自学教程：C++ talloc_array函数代码示例

static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerpc_pipe *p){	struct svcctl_QueryServiceConfig2W r;	struct policy_handle h, s;	NTSTATUS status;	uint32_t info_level = SERVICE_CONFIG_DESCRIPTION;	uint8_t *buffer;	uint32_t offered = 0;	uint32_t needed = 0;	if (!test_OpenSCManager(p, tctx, &h))		return false;	if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))		return false;	buffer = talloc(tctx, uint8_t);	r.in.handle = &s;	r.in.info_level = info_level;	r.in.offered = offered;	r.out.buffer = buffer;	r.out.needed = &needed;	status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r);	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {		r.in.offered = needed;		buffer = talloc_array(tctx, uint8_t, needed);		r.out.buffer = buffer;		status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r);		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");		torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");	}	r.in.info_level = SERVICE_CONFIG_FAILURE_ACTIONS;	r.in.offered = offered;	r.out.buffer = buffer;	r.out.needed = &needed;	status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r);	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {		r.in.offered = needed;		buffer = talloc_array(tctx, uint8_t, needed);		r.out.buffer = buffer;		status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r);		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");		torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");	}	if (!test_CloseServiceHandle(p, tctx, &s))		return false;	if (!test_CloseServiceHandle(p, tctx, &h))		return false;	return true;}

static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,				     TALLOC_CTX *mem_ctx,				     int argc,				     const char **argv){	NTSTATUS status = NT_STATUS_OK;	NTSTATUS result = NT_STATUS_OK;	struct policy_handle handle;	struct dcerpc_binding_handle *b = cli->binding_handle;	uint32_t flags = EVENTLOG_BACKWARDS_READ |			 EVENTLOG_SEQUENTIAL_READ;	uint32_t offset = 0;	uint32_t number_of_bytes = 0;	uint8_t *data = NULL;	uint32_t sent_size = 0;	uint32_t real_size = 0;	if (argc < 2 || argc > 4) {		printf("Usage: %s logname [offset] [number_of_bytes]/n", argv[0]);		return NT_STATUS_OK;	}	if (argc >= 3) {		offset = atoi(argv[2]);	}	if (argc >= 4) {		number_of_bytes = atoi(argv[3]);		data = talloc_array(mem_ctx, uint8_t, number_of_bytes);		if (!data) {			goto done;		}	}	status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);	if (!NT_STATUS_IS_OK(status)) {		return status;	}	do {		enum ndr_err_code ndr_err;		DATA_BLOB blob;		struct EVENTLOGRECORD r;		uint32_t size = 0;		uint32_t pos = 0;		status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,						       &handle,						       flags,						       offset,						       number_of_bytes,						       data,						       &sent_size,						       &real_size,						       &result);		if (!NT_STATUS_IS_OK(status)) {			return status;		}		if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) &&		    real_size > 0 ) {			number_of_bytes = real_size;			data = talloc_array(mem_ctx, uint8_t, real_size);			if (!data) {				goto done;			}			status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,							       &handle,							       flags,							       offset,							       number_of_bytes,							       data,							       &sent_size,							       &real_size,							       &result);			if (!NT_STATUS_IS_OK(status)) {				return status;			}		}		if (!NT_STATUS_EQUAL(result, NT_STATUS_END_OF_FILE) &&		    !NT_STATUS_IS_OK(result)) {			goto done;		}		number_of_bytes = 0;		size = IVAL(data, pos);		while (size > 0) {			blob = data_blob_const(data + pos, size);			/* dump_data(0, blob.data, blob.length); */			ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, &r,					   (ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {				status = ndr_map_error2ntstatus(ndr_err);				goto done;			}//.........这里部分代码省略.........

static NTSTATUS rpc_service_list_internal(struct net_context *c,					const DOM_SID *domain_sid,					const char *domain_name,					struct cli_state *cli,					struct rpc_pipe_client *pipe_hnd,					TALLOC_CTX *mem_ctx,					int argc,					const char **argv ){	struct policy_handle hSCM;	struct ENUM_SERVICE_STATUSW *services = NULL;	WERROR result = WERR_GENERAL_FAILURE;	NTSTATUS status;	int i;	uint8_t *buffer = NULL;	uint32_t buf_size = 0;	uint32_t bytes_needed = 0;	uint32_t num_services = 0;	uint32_t resume_handle = 0;	if (argc != 0 ) {		d_printf(_("Usage: net rpc service list/n"));		return NT_STATUS_OK;	}	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,					      pipe_hnd->srv_name_slash,					      NULL,					      SC_RIGHT_MGR_ENUMERATE_SERVICE,					      &hSCM,					      &result);	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {		d_fprintf(stderr,			  _("Failed to open Service Control Manager. [%s]/n"),			  win_errstr(result));		return werror_to_ntstatus(result);	}	do {		status = rpccli_svcctl_EnumServicesStatusW(pipe_hnd, mem_ctx,							   &hSCM,							   SERVICE_TYPE_WIN32,							   SERVICE_STATE_ALL,							   buffer,							   buf_size,							   &bytes_needed,							   &num_services,							   &resume_handle,							   &result);		if (NT_STATUS_IS_ERR(status)) {			d_fprintf(stderr,				_("Failed to enumerate services.  [%s]/n"),				win_errstr(result));			break;		}		if (W_ERROR_EQUAL(result, WERR_MORE_DATA) && bytes_needed > 0) {			buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);			buf_size = bytes_needed;			continue;		}		if ( num_services == 0 ) {			d_printf(_("No services returned/n"));			break;		}		{			enum ndr_err_code ndr_err;			DATA_BLOB blob;			struct ndr_pull *ndr;			blob.length = buf_size;			blob.data = talloc_steal(mem_ctx, buffer);			services = talloc_array(mem_ctx, struct ENUM_SERVICE_STATUSW, num_services);			if (!services) {				status = NT_STATUS_NO_MEMORY;				break;			}			ndr = ndr_pull_init_blob(&blob, mem_ctx, NULL);			if (ndr == NULL) {				status = NT_STATUS_NO_MEMORY;				break;			}			ndr_err = ndr_pull_ENUM_SERVICE_STATUSW_array(				ndr, num_services, services);			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {				status = ndr_map_error2ntstatus(ndr_err);				break;			}			for ( i=0; i<num_services; i++ ) {				d_printf("%-20s    /"%s/"/n",					services[i].service_name,					services[i].display_name);//.........这里部分代码省略.........

/* *	Frame the Dirty data that needs to be send to the client in an *	EAP-Request.  We always embed the TLS-length in all EAP-TLS *	packets that we send, for easy reference purpose.  Handle *	fragmentation and sending the next fragment etc. */int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn){	EAPTLS_PACKET	reply;	unsigned int	size;	unsigned int 	nlen;	unsigned int 	lbit = 0;	/* This value determines whether we set (L)ength flag for		EVERY packet we send and add corresponding		"TLS Message Length" field.	length_flag = true;		This means we include L flag and "TLS Msg Len" in EVERY		packet we send out.	length_flag = false;		This means we include L flag and "TLS Msg Len" **ONLY**		in First packet of a fragment series. We do not use		it anywhere else.		Having L flag in every packet is prefered.	*/	if (ssn->length_flag) {		lbit = 4;	}	if (ssn->fragment == 0) {		ssn->tls_msg_len = ssn->dirty_out.used;	}	reply.code = FR_TLS_REQUEST;	reply.flags = ssn->peap_flag;	/* Send data, NOT more than the FRAGMENT size */	if (ssn->dirty_out.used > ssn->offset) {		size = ssn->offset;		reply.flags = SET_MORE_FRAGMENTS(reply.flags);		/* Length MUST be included if it is the First Fragment */		if (ssn->fragment == 0) {			lbit = 4;		}		ssn->fragment = 1;	} else {		size = ssn->dirty_out.used;		ssn->fragment = 0;	}	reply.dlen = lbit + size;	reply.length = TLS_HEADER_LEN + 1/*flags*/ + reply.dlen;	reply.data = talloc_array(eap_ds, uint8_t, reply.length);	if (!reply.data) return 0;	if (lbit) {		nlen = htonl(ssn->tls_msg_len);		memcpy(reply.data, &nlen, lbit);		reply.flags = SET_LENGTH_INCLUDED(reply.flags);	}	(ssn->record_minus)(&ssn->dirty_out, reply.data + lbit, size);	eaptls_compose(eap_ds, &reply);	talloc_free(reply.data);	reply.data = NULL;	return 1;}

