created means to add dce/rpc server auth parsers to individual pipes.

the ONLY one currently with an auth parser added is NTLMSSP on \PIPE\samr,
which is as it should be!  no other pipes should have NTLMSSP, because
no other pipes deal with password tokens.  this makes me happy to know
that this is coded in this way.

this was all in preparation for being to add netlogon "secure channel"
with one function call to \PIPE\NETLOGON.

[there seems to be a lot of little bits of work like this, just to add
this darn netlogon sec-chan!]

22 files changed, 382 insertions, 35 deletions

diff --git a/source/browserd/browserd.c b/source/browserd/browserd.c
index d5e60f21bc8..ca386f96253 100644
--- a/source/browserd/browserd.c
+++ b/source/browserd/browserd.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h
index dd91341ee2c..4e8b8974989 100644
--- a/source/include/ntdomain.h
+++ b/source/include/ntdomain.h
@@ -111,6 +111,11 @@ typedef struct rpcsrv_struct
 
 	void *auth_info;
 	struct srv_auth_fns *auth;
+
+	/* set of authentication modules.  does not include noauth */
+	uint32 num_auths;
+	struct srv_auth_fns **auth_fns;
+
 	BOOL auth_validated;
 	BOOL faulted_once_before;
 
@@ -145,7 +150,7 @@ typedef struct cli_auth_fns
 
 typedef struct srv_auth_fns
 {
-	BOOL (*api_is_auth)(RPC_HDR_AUTH*);
+	BOOL (*api_is_auth)(RPC_HDR_AUTH*, void **auth_info);
 
 	/* state-based authentication: one to decode, one to generate */
 	BOOL (*api_auth_chk)(rpcsrv_struct *, enum RPC_PKT_TYPE);
diff --git a/source/include/proto.h b/source/include/proto.h
index a3d0f5c8101..f80d2a1c6ab 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -5,6 +5,7 @@
 
 /*The following definitions come from  browserd/browserd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
@@ -1049,6 +1050,7 @@ int share_mode_forall(void (*fn)(share_mode_entry *, char *));
 
 /*The following definitions come from  lsarpcd/lsarpcd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
@@ -1081,6 +1083,8 @@ int msrpc_main(int argc,char *argv[]);
 /*The following definitions come from  msrpc/msrpcd_process.c  */
 
 BOOL get_user_creds(int c, struct user_creds *usr);
+void close_srv_auth_array(rpcsrv_struct *l);
+void add_srv_auth_fn(rpcsrv_struct *l, srv_auth_fns *fn);
 BOOL msrpcd_init(int c, msrpc_pipes_struct *p);
 void msrpcd_process(int c, msrpc_pipes_struct *p);
 
@@ -1092,6 +1096,7 @@ BOOL cred_init_db(void);
 
 /*The following definitions come from  netlogond/netlogond.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
@@ -2872,8 +2877,6 @@ BOOL net_io_r_sam_sync(char *desc, uint8 sess_key[16],
 /*The following definitions come from  rpc_parse/parse_ntlmssp.c  */
 
 BOOL rpc_hdr_ntlmssp_auth_chk(RPC_HDR_AUTH *rai);
-BOOL rpc_auth_ntlmssp_verifier_chk(RPC_AUTH_VERIFIER *rav,
-				char *signature, uint32 msg_type);
 BOOL make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
 				uint32 neg_flgs,
 				fstring myname, fstring domain);
@@ -3051,6 +3054,8 @@ BOOL smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int dept
 BOOL make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
 				char *signature, uint32 msg_type);
 BOOL smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth);
+BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
+				char *signature, uint32 msg_type);
 
 /*The following definitions come from  rpc_parse/parse_samr.c  */
 
@@ -4173,6 +4178,7 @@ void readline_init(void);
 
 /*The following definitions come from  samrd/samrd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
@@ -4664,11 +4670,13 @@ int smbw_stat(const char *fname, struct stat *st);
 
 /*The following definitions come from  spoolssd/spoolssd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
 /*The following definitions come from  srvsvcd/srvsvcd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
@@ -4735,11 +4743,13 @@ void status_page(void);
 
 /*The following definitions come from  winregd/winregd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 
 /*The following definitions come from  wkssvcd/wkssvcd.c  */
 
