2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
39 0x2b, 0x10, 0x48, 0x60 } \
43 #define SYNT_NETLOGON_V2 \
46 0x8a885d04, 0x1ceb, 0x11c9, \
49 0x2b, 0x10, 0x48, 0x60 } \
53 #define SYNT_WKSSVC_V1 \
56 0x6bffd098, 0xa112, 0x3610, \
59 0xf8, 0x7e, 0x34, 0x5a } \
63 #define SYNT_SRVSVC_V3 \
66 0x4b324fc8, 0x1670, 0x01d3, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
73 #define SYNT_LSARPC_V0 \
76 0x12345778, 0x1234, 0xabcd, \
79 0x45, 0x67, 0x89, 0xab } \
83 #define SYNT_LSARPC_V0_DS \
86 0x3919286a, 0xb10c, 0x11d0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
93 #define SYNT_SAMR_V1 \
96 0x12345778, 0x1234, 0xabcd, \
99 0x45, 0x67, 0x89, 0xac } \
103 #define SYNT_NETLOGON_V1 \
106 0x12345678, 0x1234, 0xabcd, \
109 0x45, 0x67, 0xcf, 0xfb } \
113 #define SYNT_WINREG_V1 \
116 0x338cd001, 0x2244, 0x31f1, \
119 0x38, 0x00, 0x10, 0x03 } \
123 #define SYNT_SPOOLSS_V1 \
126 0x12345678, 0x1234, 0xabcd, \
129 0x45, 0x67, 0x89, 0xab } \
133 #define SYNT_NONE_V0 \
139 0x00, 0x00, 0x00, 0x00 } \
143 #define SYNT_NETDFS_V3 \
146 0x4fc742e0, 0x4a10, 0x11cf, \
149 0x00, 0x4a, 0xe6, 0x73 } \
153 #define SYNT_ECHO_V1 \
156 0x60a15ec5, 0x4de8, 0x11d7, \
159 0x56, 0xa2, 0x01, 0x82 } \
163 #define SYNT_SHUTDOWN_V1 \
166 0x894de0c0, 0x0d55, 0x11d3, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
173 #define SYNT_SVCCTL_V2 \
176 0x367abb81, 0x9844, 0x35f1, \
179 0x38, 0x00, 0x10, 0x03 } \
184 #define SYNT_EVENTLOG_V0 \
187 0x82273fdc, 0xe32a, 0x18c3, \
190 0x29, 0xdc, 0x23, 0xea } \
195 * IMPORTANT!! If you update this structure, make sure to
196 * update the index #defines in smb.h.