/* *	Receives a packet, assuming that the RADIUS_PACKET structure *	has been filled out already. * *	This ASSUMES that the packet is allocated && fields *	initialized. * *	This ASSUMES that the socket is marked as O_NONBLOCK, which *	the function above does set, if your system supports it. * *	Calling this function MAY change sockfd, *	if src_ipaddr.af == AF_UNSPEC. */int fr_tcp_read_packet(RADIUS_PACKET *packet, int flags){	ssize_t len;	/*	 *	No data allocated.  Read the 4-byte header into	 *	a temporary buffer.	 */	if (!packet->data) {		int packet_len;		len = recv(packet->sockfd, packet->vector + packet->data_len,			   4 - packet->data_len, 0);		if (len == 0) return -2; /* clean close */#ifdef ECONNRESET		if ((len < 0) && (errno == ECONNRESET)) { /* forced */			return -2;		}#endif		if (len < 0) {			fr_strerror_printf("Error receiving packet: %s", fr_syserror(errno));			return -1;		}		packet->data_len += len;		if (packet->data_len < 4) { /* want more data */			return 0;		}		packet_len = (packet->vector[2] << 8) | packet->vector[3];		if (packet_len < AUTH_HDR_LEN) {			fr_strerror_printf("Discarding packet: Smaller than RFC minimum of 20 bytes");			return -1;		}		/*		 *	If the packet is too big, then the socket is bad.		 */		if (packet_len > MAX_PACKET_LEN) {			fr_strerror_printf("Discarding packet: Larger than RFC limitation of 4096 bytes");			return -1;		}		packet->data = talloc_array(packet, uint8_t, packet_len);		if (!packet->data) {			fr_strerror_printf("Out of memory");			return -1;		}		packet->data_len = packet_len;		packet->partial = 4;		memcpy(packet->data, packet->vector, 4);	}	/*	 *	Try to read more data.	 */	len = recv(packet->sockfd, packet->data + packet->partial,		   packet->data_len - packet->partial, 0);	if (len == 0) return -2; /* clean close */#ifdef ECONNRESET	if ((len < 0) && (errno == ECONNRESET)) { /* forced */		return -2;	}#endif	if (len < 0) {		fr_strerror_printf("Error receiving packet: %s", fr_syserror(errno));		return -1;	}	packet->partial += len;	if (packet->partial < packet->data_len) {		return 0;	}	/*	 *	See if it's a well-formed RADIUS packet.	 */	if (!rad_packet_ok(packet, flags, NULL)) {		return -1;	}//.........这里部分代码省略.........

static int sendrecv_eap(RADIUS_PACKET *rep){	RADIUS_PACKET *req = NULL;	VALUE_PAIR *vp, *vpnext;	int tried_eap_md5 = 0;	if (!rep) return -1;	/*	 *	Keep a copy of the the User-Password attribute.	 */	if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) != NULL) {		strlcpy(password, vp->vp_strvalue, sizeof(password));	} else 	if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {		strlcpy(password, vp->vp_strvalue, sizeof(password));		/*		 *	Otherwise keep a copy of the CHAP-Password attribute.		 */	} else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {		strlcpy(password, vp->vp_strvalue, sizeof(password));	} else {		*password = '/0';	} again:	rep->id++;	/*	 * if there are EAP types, encode them into an EAP-Message	 *	 */	map_eap_methods(rep);	/*	 *  Fix up Digest-Attributes issues	 */	for (vp = rep->vps; vp != NULL; vp = vp->next) {		switch (vp->da->attr) {		default:			break;		case PW_DIGEST_REALM:		case PW_DIGEST_NONCE:		case PW_DIGEST_METHOD:		case PW_DIGEST_URI:		case PW_DIGEST_QOP:		case PW_DIGEST_ALGORITHM:		case PW_DIGEST_BODY_DIGEST:		case PW_DIGEST_CNONCE:		case PW_DIGEST_NONCE_COUNT:		case PW_DIGEST_USER_NAME:			/* overlapping! */			{				DICT_ATTR const *da;				uint8_t *p, *q;				p = talloc_array(vp, uint8_t, vp->length + 2);				memcpy(p + 2, vp->vp_octets, vp->length);				p[0] = vp->da->attr - PW_DIGEST_REALM + 1;				vp->length += 2;				p[1] = vp->length;				da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0);				vp->da = da;				/*				 *	Re-do pairmemsteal ourselves,				 *	because we play games with				 *	vp->da, and pairmemsteal goes				 *	to GREAT lengths to sanitize				 *	and fix and change and				 *	double-check the various				 *	fields.				 */				memcpy(&q, &vp->vp_octets, sizeof(q));				talloc_free(q);				vp->vp_octets = talloc_steal(vp, p);				vp->type = VT_DATA;				VERIFY_VP(vp);			}			break;		}	}	/*	 *	If we've already sent a packet, free up the old	 *	one, and ensure that the next packet has a unique	 *	ID and authentication vector.	 */	if (rep->data) {		talloc_free(rep->data);		rep->data = NULL;	}	fr_md5_calc(rep->vector, rep->vector,			sizeof(rep->vector));//.........这里部分代码省略.........

int proxy_tls_recv(rad_listen_t *listener){	int rcode;	size_t length;	listen_socket_t *sock = listener->data;	char buffer[256];	RADIUS_PACKET *packet;	uint8_t *data;	/*	 *	Get the maximum size of data to receive.	 */	if (!sock->data) sock->data = talloc_array(sock, uint8_t,						   sock->ssn->offset);	data = sock->data;	DEBUG3("Proxy SSL socket has data to read");	PTHREAD_MUTEX_LOCK(&sock->mutex);redo:	rcode = SSL_read(sock->ssn->ssl, data, 4);	if (rcode <= 0) {		int err = SSL_get_error(sock->ssn->ssl, rcode);		switch (err) {		case SSL_ERROR_WANT_READ:		case SSL_ERROR_WANT_WRITE:			goto redo;		case SSL_ERROR_ZERO_RETURN:			/* remote end sent close_notify, send one back */			SSL_shutdown(sock->ssn->ssl);		case SSL_ERROR_SYSCALL:		do_close:			PTHREAD_MUTEX_UNLOCK(&sock->mutex);			tls_socket_close(listener);			return 0;		default:			while ((err = ERR_get_error())) {				DEBUG("proxy recv says %s",				      ERR_error_string(err, NULL));			}			goto do_close;		}	}	length = (data[2] << 8) | data[3];	DEBUG3("Proxy received header saying we have a packet of %u bytes",	       (unsigned int) length);	if (length > sock->ssn->offset) {		INFO("Received packet will be too large! Set /"fragment_size=%u/"",		       (data[2] << 8) | data[3]);		goto do_close;	}	rcode = SSL_read(sock->ssn->ssl, data + 4, length);	if (rcode <= 0) {		switch (SSL_get_error(sock->ssn->ssl, rcode)) {		case SSL_ERROR_WANT_READ:		case SSL_ERROR_WANT_WRITE:			break;		case SSL_ERROR_ZERO_RETURN:			/* remote end sent close_notify, send one back */			SSL_shutdown(sock->ssn->ssl);			goto do_close;		default:			goto do_close;		}	}	PTHREAD_MUTEX_UNLOCK(&sock->mutex);	packet = rad_alloc(NULL, 0);	packet->sockfd = listener->fd;	packet->src_ipaddr = sock->other_ipaddr;	packet->src_port = sock->other_port;	packet->dst_ipaddr = sock->my_ipaddr;	packet->dst_port = sock->my_port;	packet->code = data[0];	packet->id = data[1];	packet->data_len = length;	packet->data = talloc_array(packet, uint8_t, packet->data_len);	memcpy(packet->data, data, packet->data_len);	memcpy(packet->vector, packet->data + 4, 16);	/*	 *	FIXME: Client MIB updates?	 */	switch(packet->code) {	case PW_CODE_AUTHENTICATION_ACK:	case PW_CODE_ACCESS_CHALLENGE:	case PW_CODE_AUTHENTICATION_REJECT:		break;#ifdef WITH_ACCOUNTING	case PW_CODE_ACCOUNTING_RESPONSE:		break;#endif//.........这里部分代码省略.........

static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *thread, REQUEST *request){#ifdef WITH_DHCP	int			rcode;	VALUE_PAIR		*vp;	rlm_soh_t const		*inst = instance;	if (!inst->dhcp) return RLM_MODULE_NOOP;	vp = fr_pair_find_by_da(request->packet->vps, attr_dhcp_vendor, TAG_ANY);	if (vp) {		/*		 * vendor-specific options contain		 *		 * vendor opt 220/0xdc - SoH payload, or null byte to probe, or string		 * "NAP" to indicate server-side support for SoH in OFFERs		 *		 * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck...		 */		uint8_t vopt, vlen;		uint8_t const *data;		data = vp->vp_octets;		while (data < vp->vp_octets + vp->vp_length) {			vopt = *data++;			vlen = *data++;			switch (vopt) {			case 220:				if (vlen <= 1) {					uint8_t *p;					RDEBUG2("SoH adding NAP marker to DHCP reply");					/* client probe; send "NAP" in the reply */					vp = fr_pair_afrom_da(request->reply, attr_dhcp_vendor);					p = talloc_array(vp, uint8_t, 5);					p[0] = 220;					p[1] = 3;					p[4] = 'N';					p[3] = 'A';					p[2] = 'P';					fr_pair_value_memsteal(vp, p);					fr_pair_add(&request->reply->vps, vp);				} else {					RDEBUG2("SoH decoding NAP from DHCP request");					/* SoH payload */					rcode = soh_verify(request, data, vlen);					if (rcode < 0) {						return RLM_MODULE_FAIL;					}				}				break;			default:				/* nothing to do */				break;			}			data += vlen;		}		return RLM_MODULE_OK;	}#endif	return RLM_MODULE_NOOP;}

struct hbin_data_block *get_hbin_data_block(TALLOC_CTX *mem_ctx, FILE *fd, long int offset, long int parent_off){	struct hbin_data_block *block;	long int cur_offset;	block = talloc_zero(mem_ctx, struct hbin_data_block);	/* [SYN] Set index to data block */	cur_offset = offset+0x1000;	/* [SYN] Seek to data block */	fseek(fd, cur_offset, SEEK_SET);#if DODEBUG > 2	printf("Debug: Parsing block at cur_offset 0x%lx, parent 0x%lx/n", (long)cur_offset, (long) parent_off+0x1000);#endif	if (!fread(block, 4, 1, fd)) {		printf("Error: short read while reading hbin data record size at 0x%lx/n",				(long)cur_offset);		return NULL;	}	if (block->size > 0) {		if (parent_off > 0) {			/* [SYN] Positive block->size means unused. Time to barf. */			printf("Error: Referencing unused block (0x%lx) with size 0x%lx from 0x%lx/n",					(long)cur_offset, (long)block->size, (long)parent_off);			return NULL;		} else {			block->size = -block->size;			return block;		}	}	if (block->size == 0) {		printf("Error: hbin data record size is NULL at 0x%lx/n",				(long)cur_offset);		return NULL;	}			block->size = -block->size;		/* [SYN] Check block->size, do not allocate it if bigger */	if (block->size > 32768) {		printf("Warning: hbin data record size (0x%lx) is quite large at 0x%lx/n",				(long)block->size, (long)cur_offset);		printf("Warning: NOT ALLOCATING THIS BLOCK.");		return NULL;	}			/* [SYN] Allocate memory and read the record into memory */	if ((block->data = talloc_array(block, uint8_t, block->size)) == NULL) {		printf("Failed to allocate %ld bytes at record 0x%lx/n",				(long)block->size, (long)cur_offset);		return NULL;	}	if (!fread(block->data, block->size, 1, fd)) {		printf("Error: Failed to read hbin data record at 0x%lx/n",				(long)cur_offset);		return NULL;	}	return block;}