+void msrpc_auth_init(rpcsrv_struct *l);
 void msrpc_service_init(char* service_name);
 BOOL reload_services(BOOL test);
 #endif /* _PROTO_H_ */
diff --git a/source/include/rpc_netsec.h b/source/include/rpc_netsec.h
new file mode 100644
index 00000000000..1cf1204a672
--- /dev/null
+++ b/source/include/rpc_netsec.h
@@ -0,0 +1,62 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_NETSEC_H /* RPC_NETSEC_H */
+#define RPC_NETSEC_H 
+
+#include "rpc_misc.h" /* this only pulls in STRHDR */
+
+/* this is TEMPORARILY coded up as a specific structure */
+/* this structure comes after the bind request */
+/* RPC_AUTH_NETSEC_NEG */
+typedef struct rpc_auth_netsec_neg_info
+{
+	fstring domain; /* calling workstations's domain */
+	fstring myname; /* calling workstation's name */
+
+} RPC_AUTH_NETSEC_NEG;
+
+
+/* RPC_AUTH_NETSEC_RESP */
+typedef struct rpc_auth_netsec_resp_info
+{
+	uint32 pad  ; /* 0x0000 0000 */
+	uint32 flags; /* 0x0500 0000 */
+
+} RPC_AUTH_NETSEC_RESP;
+
+#define NETSEC_SIGNATURE \
+(char*){ 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
+
+/* attached to the end of encrypted rpc requests and responses */
+/* RPC_AUTH_NETSEC_CHK */
+typedef struct rpc_auth_netsec_chk_info
+{
+	uint8 sig  [8]; /* 77 00 7a 00 ff ff 00 00 */
+	uint8 data1[8];
+	uint8 data3[8]; /* verifier, seq num */
+	uint8 data8[8]; 
+
+} RPC_AUTH_NETSEC_CHK;
+
+#endif /* RPC_NETSEC_H */
+
diff --git a/source/include/rpc_ntlmssp.h b/source/include/rpc_ntlmssp.h
index 113f2cb9b54..7660c623b25 100644
--- a/source/include/rpc_ntlmssp.h
+++ b/source/include/rpc_ntlmssp.h
@@ -2,9 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    SMB parameters and setup
-   Copyright (C) Andrew Tridgell 1992-1997
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
-   Copyright (C) Paul Ashton 1997
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/source/lib/util_array.c b/source/lib/util_array.c
index c3945ff9f83..d20df02606b 100644
--- a/source/lib/util_array.c
+++ b/source/lib/util_array.c
@@ -28,11 +28,14 @@ void free_void_array(uint32 num_entries, void **entries,
 	uint32 i;
 	if (entries != NULL)
 	{
-		for (i = 0; i < num_entries; i++)
+		if (free_item != NULL)
 		{
-			if (entries[i] != NULL)
+			for (i = 0; i < num_entries; i++)
 			{
-				free_item(entries[i]);
+				if (entries[i] != NULL)
+				{
+					free_item(entries[i]);
+				}
 			}
 		}
 		free(entries);
diff --git a/source/lsarpcd/lsarpcd.c b/source/lsarpcd/lsarpcd.c
index c613232b2da..500aba5d1b2 100644
--- a/source/lsarpcd/lsarpcd.c
+++ b/source/lsarpcd/lsarpcd.c
@@ -28,6 +28,13 @@ extern pstring debugf;
 extern BOOL append_log;
 extern int DEBUGLEVEL;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 void msrpc_service_init(char* service_name)
 {
 	add_msrpc_command_processor( pipe_name, service_name, api_ntlsa_rpc );
diff --git a/source/msrpc/msrpcd.c b/source/msrpc/msrpcd.c
index 58d32759a0d..9bd0840518f 100644
--- a/source/msrpc/msrpcd.c
+++ b/source/msrpc/msrpcd.c
@@ -555,6 +555,7 @@ int msrpc_main(int argc,char *argv[])
 	fstrcpy(p.name, pipe_name);
 	if (msrpcd_init(ClientMSRPC, &p))
 	{
+		msrpc_auth_init(p.l);
 		reload_services(True);
 		msrpcd_process(ClientMSRPC, &p);
 	}
diff --git a/source/msrpc/msrpcd_process.c b/source/msrpc/msrpcd_process.c
index 43839e47c98..978b90960aa 100644
--- a/source/msrpc/msrpcd_process.c
+++ b/source/msrpc/msrpcd_process.c
@@ -302,6 +302,29 @@ BOOL get_user_creds(int c, struct user_creds *usr)
 	return new_con;
 }
 