199 const struct pipe_id_info pipe_names
[] =
201 /* client pipe , abstract syntax , server pipe , transfer syntax */
202 { PIPE_LSARPC
, SYNT_LSARPC_V0
, PIPE_LSASS
, TRANS_SYNT_V2
},
203 { PIPE_LSARPC
, SYNT_LSARPC_V0_DS
, PIPE_LSASS
, TRANS_SYNT_V2
},
204 { PIPE_SAMR
, SYNT_SAMR_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
205 { PIPE_NETLOGON
, SYNT_NETLOGON_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
206 { PIPE_SRVSVC
, SYNT_SRVSVC_V3
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
207 { PIPE_WKSSVC
, SYNT_WKSSVC_V1
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
208 { PIPE_WINREG
, SYNT_WINREG_V1
, PIPE_WINREG
, TRANS_SYNT_V2
},
209 { PIPE_SPOOLSS
, SYNT_SPOOLSS_V1
, PIPE_SPOOLSS
, TRANS_SYNT_V2
},
210 { PIPE_NETDFS
, SYNT_NETDFS_V3
, PIPE_NETDFS
, TRANS_SYNT_V2
},
211 { PIPE_ECHO
, SYNT_ECHO_V1
, PIPE_ECHO
, TRANS_SYNT_V2
},
212 { PIPE_SHUTDOWN
, SYNT_SHUTDOWN_V1
, PIPE_SHUTDOWN
, TRANS_SYNT_V2
},
213 { PIPE_SVCCTL
, SYNT_SVCCTL_V2
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
214 { PIPE_EVENTLOG
, SYNT_EVENTLOG_V0
, PIPE_EVENTLOG
, TRANS_SYNT_V2
},
215 { NULL
, SYNT_NONE_V0
, NULL
, SYNT_NONE_V0
}
218 /*******************************************************************
219 Inits an RPC_HDR structure.
220 ********************************************************************/
222 void init_rpc_hdr(RPC_HDR
*hdr
, enum RPC_PKT_TYPE pkt_type
, uint8 flags
,
223 uint32 call_id
, int data_len
, int auth_len
)
225 hdr
->major
= 5; /* RPC version 5 */
226 hdr
->minor
= 0; /* minor version 0 */
227 hdr
->pkt_type
= pkt_type
; /* RPC packet type */
228 hdr
->flags
= flags
; /* dce/rpc flags */
229 hdr
->pack_type
[0] = 0x10; /* little-endian data representation */
230 hdr
->pack_type
[1] = 0; /* packed data representation */
231 hdr
->pack_type
[2] = 0; /* packed data representation */
232 hdr
->pack_type
[3] = 0; /* packed data representation */
233 hdr
->frag_len
= data_len
; /* fragment length, fill in later */
234 hdr
->auth_len
= auth_len
; /* authentication length */
235 hdr
->call_id
= call_id
; /* call identifier - match incoming RPC */
238 /*******************************************************************
239 Reads or writes an RPC_HDR structure.
240 ********************************************************************/
242 BOOL
smb_io_rpc_hdr(const char *desc
, RPC_HDR
*rpc
, prs_struct
*ps
, int depth
)
247 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr");
250 if(!prs_uint8 ("major ", ps
, depth
, &rpc
->major
))
253 if(!prs_uint8 ("minor ", ps
, depth
, &rpc
->minor
))
255 if(!prs_uint8 ("pkt_type ", ps
, depth
, &rpc
->pkt_type
))
257 if(!prs_uint8 ("flags ", ps
, depth
, &rpc
->flags
))
260 /* We always marshall in little endian format. */
262 rpc
->pack_type
[0] = 0x10;
264 if(!prs_uint8("pack_type0", ps
, depth
, &rpc
->pack_type
[0]))
266 if(!prs_uint8("pack_type1", ps
, depth
, &rpc
->pack_type
[1]))
268 if(!prs_uint8("pack_type2", ps
, depth
, &rpc
->pack_type
[2]))
270 if(!prs_uint8("pack_type3", ps
, depth
, &rpc
->pack_type
[3]))
274 * If reading and pack_type[0] == 0 then the data is in big-endian
275 * format. Set the flag in the prs_struct to specify reverse-endainness.
278 if (UNMARSHALLING(ps
) && rpc
->pack_type
[0] == 0) {
279 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
280 prs_set_endian_data(ps
, RPC_BIG_ENDIAN
);
283 if(!prs_uint16("frag_len ", ps
, depth
, &rpc
->frag_len
))
285 if(!prs_uint16("auth_len ", ps
, depth
, &rpc
->auth_len
))
287 if(!prs_uint32("call_id ", ps
, depth
, &rpc
->call_id
))
292 /*******************************************************************
293 Reads or writes an RPC_IFACE structure.
294 ********************************************************************/
296 static BOOL
smb_io_rpc_iface(const char *desc
, RPC_IFACE
*ifc
, prs_struct
*ps
, int depth
)
301 prs_debug(ps
, depth
, desc
, "smb_io_rpc_iface");
307 if (!smb_io_uuid( "uuid", &ifc
->uuid
, ps
, depth
))
310 if(!prs_uint32 ("version", ps
, depth
, &ifc
->version
))