/* *	Initiate the EAP-MD5 session by sending a challenge to the peer. */static int mod_session_init(UNUSED void *instance, eap_handler_t *handler){	int		i;	MD5_PACKET	*reply;	REQUEST		*request = handler->request;	/*	 *	Allocate an EAP-MD5 packet.	 */	reply = talloc(handler, MD5_PACKET);	if (!reply)  {		return 0;	}	/*	 *	Fill it with data.	 */	reply->code = PW_MD5_CHALLENGE;	reply->length = 1 + MD5_CHALLENGE_LEN; /* one byte of value size */	reply->value_size = MD5_CHALLENGE_LEN;	/*	 *	Allocate user data.	 */	reply->value = talloc_array(reply, uint8_t, reply->value_size);	if (!reply->value) {		talloc_free(reply);		return 0;	}	/*	 *	Get a random challenge.	 */	for (i = 0; i < reply->value_size; i++) {		reply->value[i] = fr_rand();	}	RDEBUG2("Issuing MD5 Challenge");	/*	 *	Keep track of the challenge.	 */	handler->opaque = talloc_array(handler, uint8_t, reply->value_size);	rad_assert(handler->opaque != NULL);	memcpy(handler->opaque, reply->value, reply->value_size);	handler->free_opaque = NULL;	/*	 *	Compose the EAP-MD5 packet out of the data structure,	 *	and free it.	 */	eapmd5_compose(handler->eap_ds, reply);	/*	 *	We don't need to authorize the user at this point.	 *	 *	We also don't need to keep the challenge, as it's	 *	stored in 'handler->eap_ds', which will be given back	 *	to us...	 */	handler->stage = PROCESS;	return 1;}

/** * Decode Attribute OID based on MS documentation * See MS-DRSR.pdf - 5.16.4 * * On success returns decoded OID and * corresponding prefix_map index (if requested) */bool drs_util_oid_from_attid(struct torture_context *tctx,			     const struct drsuapi_DsReplicaOIDMapping_Ctr *prefix_map,			     uint32_t attid,			     const char **_oid,			     int *map_idx){	int i;	uint32_t hi_word, lo_word;	DATA_BLOB bin_oid = {NULL, 0};	char *oid;	struct drsuapi_DsReplicaOIDMapping *map_entry = NULL;	TALLOC_CTX *mem_ctx = talloc_named(tctx, 0, "util_drsuapi_oid_from_attid");	/* crack attid value */	hi_word = attid >> 16;	lo_word = attid & 0xFFFF;	/* check last entry in the prefix map is the special one */	map_entry = &prefix_map->mappings[prefix_map->num_mappings-1];	torture_assert(tctx,			(map_entry->id_prefix == 0)			&& (*map_entry->oid.binary_oid == 0xFF),			"Last entry in Prefix Map is not the special one!");	/* locate corresponding prefixMap entry */	map_entry = NULL;	for (i = 0; i < prefix_map->num_mappings - 1; i++) {		if (hi_word == prefix_map->mappings[i].id_prefix) {			map_entry = &prefix_map->mappings[i];			if (map_idx)	*map_idx = i;			break;		}	}	torture_assert(tctx, map_entry, "Unable to locate corresponding Prefix Map entry");	/* copy partial oid making enough room */	bin_oid.length = map_entry->oid.length + 2;	bin_oid.data = talloc_array(mem_ctx, uint8_t, bin_oid.length);	torture_assert(tctx, bin_oid.data, "Not enough memory");	memcpy(bin_oid.data, map_entry->oid.binary_oid, map_entry->oid.length);	if (lo_word < 128) {		bin_oid.length = bin_oid.length - 1;		bin_oid.data[bin_oid.length-1] = lo_word;	}	else {		if (lo_word >= 32768) {			lo_word -= 32768;		}		bin_oid.data[bin_oid.length-2] = ((lo_word / 128) % 128) + 128; // (0x80 | ((lo_word>>7) & 0x7f))		bin_oid.data[bin_oid.length-1] = lo_word % 128; // lo_word & 0x7f	}	torture_assert(tctx,			ber_read_OID_String(tctx, bin_oid, &oid),			"Failed to decode binary OID");	talloc_free(mem_ctx);	*_oid = oid;	return true;}

static bool lcp2_init(struct ipalloc_state *ipalloc_state,		      uint32_t **lcp2_imbalances,		      bool **rebalance_candidates){	int i, numnodes;	struct public_ip_list *t;	numnodes = ipalloc_state->num;	*rebalance_candidates = talloc_array(ipalloc_state, bool, numnodes);	if (*rebalance_candidates == NULL) {		DEBUG(DEBUG_ERR, (__location__ " out of memory/n"));		return false;	}	*lcp2_imbalances = talloc_array(ipalloc_state, uint32_t, numnodes);	if (*lcp2_imbalances == NULL) {		DEBUG(DEBUG_ERR, (__location__ " out of memory/n"));		return false;	}	for (i=0; i<numnodes; i++) {		(*lcp2_imbalances)[i] =			lcp2_imbalance(ipalloc_state->all_ips, i);		/* First step: assume all nodes are candidates */		(*rebalance_candidates)[i] = true;	}	/* 2nd step: if a node has IPs assigned then it must have been	 * healthy before, so we remove it from consideration.  This	 * is overkill but is all we have because we don't maintain	 * state between takeover runs.  An alternative would be to	 * keep state and invalidate it every time the recovery master	 * changes.	 */	for (t = ipalloc_state->all_ips; t != NULL; t = t->next) {		if (t->pnn != -1) {			(*rebalance_candidates)[t->pnn] = false;		}	}	/* 3rd step: if a node is forced to re-balance then	   we allow failback onto the node */	if (ipalloc_state->force_rebalance_nodes == NULL) {		return true;	}	for (i = 0;	     i < talloc_array_length(ipalloc_state->force_rebalance_nodes);	     i++) {		uint32_t pnn = ipalloc_state->force_rebalance_nodes[i];		if (pnn >= numnodes) {			DEBUG(DEBUG_ERR,			      (__location__ "unknown node %u/n", pnn));			continue;		}		DEBUG(DEBUG_NOTICE,		      ("Forcing rebalancing of IPs to node %u/n", pnn));		(*rebalance_candidates)[pnn] = true;	}	return true;}

static bool test_EnumDependentServicesW(struct torture_context *tctx,					struct dcerpc_pipe *p){	struct svcctl_EnumDependentServicesW r;	struct policy_handle h, s;	uint32_t needed;	uint32_t services_returned;	uint32_t i;	uint32_t states[] = { SERVICE_STATE_ACTIVE,			      SERVICE_STATE_INACTIVE,			      SERVICE_STATE_ALL };	if (!test_OpenSCManager(p, tctx, &h))		return false;	if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))		return false;	r.in.service = &s;	r.in.offered = 0;	r.in.state = 0;	r.out.service_status = NULL;	r.out.services_returned = &services_returned;	r.out.needed = &needed;	torture_assert_ntstatus_ok(tctx,		dcerpc_svcctl_EnumDependentServicesW(p, tctx, &r),		"EnumDependentServicesW failed!");	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM,		"EnumDependentServicesW failed!");	for (i=0; i<ARRAY_SIZE(states); i++) {		r.in.state = states[i];		torture_assert_ntstatus_ok(tctx,			dcerpc_svcctl_EnumDependentServicesW(p, tctx, &r),			"EnumDependentServicesW failed!");		if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {			r.in.offered = needed;			r.out.service_status = talloc_array(tctx, uint8_t, needed);			torture_assert_ntstatus_ok(tctx,				dcerpc_svcctl_EnumDependentServicesW(p, tctx, &r),				"EnumDependentServicesW failed!");		}		torture_assert_werr_ok(tctx, r.out.result,			"EnumDependentServicesW failed");	}	if (!test_CloseServiceHandle(p, tctx, &s))		return false;	if (!test_CloseServiceHandle(p, tctx, &h))		return false;	return true;}