+static void free_srv_auth_fns_array(uint32 num_entries, srv_auth_fns **entries)
+{
+	free_void_array(num_entries, (void**)entries, NULL);
+}
+
+static srv_auth_fns* add_srv_auth_fns_to_array(uint32 *len,
+				srv_auth_fns ***array,
+				srv_auth_fns *name)
+{
+	return (srv_auth_fns*)add_item_to_array(len,
+	                     (void***)array, (void*)name);
+}
+
+void close_srv_auth_array(rpcsrv_struct *l)
+{
+	free_srv_auth_fns_array(l->num_auths, l->auth_fns);
+}
+
+void add_srv_auth_fn(rpcsrv_struct *l, srv_auth_fns *fn)
+{
+	add_srv_auth_fns_to_array(&l->num_auths, &l->auth_fns, fn);
+	DEBUG(10,("add_srv_auth_fn: %d\n", l->num_auths));
+}
 /****************************************************************************
   initialise from pipe
 ****************************************************************************/
diff --git a/source/netlogond/netlogond.c b/source/netlogond/netlogond.c
index 3174daaf5e4..b8267c0311d 100644
--- a/source/netlogond/netlogond.c
+++ b/source/netlogond/netlogond.c
@@ -28,6 +28,13 @@ extern pstring debugf;
 extern BOOL append_log;
 extern int DEBUGLEVEL;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/rpc_client/cli_pipe_ntlmssp.c b/source/rpc_client/cli_pipe_ntlmssp.c
index bc6fdfb870a..7de977e1e40 100644
--- a/source/rpc_client/cli_pipe_ntlmssp.c
+++ b/source/rpc_client/cli_pipe_ntlmssp.c
@@ -402,7 +402,7 @@ static BOOL decode_ntlmssp_bind_resp(struct cli_connection *con,
 		RPC_AUTH_VERIFIER rhdr_verf;
 		smb_io_rpc_auth_verifier("", &rhdr_verf, rdata, 0);
 		if (rdata->offset == 0 ||
-		    !rpc_auth_ntlmssp_verifier_chk(&rhdr_verf,
+		    !rpc_auth_verifier_chk(&rhdr_verf,
 		                                   "NTLMSSP",
 		                                    NTLMSSP_CHALLENGE))
 		{
diff --git a/source/rpc_parse/parse_netsec.c b/source/rpc_parse/parse_netsec.c
new file mode 100644
index 00000000000..f6751c7831b
--- /dev/null
+++ b/source/rpc_parse/parse_netsec.c
@@ -0,0 +1,171 @@
+
+/* 
+ *  Unix SMB/Netbios implementation.
+ *  Version 1.9.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+
+/*******************************************************************
+checks an RPC_HDR_AUTH structure.
+********************************************************************/
+BOOL rpc_hdr_netsec_auth_chk(RPC_HDR_AUTH *rai)
+{
+	return (rai->auth_type == 0x44 && rai->auth_level == 0x06);
+}
+
+/*******************************************************************
+creates an RPC_AUTH_NETSEC_NEG structure.
+********************************************************************/
+BOOL make_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg,
+				fstring domain,
+				fstring myname)
+{
+	int len_myname = strlen(myname);
+	int len_domain = strlen(domain);
+
+	if (neg == NULL) return False;
+
+	neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
+
+	fstrcpy(neg->domain, domain);
+	fstrcpy(neg->myname, myname);
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_NETSEC_NEG structure.
+
+*** lkclXXXX HACK ALERT! ***
+
+********************************************************************/
+BOOL smb_io_rpc_auth_netsec_neg(char *desc, RPC_AUTH_NETSEC_NEG *neg, prs_struct *ps, int depth)
+{
+	int start_offset = ps->offset;
+	if (neg == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg");
+	depth++;
+
+	prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
+
+	prs_string("domain", ps, depth, neg->domain, 0, sizeof(neg->domain)); 
+	prs_string("myname", ps, depth, neg->myname, 0, sizeof(neg->myname)); 
+
+	return True;
+}
+
+/*******************************************************************
+creates an RPC_AUTH_NETSEC_RESP structure.
+
+*** lkclXXXX FUDGE!  HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
+*** lkclXXXX the actual offset is at the start of the auth verifier    ***
+
+********************************************************************/
+BOOL make_rpc_auth_netsec_resp(RPC_AUTH_NETSEC_RESP *rsp)
+{
+	DEBUG(5,("make_rpc_auth_netsec_resp\n"));
+
+	if (rsp == NULL) return False;
+
+	rsp->pad   = 0x0;
+	rsp->flags = 0x05000000;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_NETSEC_RESP structure.
+
+*** lkclXXXX FUDGE!  HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
+*** lkclXXXX the actual offset is at the start of the auth verifier    ***
+
+********************************************************************/
+BOOL smb_io_rpc_auth_netsec_resp(char *desc, RPC_AUTH_NETSEC_RESP *rsp, prs_struct *ps, int depth)
+{
+	if (rsp == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_resp");
+	depth++;
+
+	prs_uint32("pad  ", ps, depth, &(chk->pad  )); 
+	prs_uint32("flags", ps, depth, &(chk->flags)); 
+
+	return True;
+}
+
+/*******************************************************************
+checks an RPC_AUTH_NETSEC_CHK structure.
+********************************************************************/
+BOOL rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK *chk)
+{
+	if (chk == NULL)
+	{
+		return False;
+	}
+
+	if (memcmp(chk, NETSEC_SIGNATURE, 8) != 0)
+	{
+		return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+creates an RPC_AUTH_NETSEC_CHK structure.
+********************************************************************/
+BOOL make_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK *chk,
+				uchar sig[8],
+				uchar data1[8],
+				uchar data3[8],
+				uchar data8[8])
+{
+	if (chk == NULL) return False;
+
+	memcpy(chk->sig, sig, sizeof(chk->sig));
+	memcpy(chk->data1, data1, sizeof(chk->data1));
+	memcpy(chk->data3, data3, sizeof(chk->data3));
+	memcpy(chk->data8, data8, sizeof(chk->data8));
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_NETSEC_CHK structure.
+********************************************************************/
+BOOL smb_io_rpc_auth_netsec_chk(char *desc, RPC_AUTH_NETSEC_CHK *chk, prs_struct *ps, int depth)
+{
+	if (chk == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
+	depth++;
+
+	prs_uint8s(False, "sig  ", ps, depth, chk->sig  , sizeof(chk->sig  ));
+	prs_uint8s(False, "data1", ps, depth, chk->data1, sizeof(chk->data1));
+	prs_uint8s(False, "data3", ps, depth, chk->data3, sizeof(chk->data3));
+	prs_uint8s(False, "data8", ps, depth, chk->data8, sizeof(chk->data8));
+
+	return True;
+}
diff --git a/source/rpc_parse/parse_ntlmssp.c b/source/rpc_parse/parse_ntlmssp.c
index 5150cd76a36..bf102f84455 100644
--- a/source/rpc_parse/parse_ntlmssp.c
+++ b/source/rpc_parse/parse_ntlmssp.c
@@ -3,9 +3,8 @@
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
  *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1999,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1999,
- *  Copyright (C) Paul Ashton                  1997-1999.
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
  *  
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -37,15 +36,6 @@ BOOL rpc_hdr_ntlmssp_auth_chk(RPC_HDR_AUTH *rai)
 }
 