316 /*******************************************************************
317 Inits an RPC_ADDR_STR structure.
318 ********************************************************************/
320 static void init_rpc_addr_str(RPC_ADDR_STR
*str
, const char *name
)
322 str
->len
= strlen(name
) + 1;
323 fstrcpy(str
->str
, name
);
326 /*******************************************************************
327 Reads or writes an RPC_ADDR_STR structure.
328 ********************************************************************/
330 static BOOL
smb_io_rpc_addr_str(const char *desc
, RPC_ADDR_STR
*str
, prs_struct
*ps
, int depth
)
335 prs_debug(ps
, depth
, desc
, "smb_io_rpc_addr_str");
340 if(!prs_uint16 ( "len", ps
, depth
, &str
->len
))
342 if(!prs_uint8s (True
, "str", ps
, depth
, (uchar
*)str
->str
, MIN(str
->len
, sizeof(str
->str
)) ))
347 /*******************************************************************
348 Inits an RPC_HDR_BBA structure.
349 ********************************************************************/
351 static void init_rpc_hdr_bba(RPC_HDR_BBA
*bba
, uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
)
353 bba
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
354 bba
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
355 bba
->assoc_gid
= assoc_gid
; /* associated group id (0x0) */
358 /*******************************************************************
359 Reads or writes an RPC_HDR_BBA structure.
360 ********************************************************************/
362 static BOOL
smb_io_rpc_hdr_bba(const char *desc
, RPC_HDR_BBA
*rpc
, prs_struct
*ps
, int depth
)
367 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_bba");
370 if(!prs_uint16("max_tsize", ps
, depth
, &rpc
->max_tsize
))
372 if(!prs_uint16("max_rsize", ps
, depth
, &rpc
->max_rsize
))
374 if(!prs_uint32("assoc_gid", ps
, depth
, &rpc
->assoc_gid
))
379 /*******************************************************************
380 Inits an RPC_HDR_RB structure.
381 ********************************************************************/
383 void init_rpc_hdr_rb(RPC_HDR_RB
*rpc
,
384 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
385 uint32 num_elements
, uint16 context_id
, uint8 num_syntaxes
,
386 RPC_IFACE
*abstract
, RPC_IFACE
*transfer
)
388 init_rpc_hdr_bba(&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
390 rpc
->num_elements
= num_elements
; /* the number of elements (0x1) */
391 rpc
->context_id
= context_id
; /* presentation context identifier (0x0) */
392 rpc
->num_syntaxes
= num_syntaxes
; /* the number of syntaxes (has always been 1?)(0x1) */
394 /* num and vers. of interface client is using */
395 rpc
->abstract
= *abstract
;
397 /* num and vers. of interface to use for replies */
398 rpc
->transfer
= *transfer
;
401 /*******************************************************************
402 Reads or writes an RPC_HDR_RB structure.
403 ********************************************************************/
405 BOOL
smb_io_rpc_hdr_rb(const char *desc
, RPC_HDR_RB
*rpc
, prs_struct
*ps
, int depth
)
413 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_rb");
416 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
419 if(!prs_uint32("num_elements", ps
, depth
, &rpc
->num_elements
))
421 if(!prs_uint16("context_id ", ps
, depth
, &rpc
->context_id
))
423 if(!prs_uint8 ("num_syntaxes", ps
, depth
, &rpc
->num_syntaxes
))
426 if(!smb_io_rpc_iface("", &rpc
->abstract
, ps
, depth
))
428 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
431 /* just chew through extra context id's for now */
433 for ( i
=1; i
<rpc
->num_elements
; i
++ ) {
434 if(!prs_uint16("context_id ", ps
, depth
, &rpc2
.context_id
))
436 if(!prs_uint8 ("num_syntaxes", ps
, depth
, &rpc2
.num_syntaxes
))
439 if(!smb_io_rpc_iface("", &rpc2
.abstract
, ps
, depth
))
441 if(!smb_io_rpc_iface("", &rpc2
.transfer
, ps
, depth
))
448 /*******************************************************************
449 Inits an RPC_RESULTS structure.
451 lkclXXXX only one reason at the moment!