static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p){	struct svcctl_EnumServicesStatusW r;	struct policy_handle h;	int i;	NTSTATUS status;	uint32_t resume_handle = 0;	struct ENUM_SERVICE_STATUSW *service = NULL;	uint32_t needed = 0;	uint32_t services_returned = 0;	if (!test_OpenSCManager(p, tctx, &h))		return false;	r.in.handle = &h;	r.in.type = SERVICE_TYPE_WIN32;	r.in.state = SERVICE_STATE_ALL;	r.in.offered = 0;	r.in.resume_handle = &resume_handle;	r.out.service = NULL;	r.out.resume_handle = &resume_handle;	r.out.services_returned = &services_returned;	r.out.needed = &needed;	status = dcerpc_svcctl_EnumServicesStatusW(p, tctx, &r);	torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {		r.in.offered = needed;		r.out.service = talloc_array(tctx, uint8_t, needed);		status = dcerpc_svcctl_EnumServicesStatusW(p, tctx, &r);		torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");		torture_assert_werr_ok(tctx, r.out.result, "EnumServicesStatus failed");	}	if (services_returned > 0) {		enum ndr_err_code ndr_err;		DATA_BLOB blob;		struct ndr_pull *ndr;		blob.length = r.in.offered;		blob.data = talloc_steal(tctx, r.out.service);		ndr = ndr_pull_init_blob(&blob, tctx, lp_iconv_convenience(tctx->lp_ctx));		service = talloc_array(tctx, struct ENUM_SERVICE_STATUSW, services_returned);		if (!service) {			return false;		}		ndr_err = ndr_pull_ENUM_SERVICE_STATUSW_array(				ndr, services_returned, service);		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {			return false;		}	}	for(i = 0; i < services_returned; i++) {		torture_assert(tctx, service[i].service_name,			"Service without name returned!");		printf("%-20s   /"%s/", Type: %d, State: %d/n",			service[i].service_name, service[i].display_name,			service[i].status.type, service[i].status.state);	}	if (!test_CloseServiceHandle(p, tctx, &h))		return false;	return true;}

/**   /details Opens a specific message and retrieves a MAPI object that   can be used to get or set message properties.   This function opens a specific message defined by a combination of   object store, folder ID, and message ID and which read/write access   is defined by ulFlags.   /param obj_store the store to read from   /param id_folder the folder ID   /param id_message the message ID   /param obj_message the resulting message object   /param ulFlags   Possible ulFlags values:   - 0x0: read only access   - 0x1: ReadWrite   - 0x3: Create   - 0x4: OpenSoftDeleted   /return MAPI_E_SUCCESS on success, otherwise MAPI error.   /note Developers may also call GetLastError() to retrieve the last   MAPI error code. Possible MAPI error codes are:   - MAPI_E_NOT_INITIALIZED: MAPI subsystem has not been initialized   - MAPI_E_INVALID_PARAMETER: obj_store is undefined   - MAPI_E_CALL_FAILED: A network problem was encountered during the     transaction   /sa MAPIInitialize, GetLastError*/_PUBLIC_ enum MAPISTATUS OpenMessage(mapi_object_t *obj_store, 				     mapi_id_t id_folder, 				     mapi_id_t id_message, 				     mapi_object_t *obj_message,				     uint8_t ulFlags){	struct mapi_context		*mapi_ctx;	struct mapi_request		*mapi_request;	struct mapi_response		*mapi_response;	struct EcDoRpc_MAPI_REQ		*mapi_req;	struct OpenMessage_req		request;	struct OpenMessage_repl		*reply;	struct mapi_session		*session;	mapi_object_message_t		*message;	struct SPropValue		lpProp;	const char			*tstring;	NTSTATUS			status;	enum MAPISTATUS			retval;	uint32_t			size = 0;	TALLOC_CTX			*mem_ctx;	uint32_t			i = 0;	uint8_t				logon_id;	/* Sanity checks */	OPENCHANGE_RETVAL_IF(!obj_store, MAPI_E_INVALID_PARAMETER, NULL);	session = mapi_object_get_session(obj_store);	OPENCHANGE_RETVAL_IF(!session, MAPI_E_INVALID_PARAMETER, NULL);	mapi_ctx = session->mapi_ctx;	OPENCHANGE_RETVAL_IF(!mapi_ctx, MAPI_E_NOT_INITIALIZED, NULL);	if ((retval = mapi_object_get_logon_id(obj_store, &logon_id)) != MAPI_E_SUCCESS)		return retval;	mem_ctx = talloc_named(session, 0, "OpenMessage");	/* Fill the OpenMessage operation */	request.handle_idx = 0x1;	request.CodePageId = 0xfff;	request.FolderId = id_folder;	request.OpenModeFlags = (enum OpenMessage_OpenModeFlags)ulFlags;	request.MessageId = id_message;	size = sizeof (uint8_t) + sizeof(uint16_t) + sizeof(mapi_id_t) + sizeof(uint8_t) + sizeof(mapi_id_t);	/* Fill the MAPI_REQ request */	mapi_req = talloc_zero(mem_ctx, struct EcDoRpc_MAPI_REQ);	mapi_req->opnum = op_MAPI_OpenMessage;	mapi_req->logon_id = logon_id;	mapi_req->handle_idx = 0;	mapi_req->u.mapi_OpenMessage = request;	size += 5;	/* Fill the mapi_request structure */	mapi_request = talloc_zero(mem_ctx, struct mapi_request);	mapi_request->mapi_len = size + sizeof (uint32_t) * 2;	mapi_request->length = size;	mapi_request->mapi_req = mapi_req;	mapi_request->handles = talloc_array(mem_ctx, uint32_t, 2);	mapi_request->handles[0] = mapi_object_get_handle(obj_store);	mapi_request->handles[1] = 0xffffffff;	status = emsmdb_transaction_wrapper(session, mem_ctx, mapi_request, &mapi_response);	OPENCHANGE_RETVAL_IF(!NT_STATUS_IS_OK(status), MAPI_E_CALL_FAILED, mem_ctx);	OPENCHANGE_RETVAL_IF(!mapi_response->mapi_repl, MAPI_E_CALL_FAILED, mem_ctx);	retval = mapi_response->mapi_repl->error_code;	OPENCHANGE_RETVAL_IF(retval, retval, mem_ctx);	OPENCHANGE_CHECK_NOTIFICATION(session, mapi_response);//.........这里部分代码省略.........

int eap_crypto_tls_session_id(TALLOC_CTX *ctx,#if OPENSSL_VERSION_NUMBER < 0x10101000L			      UNUSED#endif			      REQUEST *request, SSL *ssl,			      uint8_t **out, uint8_t eap_type,#if OPENSSL_VERSION_NUMBER < 0x10100000L			      UNUSED#endif			      char const *prf_label,#if OPENSSL_VERSION_NUMBER < 0x10101000L			      UNUSED#endif			      size_t prf_label_len){	uint8_t		*buff = NULL, *p;	*out = NULL;#if OPENSSL_VERSION_NUMBER >= 0x10100000L	if (!prf_label) goto random_based_session_id;	switch (SSL_SESSION_get_protocol_version(SSL_get_session(ssl))) {	case SSL2_VERSION:	/* Should never happen */	case SSL3_VERSION:	/* Should never happen */		return - 1;	case TLS1_VERSION:	/* No Method ID */	case TLS1_1_VERSION:	/* No Method ID */	case TLS1_2_VERSION:	/* No Method ID */	random_based_session_id:#endif		MEM(buff = p = talloc_array(ctx, uint8_t, sizeof(eap_type) + (2 * SSL3_RANDOM_SIZE)));		*p++ = eap_type;		SSL_get_client_random(ssl, p, SSL3_RANDOM_SIZE);		p += SSL3_RANDOM_SIZE;		SSL_get_server_random(ssl, p, SSL3_RANDOM_SIZE);#if OPENSSL_VERSION_NUMBER >= 0x10101000L		break;	/*	 *	Session-Id = <EAP-Type> || Method-Id	 *	Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", "", 64)	 */	case TLS1_3_VERSION:	default:	{		MEM(buff = p = talloc_array(ctx, uint8_t, sizeof(eap_type) + 64));		*p++ = eap_type;		if (SSL_export_keying_material(ssl, p, 64, prf_label, prf_label_len, NULL, 0, 0) != 1) {			tls_log_error(request, "Failed generating TLS session ID");			return -1;		}	}		break;#endif#if OPENSSL_VERSION_NUMBER >= 0x10100000L	}#endif	*out = buff;	return 0;}

