no ++yes ++ ++ +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -1821,6 +1821,7 @@ char* lp_perfcount_module(void); + void lp_set_passdb_backend(const char *backend); + void widelinks_warning(int snum); + char *lp_ncalrpc_dir(void); ++bool lp_allow_dcerpc_auth_level_connect(void); + + /* The following definitions come from param/loadparm_server_role.c */ + +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -355,6 +355,7 @@ struct global { + bool bUseMmap; + bool bHostnameLookups; + bool bUnixExtensions; ++ bool bAllowDcerpcAuthLevelConnect; + bool bDisableNetbios; + char * szDedicatedKeytabFile; + int iKerberosMethod; +@@ -2303,6 +2304,15 @@ static struct parm_struct parm_table[] = + .flags = FLAG_ADVANCED, + }, + { ++ .label = "allow dcerpc auth level connect", ++ .type = P_BOOL, ++ .p_class = P_GLOBAL, ++ .ptr = &Globals.bAllowDcerpcAuthLevelConnect, ++ .special = NULL, ++ .enum_list = NULL, ++ .flags = FLAG_ADVANCED, ++ }, ++ { + .label = "use spnego", + .type = P_BOOL, + .p_class = P_GLOBAL, +@@ -5371,6 +5381,8 @@ static void init_globals(bool reinit_glo + Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ + /* Note, that we will also use NTLM2 session security (which is different), if it is available */ + ++ Globals.bAllowDcerpcAuthLevelConnect = false; /* we don't allow this by default */ ++ + Globals.map_to_guest = 0; /* By Default, "Never" */ + Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */ + Globals.enhanced_browsing = true; +@@ -5745,6 +5757,7 @@ FN_GLOBAL_INTEGER(lp_username_map_cache_ + + FN_GLOBAL_STRING(lp_check_password_script, &Globals.szCheckPasswordScript) + ++FN_GLOBAL_BOOL(lp_allow_dcerpc_auth_level_connect, &Globals.bAllowDcerpcAuthLevelConnect) + FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) + FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir) + FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell) +--- a/source3/include/ntdomain.h ++++ b/source3/include/ntdomain.h +@@ -89,6 +89,10 @@ typedef struct pipe_rpc_fns { + uint32 context_id; + struct ndr_syntax_id syntax; + ++ /* ++ * shall we allow "connect" auth level for this interface ? ++ */ ++ bool allow_connect; + } PIPE_RPC_FNS; + + /* +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -44,6 +44,11 @@ + #include "rpc_server/srv_pipe.h" + #include "../librpc/gen_ndr/ndr_dcerpc.h" + #include "../librpc/ndr/ndr_dcerpc.h" ++#include "../librpc/gen_ndr/ndr_samr.h" ++#include "../librpc/gen_ndr/ndr_lsa.h" ++#include "../librpc/gen_ndr/ndr_netlogon.h" ++#include "../librpc/gen_ndr/ndr_epmapper.h" ++#include "../librpc/gen_ndr/ndr_echo.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_RPC_SRV +@@ -340,6 +345,8 @@ static bool check_bind_req(struct pipes_ + uint32 context_id) + { + struct pipe_rpc_fns *context_fns; ++ const char *interface_name = NULL; ++ bool ok; + + DEBUG(3,("check_bind_req for %s\n", + get_pipe_name_from_syntax(talloc_tos(), abstract))); +@@ -390,12 +397,57 @@ static bool check_bind_req(struct pipes_ + return False; + } + ++ interface_name = get_pipe_name_from_syntax(talloc_tos(), ++ abstract); ++ ++ SMB_ASSERT(interface_name != NULL); ++ + context_fns->next = context_fns->prev = NULL; + context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract); + context_fns->cmds = rpc_srv_get_pipe_cmds(abstract); + context_fns->context_id = context_id; + context_fns->syntax = *abstract; + ++ context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); ++ /* ++ * for the samr and the lsarpc interfaces we don't allow "connect" ++ * auth_level by default. ++ */ ++ ok = ndr_syntax_id_equal(abstract, &ndr_table_samr.syntax_id); ++ if (ok) { ++ context_fns->allow_connect = false; ++ } ++ ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id); ++ if (ok) { ++ context_fns->allow_connect = false; ++ } ++ ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); ++ if (ok) { ++ context_fns->allow_connect = false; ++ } ++ /* ++ * for the epmapper and echo interfaces we allow "connect" ++ * auth_level by default. ++ */ ++ ok = ndr_syntax_id_equal(abstract, &ndr_table_epmapper.syntax_id); ++ if (ok) { ++ context_fns->allow_connect = true; ++ } ++ ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id); ++ if (ok) { ++ context_fns->allow_connect = true; ++ } ++ /* ++ * every interface can be modified to allow "connect" auth_level by ++ * using a parametric option like: ++ * allow dcerpc auth level connect: ++ * e.g. ++ * allow dcerpc auth level connect:samr = yes ++ */ ++ context_fns->allow_connect = lp_parm_bool(-1, ++ "allow dcerpc auth level connect", ++ interface_name, context_fns->allow_connect); ++ + /* add to the list of open contexts */ + + DLIST_ADD( p->contexts, context_fns ); +@@ -1736,6 +1788,7 @@ static bool api_pipe_request(struct pipe + TALLOC_CTX *frame = talloc_stackframe(); + bool ret = False; + PIPE_RPC_FNS *pipe_fns; ++ const char *interface_name = NULL; + + if (!p->pipe_bound) { + DEBUG(1, ("Pipe not bound!\n")); +@@ -1757,8 +1810,36 @@ static bool api_pipe_request(struct pipe + return false; + } + ++ interface_name = get_pipe_name_from_syntax(talloc_tos(), ++ &pipe_fns->syntax); ++ ++ SMB_ASSERT(interface_name != NULL); ++ + DEBUG(5, ("Requested \\PIPE\\%s\n", +- get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax))); ++ interface_name)); ++ ++ switch (p->auth.auth_level) { ++ case DCERPC_AUTH_LEVEL_NONE: ++ case DCERPC_AUTH_LEVEL_INTEGRITY: ++ case DCERPC_AUTH_LEVEL_PRIVACY: ++ break; ++ default: ++ if (!pipe_fns->allow_connect) { ++ DEBUG(1, ("%s: restrict auth_level_connect access " ++ "to [%s] with auth[type=0x%x,level=0x%x] " ++ "on [%s] from [%s]\n", ++ __func__, interface_name, ++ p->auth.auth_type, ++ p->auth.auth_level, ++ derpc_transport_string_by_transport(p->transport), ++ p->client_id->name)); ++ ++ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); ++ TALLOC_FREE(frame); ++ return true; ++ } ++ break; ++ } + + if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { + DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); +--- a/source3/selftest/knownfail ++++ b/source3/selftest/knownfail +@@ -18,3 +18,5 @@ samba3.posix_s3.nbt.dgram.*netlogon2 + samba3.*rap.sam.*.useradd # Not provided by Samba 3 + samba3.*rap.sam.*.userdelete # Not provided by Samba 3 + samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3 ++samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore ++samba3.posix_s3.rpc.lsa.lookupsids.*ncacn_ip_tcp.*connect.* # we don't allow auth_level_connect anymore +--- a/source3/selftest/tests.py ++++ b/source3/selftest/tests.py +@@ -201,6 +201,8 @@ if sub.returncode == 0: + plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD') + elif t == "raw.samba3posixtimedlock": + plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/dc/share') ++ elif t == "rpc.samr.passwords.validate": ++ plansmbtorturetestsuite(t, "s3dc", 'ncacn_np:$SERVER_IP[seal] -U$USERNAME%$PASSWORD', 'over ncacn_np ') + else: + plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') + +--- a/source3/rpc_server/samr/srv_samr_nt.c ++++ b/source3/rpc_server/samr/srv_samr_nt.c +@@ -6628,6 +6628,11 @@ NTSTATUS _samr_ValidatePassword(struct p + struct samr_GetDomPwInfo pw; + struct samr_PwInfo dom_pw_info; + ++ if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { ++ p->fault_state = DCERPC_FAULT_ACCESS_DENIED; ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (r->in.level < 1 || r->in.level > 3) { + return NT_STATUS_INVALID_INFO_CLASS; + } diff --git a/package/network/services/samba36/patches/110-multicall.patch b/package/network/services/samba36/patches/110-multicall.patch index 22e6a3c1b3..98a03b654c 100644 --- a/package/network/services/samba36/patches/110-multicall.patch +++ b/package/network/services/samba36/patches/110-multicall.patch @@ -36,7 +36,7 @@ BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \ bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@ \ -@@ -1777,6 +1777,42 @@ bin/.dummy: +@@ -1799,6 +1799,42 @@ bin/.dummy: dir=bin $(MAKEDIR); fi @: >> $@ || : > $@ # what a fancy emoticon! diff --git a/package/network/services/samba36/patches/111-owrt_smbpasswd.patch b/package/network/services/samba36/patches/111-owrt_smbpasswd.patch index 79abea581d..25fde6de2e 100644 --- a/package/network/services/samba36/patches/111-owrt_smbpasswd.patch +++ b/package/network/services/samba36/patches/111-owrt_smbpasswd.patch @@ -1,6 +1,6 @@ --- a/source3/Makefile.in +++ b/source3/Makefile.in -@@ -1019,7 +1019,7 @@ TEST_LP_LOAD_OBJ = param/test_lp_load.o +@@ -1025,7 +1025,7 @@ TEST_LP_LOAD_OBJ = param/test_lp_load.o PASSWD_UTIL_OBJ = utils/passwd_util.o @@ -9,7 +9,7 @@ $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ $(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ -@@ -1791,7 +1791,7 @@ nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/ +@@ -1813,7 +1813,7 @@ nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/ echo "$(COMPILE_CC_PATH)" 1>&2;\ $(COMPILE_CC_PATH) >/dev/null 2>&1 @@ -18,7 +18,7 @@ @echo Compiling $<.c @$(COMPILE_CC_PATH) -Dmain=smbpasswd_main && exit 0;\ echo "The following command failed:" 1>&2;\ -@@ -1800,7 +1800,7 @@ utils/smbpasswd_multicall.o: utils/smbpa +@@ -1822,7 +1822,7 @@ utils/smbpasswd_multicall.o: utils/smbpa SMBD_MULTI_O = $(patsubst smbd/server.o,smbd/server_multicall.o,$(SMBD_OBJ)) NMBD_MULTI_O = $(patsubst nmbd/nmbd.o,nmbd/nmbd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(NMBD_OBJ))) diff --git a/package/network/services/samba36/patches/120-add_missing_ifdef.patch b/package/network/services/samba36/patches/120-add_missing_ifdef.patch index dbd9adc1d7..3c0ef8ab3f 100644 --- a/package/network/services/samba36/patches/120-add_missing_ifdef.patch +++ b/package/network/services/samba36/patches/120-add_missing_ifdef.patch @@ -24,3 +24,18 @@ epmapper_commands, shutdown_commands, test_commands, +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -433,10 +433,12 @@ static bool check_bind_req(struct pipes_ + if (ok) { + context_fns->allow_connect = true; + } ++#ifdef DEVELOPER + ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id); + if (ok) { + context_fns->allow_connect = true; + } ++#endif + /* + * every interface can be modified to allow "connect" auth_level by + * using a parametric option like: diff --git a/package/network/services/samba36/patches/210-remove_ad_support.patch b/package/network/services/samba36/patches/210-remove_ad_support.patch index 6742dc0479..a2051869a1 100644 --- a/package/network/services/samba36/patches/210-remove_ad_support.patch +++ b/package/network/services/samba36/patches/210-remove_ad_support.patch @@ -71,7 +71,7 @@ #endif --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c -@@ -2904,12 +2904,14 @@ NTSTATUS cli_rpc_pipe_open_noauth_transp +@@ -3391,12 +3391,14 @@ NTSTATUS cli_rpc_pipe_open_noauth_transp status = rpc_pipe_bind(result, auth); if (!NT_STATUS_IS_OK(status)) { int lvl = 0; diff --git a/package/network/services/samba36/patches/250-remove_domain_logon.patch b/package/network/services/samba36/patches/250-remove_domain_logon.patch index f7582ef3bd..9b434c515a 100644 --- a/package/network/services/samba36/patches/250-remove_domain_logon.patch +++ b/package/network/services/samba36/patches/250-remove_domain_logon.patch @@ -183,3 +183,31 @@ /* * Force a log file check. +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -421,10 +421,12 @@ static bool check_bind_req(struct pipes_ + if (ok) { + context_fns->allow_connect = false; + } ++#ifdef NETLOGON_SUPPORT + ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); + if (ok) { + context_fns->allow_connect = false; + } ++#endif + /* + * for the epmapper and echo interfaces we allow "connect" + * auth_level by default. +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -2221,6 +2221,10 @@ static void rpc_pipe_bind_step_two_trigg + struct schannel_state); + struct tevent_req *subreq; + ++#ifndef NETLOGON_SUPPORT ++ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); ++ return; ++#endif + if (schannel_auth == NULL || + !ndr_syntax_id_equal(&state->cli->abstract_syntax, + &ndr_table_netlogon.syntax_id)) { diff --git a/package/network/services/samba36/patches/260-remove_samr.patch b/package/network/services/samba36/patches/260-remove_samr.patch index 7e55573056..aeca3ed556 100644 --- a/package/network/services/samba36/patches/260-remove_samr.patch +++ b/package/network/services/samba36/patches/260-remove_samr.patch @@ -142,3 +142,21 @@ if (!str1 || !str2 || !UserName || !p) { return False; } +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -409,6 +409,7 @@ static bool check_bind_req(struct pipes_ + context_fns->syntax = *abstract; + + context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); ++#ifdef