 /*******************************************************************
-checks an RPC_AUTH_VERIFIER structure.
-********************************************************************/
-BOOL rpc_auth_ntlmssp_verifier_chk(RPC_AUTH_VERIFIER *rav,
-				char *signature, uint32 msg_type)
-{
-	return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
-}
-
-/*******************************************************************
 creates an RPC_AUTH_NTLMSSP_NEG structure.
 ********************************************************************/
 BOOL make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c
index 0e4a3d95982..9d67e9c10b3 100644
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -662,3 +662,13 @@ BOOL smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps
 
 	return True;
 }
+
+/*******************************************************************
+checks an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
+				char *signature, uint32 msg_type)
+{
+	return (strequal(rav->signature, signature) &&
+	        rav->msg_type == msg_type);
+}
diff --git a/source/rpc_server/srv_pipe_ntlmssp.c b/source/rpc_server/srv_pipe_ntlmssp.c
index d0c8a70e6bb..25c150ac384 100644
--- a/source/rpc_server/srv_pipe_ntlmssp.c
+++ b/source/rpc_server/srv_pipe_ntlmssp.c
@@ -435,7 +435,10 @@ static BOOL api_ntlmssp_bind_auth_resp(rpcsrv_struct *l)
 	smb_io_rpc_auth_verifier("", &auth_verifier, &l->data_i, 0);
 	if (l->data_i.offset == 0) return False;
 
-	if (!rpc_auth_ntlmssp_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) return False;
+	if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH))
+	{
+		return False;
+	}
 	
 	return api_ntlmssp(l, auth_verifier.msg_type);
 }
@@ -606,9 +609,15 @@ static BOOL api_ntlmssp_decode_pdu(rpcsrv_struct *l)
 	return True;
 }
 