static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tctx,				struct dcerpc_pipe *p, int version, DATA_BLOB *out,				bool norevert,				bool broken_version,				bool broken_user,				bool broken_magic_secret,				bool broken_magic_access,				bool broken_hash_access,				bool broken_cert_guid){	struct dcerpc_binding_handle *b = p->binding_handle;	struct bkrp_client_side_wrapped data;	DATA_BLOB *xs;	DATA_BLOB *sec;	DATA_BLOB *enc_sec;	DATA_BLOB *enc_xs;	DATA_BLOB *blob2;	DATA_BLOB enc_sec_reverted;	DATA_BLOB des3_key;	DATA_BLOB aes_key;	DATA_BLOB iv;	DATA_BLOB out_blob;	struct GUID *guid, *g;	int t;	uint32_t size;	enum ndr_err_code ndr_err;	NTSTATUS status;	const char *user;	struct bkrp_BackupKey *r = createRetreiveBackupKeyGUIDStruct(tctx, p, version, &out_blob);	if (r == NULL) {		return NULL;	}	if (broken_user) {		/* we take a fake user*/		user = "guest";	} else {		user = cli_credentials_get_username(cmdline_credentials);	}	torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),					"Get GUID");	/*	 * We have to set it outside of the function createRetreiveBackupKeyGUIDStruct	 * the len of the blob, this is due to the fact that they don't have the	 * same size (one is 32bits the other 64bits)	 */	out_blob.length = *r->out.data_out_len;	sec = create_unencryptedsecret(tctx, broken_magic_secret, version);	if (sec == NULL) {		return NULL;	}	xs = create_access_check(tctx, p, tctx, user, broken_hash_access, version);	if (xs == NULL) {		return NULL;	}	if (broken_magic_access){		/* The start of the access_check structure contains the 		 * GUID of the certificate		 */		xs->data[0]++;	}	enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);	if (!enc_sec) {		return NULL;	}	enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);	if (enc_sec_reverted.data == NULL) {		return NULL;	}	enc_sec_reverted.length = enc_sec->length;	/*	* We DO NOT revert the array on purpose it's in order to check that	* when the server is not able to decrypt then it answer the correct error	*/	if (norevert) {		for(t=0; t< enc_sec->length; t++) {			enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];		}	} else {		for(t=0; t< enc_sec->length; t++) {			enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];		}	}	size = sec->length;	if (version ==2) {		const AlgorithmIdentifier *alg = hx509_crypto_des_rsdi_ede3_cbc();		iv.data = sec->data+(size - 8);		iv.length = 8;		des3_key.data = sec->data+(size - 32);		des3_key.length = 24;//.........这里部分代码省略.........

static bool smb_raw_query_posix_whoami(void *mem_ctx,				struct torture_context *torture,				struct smbcli_state *cli,				struct smb_whoami *whoami,				unsigned max_data){	struct smb_trans2 tp;	NTSTATUS status;	size_t offset;	int i;	uint16_t setup = TRANSACT2_QFSINFO;	uint16_t info_level;	ZERO_STRUCTP(whoami);	tp.in.max_setup = 0;	tp.in.flags = 0;	tp.in.timeout = 0;	tp.in.setup_count = 1;	tp.in.max_param = 10;	tp.in.max_data = (uint16_t)max_data;	tp.in.setup = &setup;	tp.in.trans_name = NULL;	SSVAL(&info_level, 0, SMB_QFS_POSIX_WHOAMI);	tp.in.params = data_blob_talloc(mem_ctx, &info_level, 2);	tp.in.data = data_blob_talloc(mem_ctx, NULL, 0);	status = smb_raw_trans2(cli->tree, mem_ctx, &tp);	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,			"doing SMB_QFS_POSIX_WHOAMI");	/* Make sure we got back all the required fields. */	torture_assert(torture, tp.out.params.length == 0,			"trans2 params should be empty");	torture_assert(torture, tp.out.data.length >= WHOAMI_REQUIRED_SIZE,			"checking for required response fields");	whoami->mapping_flags = IVAL(tp.out.data.data, 0);	whoami->mapping_mask = IVAL(tp.out.data.data, 4);	whoami->server_uid = BVAL(tp.out.data.data, 8);	whoami->server_gid = BVAL(tp.out.data.data, 16);	whoami->num_gids = IVAL(tp.out.data.data, 24);	whoami->num_sids = IVAL(tp.out.data.data, 28);	whoami->num_sid_bytes = IVAL(tp.out.data.data, 32);	whoami->reserved = IVAL(tp.out.data.data, 36);	/* The GID list and SID list are optional, depending on the count	 * and length fields.	 */	if (whoami->num_sids != 0) {		torture_assert(torture, whoami->num_sid_bytes != 0,				"SID count does not match byte count");	}	printf("/tmapping_flags=0x%08x mapping_mask=0x%08x/n",			whoami->mapping_flags, whoami->mapping_mask);	printf("/tserver UID=%llu GID=%llu/n",	       (unsigned long long)whoami->server_uid, (unsigned long long)whoami->server_gid);	printf("/t%u GIDs, %u SIDs, %u SID bytes/n",			whoami->num_gids, whoami->num_sids,			whoami->num_sid_bytes);	offset = WHOAMI_REQUIRED_SIZE;	torture_assert_int_equal(torture, whoami->reserved, 0,			"invalid reserved field");	if (tp.out.data.length == offset) {		/* No SIDs or GIDs returned */		torture_assert_int_equal(torture, whoami->num_gids, 0,				"invalid GID count");		torture_assert_int_equal(torture, whoami->num_sids, 0,				"invalid SID count");		torture_assert_int_equal(torture, whoami->num_sid_bytes, 0,				"invalid SID byte count");		return true;	}	if (whoami->num_gids != 0) {		int remain = tp.out.data.length - offset;		int gid_bytes = whoami->num_gids * 8;		if (whoami->num_sids == 0) {			torture_assert_int_equal(torture, remain, gid_bytes,					"GID count does not match data length");		} else {			torture_assert(torture, remain > gid_bytes,						"invalid GID count");		}		whoami->gid_list = talloc_array(mem_ctx, uint64_t, whoami->num_gids);		torture_assert(torture, whoami->gid_list != NULL, "out of memory");		torture_comment(torture, "/tGIDs:/n");				for (i = 0; i < whoami->num_gids; ++i) {			whoami->gid_list[i] = BVAL(tp.out.data.data, offset);			offset += 8;			torture_comment(torture, "/t/t%u/n", (unsigned int)whoami->gid_list[i]);//.........这里部分代码省略.........

//.........这里部分代码省略.........	/*	 *	Catch attempts to use non-SSL.	 */	if (doing_init && (sock->ssn->dirty_in.data[0] != handshake)) {		RDEBUG("Non-TLS data sent to TLS socket: closing");		goto do_close;	}	/*	 *	Skip ahead to reading application data.	 */	if (SSL_is_init_finished(sock->ssn->ssl)) goto app;	if (!tls_handshake_recv(request, sock->ssn)) {		RDEBUG("FAILED in TLS handshake receive");		goto do_close;	}	if (sock->ssn->dirty_out.used > 0) {		tls_socket_write(listener, request);		PTHREAD_MUTEX_UNLOCK(&sock->mutex);		return 0;	}app:	/*	 *	FIXME: Run the packet through a virtual server in	 *	order to see if we like the certificate presented by	 *	the client.	 */	status = tls_application_data(sock->ssn, request);	RDEBUG("Application data status %d", status);	if (status == FR_TLS_MORE_FRAGMENTS) {		PTHREAD_MUTEX_UNLOCK(&sock->mutex);		return 0;	}	if (sock->ssn->clean_out.used == 0) {		PTHREAD_MUTEX_UNLOCK(&sock->mutex);		return 0;	}	dump_hex("TUNNELED DATA", sock->ssn->clean_out.data, sock->ssn->clean_out.used);	/*	 *	If the packet is a complete RADIUS packet, return it to	 *	the caller.  Otherwise...	 */	if ((sock->ssn->clean_out.used < 20) ||	    (((sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3]) != (int) sock->ssn->clean_out.used)) {		RDEBUG("Received bad packet: Length %d contents %d",		       sock->ssn->clean_out.used,		       (sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3]);		goto do_close;	}	packet = sock->packet;	packet->data = talloc_array(packet, uint8_t, sock->ssn->clean_out.used);	packet->data_len = sock->ssn->clean_out.used;	sock->ssn->record_minus(&sock->ssn->clean_out, packet->data, packet->data_len);	packet->vps = NULL;	PTHREAD_MUTEX_UNLOCK(&sock->mutex);	if (!rad_packet_ok(packet, 0)) {		RDEBUG("Received bad packet: %s", fr_strerror());		tls_socket_close(listener);		return 0;	/* do_close unlocks the mutex */	}	/*	 *	Copied from src/lib/radius.c, rad_recv();	 */	if (fr_debug_flag) {		char host_ipaddr[128];		if ((packet->code > 0) && (packet->code < FR_MAX_PACKET_CODE)) {			RDEBUG("tls_recv: %s packet from host %s port %d, id=%d, length=%d",			       fr_packet_codes[packet->code],			       inet_ntop(packet->src_ipaddr.af,					 &packet->src_ipaddr.ipaddr,					 host_ipaddr, sizeof(host_ipaddr)),			       packet->src_port,			       packet->id, (int) packet->data_len);		} else {			RDEBUG("tls_recv: Packet from host %s port %d code=%d, id=%d, length=%d",			       inet_ntop(packet->src_ipaddr.af,					 &packet->src_ipaddr.ipaddr,					 host_ipaddr, sizeof(host_ipaddr)),			       packet->src_port,			       packet->code,			       packet->id, (int) packet->data_len);		}	}	FR_STATS_INC(auth, total_requests);	return 1;}

NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,			struct cli_state *cli,			const char *path,			struct client_dfs_referral **refs,			size_t *num_refs,			size_t *consumed){	unsigned int data_len = 0;	unsigned int param_len = 0;	uint16_t setup[1];	uint16_t recv_flags2;	uint8_t *param = NULL;	uint8_t *rdata = NULL;	char *p;	char *endp;	smb_ucs2_t *path_ucs;	char *consumed_path = NULL;	uint16_t consumed_ucs;	uint16 num_referrals;	struct client_dfs_referral *referrals = NULL;	NTSTATUS status;	TALLOC_CTX *frame = talloc_stackframe();	*num_refs = 0;	*refs = NULL;	SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);	param = talloc_array(talloc_tos(), uint8_t, 2);	if (!param) {		status = NT_STATUS_NO_MEMORY;		goto out;	}	SSVAL(param, 0, 0x03);	/* max referral level */	param = trans2_bytes_push_str(param, cli_ucs2(cli),				      path, strlen(path)+1,				      NULL);	if (!param) {		status = NT_STATUS_NO_MEMORY;		goto out;	}	param_len = talloc_get_size(param);	path_ucs = (smb_ucs2_t *)&param[2];	status = cli_trans(talloc_tos(), cli, SMBtrans2,			   NULL, 0xffff, 0, 0,			   setup, 1, 0,			   param, param_len, 2,			   NULL, 0, CLI_BUFFER_SIZE,			   &recv_flags2,			   NULL, 0, NULL, /* rsetup */			   NULL, 0, NULL,			   &rdata, 4, &data_len);	if (!NT_STATUS_IS_OK(status)) {		goto out;	}	endp = (char *)rdata + data_len;	consumed_ucs  = SVAL(rdata, 0);	num_referrals = SVAL(rdata, 2);	/* consumed_ucs is the number of bytes	 * of the UCS2 path consumed not counting any	 * terminating null. We need to convert	 * back to unix charset and count again	 * to get the number of bytes consumed from	 * the incoming path. */	errno = 0;	if (pull_string_talloc(talloc_tos(),			NULL,			0,			&consumed_path,			path_ucs,			consumed_ucs,			STR_UNICODE) == 0) {		if (errno != 0) {			status = map_nt_error_from_unix(errno);		} else {			status = NT_STATUS_INVALID_NETWORK_RESPONSE;		}		goto out;	}	if (consumed_path == NULL) {		status = map_nt_error_from_unix(errno);		goto out;	}	*consumed = strlen(consumed_path);	if (num_referrals != 0) {		uint16 ref_version;		uint16 ref_size;		int i;		uint16 node_offset;		referrals = talloc_array(ctx, struct client_dfs_referral,					 num_referrals);//.........这里部分代码省略.........

_PUBLIC_ enum MAPISTATUS EcDoRpc_RopMoveCopyMessages(TALLOC_CTX *mem_ctx,						     struct emsmdbp_context *emsmdbp_ctx,						     struct EcDoRpc_MAPI_REQ *mapi_req,						     struct EcDoRpc_MAPI_REPL *mapi_repl,						     uint32_t *handles, uint16_t *size){	enum MAPISTATUS		retval;	uint32_t		handle;	uint32_t                contextID;	struct mapi_handles	*rec = NULL;	void			*private_data = NULL;	struct emsmdbp_object	*destination_object;	struct emsmdbp_object   *source_object;	uint64_t                *targetMIDs;        uint32_t                i;	bool			mapistore = false;	OC_DEBUG(4, "exchange_emsmdb: [OXCFOLD] RopMoveCopyMessages (0x33)/n");	/* Sanity checks */	OPENCHANGE_RETVAL_IF(!emsmdbp_ctx, MAPI_E_NOT_INITIALIZED, NULL);	OPENCHANGE_RETVAL_IF(!mapi_req, MAPI_E_INVALID_PARAMETER, NULL);	OPENCHANGE_RETVAL_IF(!mapi_repl, MAPI_E_INVALID_PARAMETER, NULL);	OPENCHANGE_RETVAL_IF(!handles, MAPI_E_INVALID_PARAMETER, NULL);	OPENCHANGE_RETVAL_IF(!size, MAPI_E_INVALID_PARAMETER, NULL);	mapi_repl->opnum = mapi_req->opnum;	mapi_repl->error_code = MAPI_E_SUCCESS;	mapi_repl->handle_idx = mapi_req->handle_idx;	mapi_repl->u.mapi_MoveCopyMessages.PartialCompletion = 0;	/* Get the destionation information */	handle = handles[mapi_req->u.mapi_MoveCopyMessages.handle_idx];	retval = mapi_handles_search(emsmdbp_ctx->handles_ctx, handle, &rec);	if (retval) {		mapi_repl->error_code = MAPI_E_INVALID_OBJECT;		OC_DEBUG(5, "  handle (%x) not found: %x/n", handle, mapi_req->handle_idx);		goto end;	}	retval = mapi_handles_get_private_data(rec, &private_data);	/* object is our destination folder */        destination_object = private_data;	if (!destination_object) {		mapi_repl->error_code = MAPI_E_INVALID_OBJECT;		OC_DEBUG(5, "  object (%x) not found: %x/n", handle, mapi_req->handle_idx);		goto end;	}		/* Get the source folder information */	handle = handles[mapi_req->handle_idx];	retval = mapi_handles_search(emsmdbp_ctx->handles_ctx, handle, &rec);	if (retval) {		mapi_repl->error_code = MAPI_E_INVALID_OBJECT;		OC_DEBUG(5, "  handle (%x) not found: %x/n", handle, mapi_req->handle_idx);		goto end;	}	retval = mapi_handles_get_private_data(rec, &private_data);        source_object = private_data;	if (!source_object) {		mapi_repl->error_code = MAPI_E_INVALID_OBJECT;		OC_DEBUG(5, "  object (%x) not found: %x/n", handle, mapi_req->u.mapi_MoveCopyMessages.handle_idx);		goto end;	}	contextID = emsmdbp_get_contextID(destination_object);	mapistore = emsmdbp_is_mapistore(source_object);	if (mapistore) {		/* We prepare a set of new MIDs for the backend */		targetMIDs = talloc_array(NULL, uint64_t, mapi_req->u.mapi_MoveCopyMessages.count);		for (i = 0; i < mapi_req->u.mapi_MoveCopyMessages.count; i++) {			mapistore_indexing_get_new_folderID(emsmdbp_ctx->mstore_ctx, &targetMIDs[i]);		}		/* We invoke the backend method */		mapistore_folder_move_copy_messages(emsmdbp_ctx->mstore_ctx, contextID, destination_object->backend_object, source_object->backend_object, mem_ctx, mapi_req->u.mapi_MoveCopyMessages.count, mapi_req->u.mapi_MoveCopyMessages.message_id, targetMIDs, NULL, NULL, mapi_req->u.mapi_MoveCopyMessages.WantCopy);		talloc_free(targetMIDs);		/* //* The backend might do this for us. In any case, we try to add it ourselves *// */		/* mapistore_indexing_record_add_mid(emsmdbp_ctx->mstore_ctx, contextID, targetMID); */	}	else {		OC_DEBUG(0, "mapistore support not implemented yet - shouldn't occur/n");		mapi_repl->error_code = MAPI_E_NO_SUPPORT;	}end:	*size += libmapiserver_RopMoveCopyMessages_size(mapi_repl);	return MAPI_E_SUCCESS;}

//.........这里部分代码省略.........	SSVAL(outbody.data, 0x04, dialect);	/* dialect revision */	SSVAL(outbody.data, 0x06,	      out_negotiate_context_count);	/* reserved/NegotiateContextCount */	memcpy(outbody.data + 0x08,	       out_guid_blob.data, 16);	/* server guid */	SIVAL(outbody.data, 0x18,	      capabilities);			/* capabilities */	SIVAL(outbody.data, 0x1C, max_trans);	/* max transact size */	SIVAL(outbody.data, 0x20, max_read);	/* max read size */	SIVAL(outbody.data, 0x24, max_write);	/* max write size */	SBVAL(outbody.data, 0x28, now);		/* system time */	SBVAL(outbody.data, 0x30, 0);		/* server start time */	SSVAL(outbody.data, 0x38,	      security_offset);			/* security buffer offset */	SSVAL(outbody.data, 0x3A,	      security_buffer.length);		/* security buffer length */	SIVAL(outbody.data, 0x3C,	      out_negotiate_context_offset);	/* reserved/NegotiateContextOffset */	req->sconn->using_smb2 = true;	if (dialect != SMB2_DIALECT_REVISION_2FF) {		struct smbXsrv_client_global0 *global0 = NULL;		status = smbXsrv_connection_init_tables(xconn, protocol);		if (!NT_STATUS_IS_OK(status)) {			return smbd_smb2_request_error(req, status);		}		xconn->smb2.client.capabilities = in_capabilities;		xconn->smb2.client.security_mode = in_security_mode;		xconn->smb2.client.guid = in_guid;		xconn->smb2.client.num_dialects = dialect_count;		xconn->smb2.client.dialects = talloc_array(xconn,							   uint16_t,							   dialect_count);		if (xconn->smb2.client.dialects == NULL) {			return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);		}		for (c=0; c < dialect_count; c++) {			xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);		}		xconn->smb2.server.capabilities = capabilities;		xconn->smb2.server.security_mode = security_mode;		xconn->smb2.server.guid = out_guid;		xconn->smb2.server.dialect = dialect;		xconn->smb2.server.max_trans = max_trans;		xconn->smb2.server.max_read  = max_read;		xconn->smb2.server.max_write = max_write;		if (xconn->protocol < PROTOCOL_SMB2_10) {			/*			 * SMB2_02 doesn't support client guids			 */			return smbd_smb2_request_done(req, outbody, &outdyn);		}		if (!xconn->client->server_multi_channel_enabled) {			/*			 * Only deal with the client guid database			 * if multi-channel is enabled.			 */			return smbd_smb2_request_done(req, outbody, &outdyn);		}