452 ********************************************************************/
454 static void init_rpc_results(RPC_RESULTS
*res
,
455 uint8 num_results
, uint16 result
, uint16 reason
)
457 res
->num_results
= num_results
; /* the number of results (0x01) */
458 res
->result
= result
; /* result (0x00 = accept) */
459 res
->reason
= reason
; /* reason (0x00 = no reason specified) */
462 /*******************************************************************
463 Reads or writes an RPC_RESULTS structure.
465 lkclXXXX only one reason at the moment!
466 ********************************************************************/
468 static BOOL
smb_io_rpc_results(const char *desc
, RPC_RESULTS
*res
, prs_struct
*ps
, int depth
)
473 prs_debug(ps
, depth
, desc
, "smb_io_rpc_results");
479 if(!prs_uint8 ("num_results", ps
, depth
, &res
->num_results
))
485 if(!prs_uint16("result ", ps
, depth
, &res
->result
))
487 if(!prs_uint16("reason ", ps
, depth
, &res
->reason
))
492 /*******************************************************************
493 Init an RPC_HDR_BA structure.
495 lkclXXXX only one reason at the moment!
497 ********************************************************************/
499 void init_rpc_hdr_ba(RPC_HDR_BA
*rpc
,
500 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
501 const char *pipe_addr
,
502 uint8 num_results
, uint16 result
, uint16 reason
,
505 init_rpc_hdr_bba (&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
506 init_rpc_addr_str(&rpc
->addr
, pipe_addr
);
507 init_rpc_results (&rpc
->res
, num_results
, result
, reason
);
509 /* the transfer syntax from the request */
510 memcpy(&rpc
->transfer
, transfer
, sizeof(rpc
->transfer
));
513 /*******************************************************************
514 Reads or writes an RPC_HDR_BA structure.
515 ********************************************************************/
517 BOOL
smb_io_rpc_hdr_ba(const char *desc
, RPC_HDR_BA
*rpc
, prs_struct
*ps
, int depth
)
522 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_ba");
525 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
527 if(!smb_io_rpc_addr_str("", &rpc
->addr
, ps
, depth
))
529 if(!smb_io_rpc_results("", &rpc
->res
, ps
, depth
))
531 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
536 /*******************************************************************
537 Init an RPC_HDR_REQ structure.
538 ********************************************************************/
540 void init_rpc_hdr_req(RPC_HDR_REQ
*hdr
, uint32 alloc_hint
, uint16 opnum
)
542 hdr
->alloc_hint
= alloc_hint
; /* allocation hint */
543 hdr
->context_id
= 0; /* presentation context identifier */
544 hdr
->opnum
= opnum
; /* opnum */
547 /*******************************************************************
548 Reads or writes an RPC_HDR_REQ structure.
549 ********************************************************************/
551 BOOL
smb_io_rpc_hdr_req(const char *desc
, RPC_HDR_REQ
*rpc
, prs_struct
*ps
, int depth
)
556 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_req");
559 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
561 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
563 if(!prs_uint16("opnum ", ps
, depth
, &rpc
->opnum
))
568 /*******************************************************************
569 Reads or writes an RPC_HDR_RESP structure.
570 ********************************************************************/
572 BOOL
smb_io_rpc_hdr_resp(const char *desc
, RPC_HDR_RESP
*rpc
, prs_struct
*ps
, int depth
)
577 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_resp");
580 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
582 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
584 if(!prs_uint8 ("cancel_ct ", ps
, depth
, &rpc
->cancel_count
))
586 if(!prs_uint8 ("reserved ", ps
, depth
, &rpc
->reserved
))