-static BOOL api_ntlmssp_hdr_chk(RPC_HDR_AUTH *auth_info)
+static BOOL api_ntlmssp_hdr_chk(RPC_HDR_AUTH *auth_info, void **auth_struct)
 {
-	return rpc_hdr_ntlmssp_auth_chk(auth_info);
+	DEBUG(10,("api_ntlmssp_hdr_chk:\n"));
+	if (!rpc_hdr_ntlmssp_auth_chk(auth_info))
+	{
+		return False;
+	}
+	(*auth_struct) = (void*)malloc(sizeof(ntlmssp_auth_struct));
+	return (*auth_struct) != NULL;
 }
 
 srv_auth_fns ntlmssp_fns = 
diff --git a/source/rpc_server/srv_pipe_srv.c b/source/rpc_server/srv_pipe_srv.c
index fe514bdb866..52e9c7ee09e 100644
--- a/source/rpc_server/srv_pipe_srv.c
+++ b/source/rpc_server/srv_pipe_srv.c
@@ -226,25 +226,24 @@ static BOOL srv_pipe_bind_and_alt_req(rpcsrv_struct *l,
 	if (l->hdr.auth_len != 0)
 	{
 		RPC_HDR_AUTH  auth_info;
-		extern srv_auth_fns ntlmssp_fns;
+		BOOL found = False;
+		int i;
 
 		/* decode the authentication verifier */
 		smb_io_rpc_hdr_auth    ("", &auth_info    , &l->data_i, 0);
 		if (l->data_i.offset == 0) return False;
 
-		if (ntlmssp_fns.api_is_auth(&(auth_info)))
+		for (i = 0; i < l->num_auths && !found; i++)
 		{
-			l->auth = &ntlmssp_fns;
-			l->auth_info = (void*)malloc(sizeof(ntlmssp_auth_struct));
-			if (l->auth_info == NULL)
+			if (l->auth_fns[i]->api_is_auth(&auth_info,
+			                                &l->auth_info))
 			{
-				DEBUG(10,("srv_pipe_bind_and_alt_req: malloc failed\n"));
-				return False;
+				l->auth = l->auth_fns[i];
+				assoc_gid = 0x7a77;
+				found = True;
 			}
-
-			assoc_gid = 0x7a77;
 		}
-		else
+		if (!found)
 		{
 			return False;
 		}
diff --git a/source/samrd/samrd.c b/source/samrd/samrd.c
index 92630903590..249082c194c 100644
--- a/source/samrd/samrd.c
+++ b/source/samrd/samrd.c
@@ -28,6 +28,15 @@ extern pstring debugf;
 extern BOOL append_log;
 extern int DEBUGLEVEL;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+	extern srv_auth_fns ntlmssp_fns;
+	add_srv_auth_fn(l, &ntlmssp_fns);
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/spoolssd/spoolssd.c b/source/spoolssd/spoolssd.c
index a576b6d7ad0..d08ed3e6dbb 100644
--- a/source/spoolssd/spoolssd.c
+++ b/source/spoolssd/spoolssd.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/srvsvcd/srvsvcd.c b/source/srvsvcd/srvsvcd.c
index be22b4ac77b..ab02b8b7dad 100644
--- a/source/srvsvcd/srvsvcd.c
+++ b/source/srvsvcd/srvsvcd.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/svcctld/svcctld.c b/source/svcctld/svcctld.c
index a9656685ad5..cd371fce0fb 100644
--- a/source/svcctld/svcctld.c
+++ b/source/svcctld/svcctld.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/winregd/winregd.c b/source/winregd/winregd.c
index 9d1fde7972c..cc1a37e0b6e 100644
--- a/source/winregd/winregd.c
+++ b/source/winregd/winregd.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/
diff --git a/source/wkssvcd/wkssvcd.c b/source/wkssvcd/wkssvcd.c
index 32c2ab0c9ea..6ca0c88418e 100644
--- a/source/wkssvcd/wkssvcd.c
+++ b/source/wkssvcd/wkssvcd.c
@@ -27,6 +27,13 @@ pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern BOOL append_log;
 
+/*****************************************************************************
+ initialise srv_auth_fns array
+ *****************************************************************************/
+void msrpc_auth_init(rpcsrv_struct *l)
+{
+}
+
 /*************************************************************************
  initialise an msrpc service
  *************************************************************************/