SAMR_SUPPORT + /* + * for the samr and the lsarpc interfaces we don't allow "connect" + * auth_level by default. +@@ -417,6 +418,7 @@ static bool check_bind_req(struct pipes_ + if (ok) { + context_fns->allow_connect = false; + } ++#endif + ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id); + if (ok) { + context_fns->allow_connect = false; diff --git a/package/network/services/samba36/patches/290-remove_lsa.patch b/package/network/services/samba36/patches/290-remove_lsa.patch index fe37d5dae1..6dc35753b1 100644 --- a/package/network/services/samba36/patches/290-remove_lsa.patch +++ b/package/network/services/samba36/patches/290-remove_lsa.patch @@ -71,3 +71,18 @@ } size_t num_pipe_handles(struct pipes_struct *p) +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -419,10 +419,12 @@ static bool check_bind_req(struct pipes_ + context_fns->allow_connect = false; + } + #endif ++#ifdef LSA_SUPPORT + ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id); + if (ok) { + context_fns->allow_connect = false; + } ++#endif + #ifdef NETLOGON_SUPPORT + ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); + if (ok) { diff --git a/package/network/services/samba36/patches/310-remove_error_strings.patch b/package/network/services/samba36/patches/310-remove_error_strings.patch index 8c7ae2d7d0..ee3460dfdb 100644 --- a/package/network/services/samba36/patches/310-remove_error_strings.patch +++ b/package/network/services/samba36/patches/310-remove_error_strings.patch @@ -65,7 +65,7 @@ } --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h -@@ -604,4 +604,20 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum +@@ -663,4 +663,20 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum _PUBLIC_ void ndr_print_bool(struct ndr_print *ndr, const char *name, const bool b); @@ -251,3 +251,87 @@ print " return;"; print " }"; print ""; +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -445,7 +445,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +@@ -466,7 +465,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +@@ -486,7 +484,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +@@ -508,7 +505,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +@@ -526,7 +522,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +@@ -570,7 +565,6 @@ static NTSTATUS cli_pipe_validate_curren + rpccli_pipe_txt(talloc_tos(), cli), + pkt->ptype, expected_pkt_type, + nt_errstr(ret))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + return ret; + } + +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -991,7 +991,6 @@ static bool api_pipe_bind_req(struct pip + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", + nt_errstr(status))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + goto err_exit; + } + +@@ -1325,7 +1324,6 @@ bool api_pipe_bind_auth3(struct pipes_st + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", + nt_errstr(status))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + goto err; + } + +@@ -1483,7 +1481,6 @@ static bool api_pipe_alter_context(struc + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", + nt_errstr(status))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + goto err_exit; + } + +@@ -2057,7 +2054,6 @@ static bool process_request_pdu(struct p + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", + nt_errstr(status))); +- NDR_PRINT_DEBUG(ncacn_packet, pkt); + set_incoming_fault(p); + return false; + } diff --git a/package/network/services/samba36/patches/330-librpc_default_print.patch b/package/network/services/samba36/patches/330-librpc_default_print.patch index f9c2e0e687..aa4bfe32c9 100644 --- a/package/network/services/samba36/patches/330-librpc_default_print.patch +++ b/package/network/services/samba36/patches/330-librpc_default_print.patch @@ -8844,7 +8844,7 @@ +done --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h -@@ -603,6 +603,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum +@@ -662,6 +662,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum _PUBLIC_ enum ndr_err_code ndr_push_enum_uint1632(struct ndr_push *ndr, int ndr_flags, uint16_t v); _PUBLIC_ void ndr_print_bool(struct ndr_print *ndr, const char *name, const bool b); -- 2.30.2