591 /*******************************************************************
592 Reads or writes an RPC_HDR_FAULT structure.
593 ********************************************************************/
595 BOOL
smb_io_rpc_hdr_fault(const char *desc
, RPC_HDR_FAULT
*rpc
, prs_struct
*ps
, int depth
)
600 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_fault");
603 if(!prs_ntstatus("status ", ps
, depth
, &rpc
->status
))
605 if(!prs_uint32("reserved", ps
, depth
, &rpc
->reserved
))
611 /*******************************************************************
612 Init an RPC_HDR_AUTHA structure.
613 ********************************************************************/
615 void init_rpc_hdr_autha(RPC_HDR_AUTHA
*rai
,
616 uint16 max_tsize
, uint16 max_rsize
,
617 uint8 auth_type
, uint8 auth_level
,
620 rai
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
621 rai
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
623 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
624 rai
->auth_level
= auth_level
; /* 0x06 */
625 rai
->stub_type_len
= stub_type_len
; /* 0x00 */
626 rai
->padding
= 0; /* padding 0x00 */
628 rai
->unknown
= 0x0014a0c0; /* non-zero pointer to something */
631 /*******************************************************************
632 Reads or writes an RPC_HDR_AUTHA structure.
633 ********************************************************************/
635 BOOL
smb_io_rpc_hdr_autha(const char *desc
, RPC_HDR_AUTHA
*rai
, prs_struct
*ps
, int depth
)
640 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_autha");
643 if(!prs_uint16("max_tsize ", ps
, depth
, &rai
->max_tsize
))
645 if(!prs_uint16("max_rsize ", ps
, depth
, &rai
->max_rsize
))
648 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
650 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
652 if(!prs_uint8 ("stub_type_len", ps
, depth
, &rai
->stub_type_len
))
654 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
657 if(!prs_uint32("unknown ", ps
, depth
, &rai
->unknown
)) /* 0x0014a0c0 */
663 /*******************************************************************
664 Inits an RPC_HDR_AUTH structure.
665 ********************************************************************/
667 void init_rpc_hdr_auth(RPC_HDR_AUTH
*rai
,
668 uint8 auth_type
, uint8 auth_level
,
672 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
673 rai
->auth_level
= auth_level
; /* 0x06 */
674 rai
->padding
= padding
;
677 rai
->auth_context
= ptr
; /* non-zero pointer to something */
680 /*******************************************************************
681 Reads or writes an RPC_HDR_AUTH structure.
682 ********************************************************************/
684 BOOL
smb_io_rpc_hdr_auth(const char *desc
, RPC_HDR_AUTH
*rai
, prs_struct
*ps
, int depth
)
689 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_auth");
695 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
697 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
699 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
701 if(!prs_uint8 ("reserved ", ps
, depth
, &rai
->reserved
))
703 if(!prs_uint32("auth_context ", ps
, depth
, &rai
->auth_context
))
709 /*******************************************************************
710 Checks an RPC_AUTH_VERIFIER structure.
711 ********************************************************************/
713 BOOL
rpc_auth_verifier_chk(RPC_AUTH_VERIFIER
*rav
,
714 const char *signature
, uint32 msg_type
)
716 return (strequal(rav
->signature
, signature
) && rav
->msg_type
== msg_type
);
719 /*******************************************************************
720 Inits an RPC_AUTH_VERIFIER structure.
721 ********************************************************************/
723 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER
*rav
,
724 const char *signature
, uint32 msg_type
)
726 fstrcpy(rav
->signature
, signature
); /* "NTLMSSP" */
727 rav
->msg_type
= msg_type
; /* NTLMSSP_MESSAGE_TYPE */
730 /*******************************************************************
731 Reads or writes an RPC_AUTH_VERIFIER structure.
732 ********************************************************************/
734 BOOL
smb_io_rpc_auth_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
739 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
743 if(!prs_string("signature", ps
, depth
, rav
->signature
,
744 sizeof(rav
->signature
)))