//.........这里部分代码省略.........		RDEBUG("Invalid EAP-TLS packet received.  (Length bit is set, but no length was found.)");		talloc_free(tlspacket);		return NULL;	}	/*	 *	If the final TLS packet is larger than we can handle, die	 *	now.	 *	 *	Likewise, if the EAP packet says N bytes, and the TLS	 *	packet says there's fewer bytes, it's a problem.	 *	 *	FIXME: Try to ensure that the claimed length is	 *	consistent across multiple TLS fragments.	 */	if (TLS_LENGTH_INCLUDED(tlspacket->flags)) {		memcpy(&data_len, &eap_ds->response->type.data[1], 4);		data_len = ntohl(data_len);		if (data_len > MAX_RECORD_SIZE) {			RDEBUG("The EAP-TLS packet will contain more data than we can process");			talloc_free(tlspacket);			return NULL;		}#if 0		DEBUG2(" TLS: %d %d/n", data_len, tlspacket->length);		if (data_len < tlspacket->length) {			RDEBUG("EAP-TLS packet claims to be smaller than the encapsulating EAP packet");			talloc_free(tlspacket);			return NULL;		}#endif	}	switch (status) {	/*	 *	The TLS Message Length field is four octets, and	 *	provides the total length of the TLS message or set of	 *	messages that is being fragmented; this simplifies	 *	buffer allocation.	 *	 *	Dynamic allocation of buffers as & when we know the	 *	length should solve the problem.	 */	case FR_TLS_FIRST_FRAGMENT:	case FR_TLS_LENGTH_INCLUDED:	case FR_TLS_MORE_FRAGMENTS_WITH_LENGTH:		if (tlspacket->length < 5) { /* flags + TLS message length */			RDEBUG("Invalid EAP-TLS packet received.  (Expected length, got none.)");			talloc_free(tlspacket);			return NULL;		}		/*		 *	Extract all the TLS fragments from the		 *	previous eap_ds Start appending this		 *	fragment to the above ds		 */		memcpy(&data_len, &eap_ds->response->type.data[1], sizeof(uint32_t));		data_len = ntohl(data_len);		data = (eap_ds->response->type.data + 5/*flags+TLS-Length*/);		len = eap_ds->response->type.length - 5/*flags+TLS-Length*/;		/*		 *	Hmm... this should be an error, too.		 */		if (data_len > len) {			data_len = len;		}		break;		/*		 *	Data length is implicit, from the EAP header.		 */	case FR_TLS_MORE_FRAGMENTS:	case FR_TLS_OK:		data_len = eap_ds->response->type.length - 1/*flags*/;		data = eap_ds->response->type.data + 1/*flags*/;		break;	default:		RDEBUG("Invalid EAP-TLS packet received");		talloc_free(tlspacket);		return NULL;	}	tlspacket->dlen = data_len;	if (data_len) {		tlspacket->data = talloc_array(tlspacket, uint8_t,					       data_len);		if (!tlspacket->data) {			talloc_free(tlspacket);			return NULL;		}		memcpy(tlspacket->data, data, data_len);	}	return tlspacket;}

static int mod_process(void *arg, eap_handler_t *handler){	pwd_session_t *session;	pwd_hdr *hdr;	pwd_id_packet_t *packet;	eap_packet_t *response;	REQUEST *request, *fake;	VALUE_PAIR *pw, *vp;	EAP_DS *eap_ds;	size_t in_len;	int ret = 0;	eap_pwd_t *inst = (eap_pwd_t *)arg;	uint16_t offset;	uint8_t exch, *in, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN];	uint8_t peer_confirm[SHA256_DIGEST_LENGTH];	if (((eap_ds = handler->eap_ds) == NULL) || !inst) return 0;	session = (pwd_session_t *)handler->opaque;	request = handler->request;	response = handler->eap_ds->response;	hdr = (pwd_hdr *)response->type.data;	/*	 *	The header must be at least one byte.	 */	if (!hdr || (response->type.length < sizeof(pwd_hdr))) {		RDEBUG("Packet with insufficient data");		return 0;	}	in = hdr->data;	in_len = response->type.length - sizeof(pwd_hdr);	/*	* see if we're fragmenting, if so continue until we're done	*/	if (session->out_pos) {		if (in_len) RDEBUG2("pwd got something more than an ACK for a fragment");		return send_pwd_request(session, eap_ds);	}	/*	* the first fragment will have a total length, make a	* buffer to hold all the fragments	*/	if (EAP_PWD_GET_LENGTH_BIT(hdr)) {		if (session->in) {			RDEBUG2("pwd already alloced buffer for fragments");			return 0;		}		if (in_len < 2) {			RDEBUG("Invalid packet: length bit set, but no length field");			return 0;		}		session->in_len = ntohs(in[0] * 256 | in[1]);		if ((session->in = talloc_zero_array(session, uint8_t, session->in_len)) == NULL) {			RDEBUG2("pwd cannot allocate %zd buffer to hold fragments",				session->in_len);			return 0;		}		memset(session->in, 0, session->in_len);		session->in_pos = 0;		in += sizeof(uint16_t);		in_len -= sizeof(uint16_t);	}	/*	 * all fragments, including the 1st will have the M(ore) bit set,	 * buffer those fragments!	 */	if (EAP_PWD_GET_MORE_BIT(hdr)) {		rad_assert(session->in != NULL);		if ((session->in_pos + in_len) > session->in_len) {			RDEBUG2("Fragment overflows packet.");			return 0;		}		memcpy(session->in + session->in_pos, in, in_len);		session->in_pos += in_len;		/*		 * send back an ACK for this fragment		 */		exch = EAP_PWD_GET_EXCHANGE(hdr);		eap_ds->request->code = PW_EAP_REQUEST;		eap_ds->request->type.num = PW_EAP_PWD;		eap_ds->request->type.length = sizeof(pwd_hdr);		if ((eap_ds->request->type.data = talloc_array(eap_ds->request, uint8_t, sizeof(pwd_hdr))) == NULL) {			return 0;		}		hdr = (pwd_hdr *)eap_ds->request->type.data;		EAP_PWD_SET_EXCHANGE(hdr, exch);		return 1;	}//.........这里部分代码省略.........

static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,				     TALLOC_CTX *mem_ctx,				     int argc,				     const char **argv){	NTSTATUS status, result;	struct policy_handle handle;	uint8_t *buffer = NULL;	uint32_t buf_size = 0;	uint32_t bytes_needed = 0;	struct dcerpc_binding_handle *b = cli->binding_handle;	if (argc != 2) {		printf("Usage: %s logname/n", argv[0]);		return NT_STATUS_OK;	}	status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);	if (!NT_STATUS_IS_OK(status)) {		return status;	}	status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,						   &handle,						   0, /* level */						   buffer,						   buf_size,						   &bytes_needed,						   &result);	if (!NT_STATUS_IS_OK(status)) {		goto done;	}	if (!NT_STATUS_IS_OK(result) &&	    !NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) {		goto done;	}	buf_size = bytes_needed;	buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);	if (!buffer) {		status = NT_STATUS_NO_MEMORY;		goto done;	}	status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,						   &handle,						   0, /* level */						   buffer,						   buf_size,						   &bytes_needed,						   &result);	if (!NT_STATUS_IS_OK(status)) {		goto done;	}	if (!NT_STATUS_IS_OK(result)) {		status = result;		goto done;	} done:	dcerpc_eventlog_CloseEventLog(b, mem_ctx, &handle, &result);	return status;}

/** Authenticate a previously sent challenge * */static int mod_process(void *instance, eap_handler_t *handler){	uint8_t *in;	uint8_t *out = NULL;	uint8_t *ikemsg;	u_int32_t len;	uint8_t *sikemsg = NULL;   //out message	u_int32_t slen = 0;	u_int32_t olen = 0;	struct ikev2_ctx *i2 = (struct ikev2_ctx*)instance;	struct EAPHeader *hdr;	struct IKEv2Data *ikev2_data;	struct IKEv2Session *session;	INFO(IKEv2_LOG_PREFIX "authenticate" );	rad_assert(handler->request != NULL);	rad_assert(handler->stage == PROCESS);	EAP_DS *eap_ds=handler->eap_ds;	if (!eap_ds ||	    !eap_ds->response ||	    (eap_ds->response->code != PW_IKEV2_RESPONSE) ||	    eap_ds->response->type.num != PW_EAP_IKEV2 ||	    !eap_ds->response->type.data) {		ERROR(IKEv2_LOG_PREFIX "corrupted data");		return -1;	}	in = talloc_array(eap_ds, uint8_t, eap_ds->response->length);	if (in){		ERROR(IKEv2_LOG_PREFIX "alloc error");		return -1;	}	rad_assert(in != NULL);	hdr = (struct EAPHeader *)in;	hdr->Code = eap_ds->response->code;	hdr->Id = eap_ds->response->id;	hdr->Length = htons(eap_ds->response->length);	hdr->Type = eap_ds->response->type.num;	memcpy(in + 5, eap_ds->response->type.data, eap_ds->response->length - 5);	ikev2_data = (struct IKEv2Data*)handler->opaque;	session = ikev2_data->session;	session->timestamp = time(NULL);	if (!session->fragdata) session->sendfrag = false;	if (session->sendfrag && !ParseFragmentAck(in, session)){		session->eapMsgID = eap_ds->response->id + 1;		olen = CreateIKEv2Message(i2, NULL, 0, false, hdr->Id, session, (uint8_t **)&out);		talloc_free(in);		if (compose_rad_message(out,olen,handler->eap_ds)) {			free(out);			return 0;		}		free(out);		return 1;	}	session->eapMsgID = eap_ds->response->id + 1;	if (ParseIKEv2Message(in, &ikemsg, &len, session)){		if (ikemsg != NULL) free(ikemsg);		handler->eap_ds->request->code=PW_EAP_FAILURE;		INFO(IKEv2_LOG_PREFIX "Discarded packet");		return 1;	}	/* Send fragment ack */	if (!ikemsg || !len) {		if (session->SK_ready) session->include_integ = 1;		olen = CreateFragmentAck(in, &out, session); // confirm fragment		TALLOC_FREE(in);		if (compose_rad_message(out,olen,handler->eap_ds)) {			free(out);			return 0;		}		free(out);		return 1;	}	TALLOC_FREE(in);//.........这里部分代码省略.........

/** Send the challenge itself * * Challenges will come from one of three places eventually: * * 1  from attributes like PW_EAP_SIM_RANDx *	    (these might be retrived from a database) * * 2  from internally implemented SIM authenticators *	    (a simple one based upon XOR will be provided) * * 3  from some kind of SS7 interface. * * For now, they only come from attributes. * It might be that the best way to do 2/3 will be with a different * module to generate/calculate things. * */static int eap_sim_sendchallenge(eap_handler_t *handler){	REQUEST *request = handler->request;	eap_sim_state_t *ess;	VALUE_PAIR **invps, **outvps, *newvp;	RADIUS_PACKET *packet;	uint8_t *p;	ess = (eap_sim_state_t *)handler->opaque;	rad_assert(handler->request != NULL);	rad_assert(handler->request->reply);	/*	 *	Invps is the data from the client but this is for non-protocol data here.	 *	We should already have consumed any client originated data.	 */	invps = &handler->request->packet->vps;	/*	 *	Outvps is the data to the client	 */	packet = handler->request->reply;	outvps = &packet->vps;	if (RDEBUG_ENABLED2) {		RDEBUG2("EAP-SIM decoded packet");		rdebug_pair_list(L_DBG_LVL_2, request, *invps, NULL);	}	/*	 *	Okay, we got the challenges! Put them into an attribute.	 */	newvp = paircreate(packet, PW_EAP_SIM_RAND, 0);	newvp->length = 2 + (EAPSIM_RAND_SIZE * 3);	newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->length);	memset(p, 0, 2); /* clear reserved bytes */	p += 2;	memcpy(p, ess->keys.rand[0], EAPSIM_RAND_SIZE);	p += EAPSIM_RAND_SIZE;	memcpy(p, ess->keys.rand[1], EAPSIM_RAND_SIZE);	p += EAPSIM_RAND_SIZE;	memcpy(p, ess->keys.rand[2], EAPSIM_RAND_SIZE);	pairadd(outvps, newvp);	/*	 *	Set the EAP_ID - new value	 */	newvp = paircreate(packet, PW_EAP_ID, 0);	newvp->vp_integer = ess->sim_id++;	pairreplace(outvps, newvp);	/*	 *	Make a copy of the identity	 */	ess->keys.identitylen = strlen(handler->identity);	memcpy(ess->keys.identity, handler->identity, ess->keys.identitylen);	/*	 *	Use the SIM identity, if available	 */	newvp = pairfind(*invps, PW_EAP_SIM_IDENTITY, 0, TAG_ANY);	if (newvp && newvp->length > 2) {		uint16_t len;		memcpy(&len, newvp->vp_octets, sizeof(uint16_t));		len = ntohs(len);		if (len <= newvp->length - 2 && len <= MAX_STRING_LEN) {			ess->keys.identitylen = len;			memcpy(ess->keys.identity, newvp->vp_octets + 2, ess->keys.identitylen);		}	}	/*	 *	All set, calculate keys!	 */	eapsim_calculate_keys(&ess->keys);#ifdef EAP_SIM_DEBUG_PRF	eapsim_dump_mk(&ess->keys);#endif	/*//.........这里部分代码省略.........

static intmod_authenticate (void *arg, eap_handler_t *handler){    pwd_session_t *pwd_session;    pwd_hdr *hdr;    pwd_id_packet *id;    eap_packet_t *response;    REQUEST *request, *fake;    VALUE_PAIR *pw, *vp;    EAP_DS *eap_ds;    int len, ret = 0;    eap_pwd_t *inst = (eap_pwd_t *)arg;    uint16_t offset;    uint8_t exch, *buf, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN];    uint8_t peer_confirm[SHA256_DIGEST_LENGTH];    BIGNUM *x = NULL, *y = NULL;    if ((!handler) ||	((eap_ds = handler->eap_ds) == NULL) ||	(!inst)) {	return 0;    }    pwd_session = (pwd_session_t *)handler->opaque;    request = handler->request;    response = handler->eap_ds->response;    hdr = (pwd_hdr *)response->type.data;    buf = hdr->data;    len = response->type.length - sizeof(pwd_hdr);    /*     * see if we're fragmenting, if so continue until we're done     */    if (pwd_session->out_buf_pos) {	if (len) {	    RDEBUG2("pwd got something more than an ACK for a fragment");	}	return send_pwd_request(pwd_session, eap_ds);    }    /*     * the first fragment will have a total length, make a     * buffer to hold all the fragments     */    if (EAP_PWD_GET_LENGTH_BIT(hdr)) {	if (pwd_session->in_buf) {	    RDEBUG2("pwd already alloced buffer for fragments");	    return 0;	}	pwd_session->in_buf_len = ntohs(buf[0] * 256 | buf[1]);	if ((pwd_session->in_buf = talloc_zero_array(pwd_session, uint8_t,						     pwd_session->in_buf_len)) == NULL) {	    RDEBUG2("pwd cannot allocate %d buffer to hold fragments",		    pwd_session->in_buf_len);	    return 0;	}	memset(pwd_session->in_buf, 0, pwd_session->in_buf_len);	pwd_session->in_buf_pos = 0;	buf += sizeof(uint16_t);	len -= sizeof(uint16_t);    }    /*     * all fragments, including the 1st will have the M(ore) bit set,     * buffer those fragments!     */    if (EAP_PWD_GET_MORE_BIT(hdr)) {	rad_assert(pwd_session->in_buf != NULL);	if ((pwd_session->in_buf_pos + len) > pwd_session->in_buf_len) {	    RDEBUG2("pwd will not overflow a fragment buffer. Nope, not prudent.");	    return 0;	}	memcpy(pwd_session->in_buf + pwd_session->in_buf_pos, buf, len);	pwd_session->in_buf_pos += len;	/*	 * send back an ACK for this fragment	 */	exch = EAP_PWD_GET_EXCHANGE(hdr);	eap_ds->request->code = PW_EAP_REQUEST;	eap_ds->request->type.num = PW_EAP_PWD;	eap_ds->request->type.length = sizeof(pwd_hdr);	if ((eap_ds->request->type.data = talloc_array(eap_ds->request,						       uint8_t, sizeof(pwd_hdr))) == NULL) {	    return 0;	}	hdr = (pwd_hdr *)eap_ds->request->type.data;	EAP_PWD_SET_EXCHANGE(hdr, exch);	return 1;    }    if (pwd_session->in_buf) {	/*	 * the last fragment...	 */	if ((pwd_session->in_buf_pos + len) > pwd_session->in_buf_len) {	    RDEBUG2("pwd will not overflow a fragment buffer. Nope, not prudent.");	    return 0;	}//.........这里部分代码省略.........

/*  copy a file. Caller is supposed to have already ensured that the  operation is allowed. The destination file must not exist.*/NTSTATUS pvfs_copy_file(struct pvfs_state *pvfs,			struct pvfs_filename *name1, 			struct pvfs_filename *name2){	int fd1, fd2;	mode_t mode;	NTSTATUS status;	size_t buf_size = 0x10000;	uint8_t *buf = talloc_array(name2, uint8_t, buf_size);	if (buf == NULL) {		return NT_STATUS_NO_MEMORY;	}	fd1 = pvfs_sys_open(pvfs, name1->full_name, O_RDONLY, 0);	if (fd1 == -1) {		talloc_free(buf);		return pvfs_map_errno(pvfs, errno);	}	fd2 = pvfs_sys_open(pvfs, name2->full_name, O_CREAT|O_EXCL|O_WRONLY, 0);	if (fd2 == -1) {		close(fd1);		talloc_free(buf);		return pvfs_map_errno(pvfs, errno);	}	while (1) {		ssize_t ret2, ret = read(fd1, buf, buf_size);		if (ret == -1 && 		    (errno == EINTR || errno == EAGAIN)) {			continue;		}		if (ret <= 0) break;		ret2 = write(fd2, buf, ret);		if (ret2 == -1 &&		    (errno == EINTR || errno == EAGAIN)) {			continue;		}				if (ret2 != ret) {			close(fd1);			close(fd2);			talloc_free(buf);			pvfs_sys_unlink(pvfs, name2->full_name);			if (ret2 == -1) {				return pvfs_map_errno(pvfs, errno);			}			return NT_STATUS_DISK_FULL;		}	}	talloc_free(buf);	close(fd1);	mode = pvfs_fileperms(pvfs, name1->dos.attrib);	if (pvfs_sys_fchmod(pvfs, fd2, mode) == -1) {		status = pvfs_map_errno(pvfs, errno);		close(fd2);		pvfs_sys_unlink(pvfs, name2->full_name);		return status;	}	name2->st.st_mode = mode;	name2->dos = name1->dos;	status = pvfs_dosattrib_save(pvfs, name2, fd2);	if (!NT_STATUS_IS_OK(status)) {		close(fd2);		pvfs_sys_unlink(pvfs, name2->full_name);		return status;	}	close(fd2);	return NT_STATUS_OK;}