746 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
)) /* NTLMSSP_MESSAGE_TYPE */
752 /*******************************************************************
753 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
754 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
755 I have to look at that later...
756 ********************************************************************/
758 BOOL
smb_io_rpc_netsec_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
763 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
766 if(!prs_string("signature", ps
, depth
, rav
->signature
, sizeof(rav
->signature
)))
768 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
))
774 /*******************************************************************
775 Inits an RPC_AUTH_NTLMSSP_NEG structure.
776 ********************************************************************/
778 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG
*neg
,
780 const char *myname
, const char *domain
)
782 int len_myname
= strlen(myname
);
783 int len_domain
= strlen(domain
);
785 neg
->neg_flgs
= neg_flgs
; /* 0x00b2b3 */
787 init_str_hdr(&neg
->hdr_domain
, len_domain
, len_domain
, 0x20 + len_myname
);
788 init_str_hdr(&neg
->hdr_myname
, len_myname
, len_myname
, 0x20);
790 fstrcpy(neg
->myname
, myname
);
791 fstrcpy(neg
->domain
, domain
);
794 /*******************************************************************
795 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
797 *** lkclXXXX HACK ALERT! ***
798 ********************************************************************/
800 BOOL
smb_io_rpc_auth_ntlmssp_neg(const char *desc
, RPC_AUTH_NTLMSSP_NEG
*neg
, prs_struct
*ps
, int depth
)
802 uint32 start_offset
= prs_offset(ps
);
806 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_neg");
809 if(!prs_uint32("neg_flgs ", ps
, depth
, &neg
->neg_flgs
))
814 uint32 old_neg_flags
= neg
->neg_flgs
;
820 neg
->neg_flgs
= old_neg_flags
;
822 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
824 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
827 old_offset
= prs_offset(ps
);
829 if(!prs_set_offset(ps
, neg
->hdr_myname
.buffer
+ start_offset
- 12))
832 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
833 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
836 old_offset
+= neg
->hdr_myname
.str_str_len
;
838 if(!prs_set_offset(ps
, neg
->hdr_domain
.buffer
+ start_offset
- 12))
841 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
842 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
845 old_offset
+= neg
->hdr_domain
.str_str_len
;
847 if(!prs_set_offset(ps
, old_offset
))
851 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
853 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
856 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
857 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
859 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
860 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
867 /*******************************************************************
868 creates an RPC_AUTH_NTLMSSP_CHAL structure.
869 ********************************************************************/
871 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL
*chl
,
875 chl
->unknown_1
= 0x0;
876 chl
->unknown_2
= 0x00000028;
877 chl
->neg_flags
= neg_flags
; /* 0x0082b1 */
879 memcpy(chl
->challenge
, challenge
, sizeof(chl
->challenge
));
880 memset((char *)chl
->reserved
, '\0', sizeof(chl
->reserved
));
883 /*******************************************************************
884 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
885 ********************************************************************/
887 BOOL
smb_io_rpc_auth_ntlmssp_chal(const char *desc
, RPC_AUTH_NTLMSSP_CHAL
*chl
, prs_struct
*ps
, int depth
)
892 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chal");
895 if(!prs_uint32("unknown_1", ps
, depth
, &chl
->unknown_1
)) /* 0x0000 0000 */
897 if(!prs_uint32("unknown_2", ps
, depth
, &chl
->unknown_2
)) /* 0x0000 b2b3 */
899 if(!prs_uint32("neg_flags", ps
, depth
, &chl
->neg_flags
)) /* 0x0000 82b1 */
902 if(!prs_uint8s (False
, "challenge", ps
, depth
, chl
->challenge
, sizeof(chl
->challenge
)))
904 if(!prs_uint8s (False
, "reserved ", ps
, depth
, chl
->reserved
, sizeof(chl
->reserved
)))
910 /*******************************************************************
911 Inits an RPC_AUTH_NTLMSSP_RESP structure.
913 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
914 *** lkclXXXX the actual offset is at the start of the auth verifier ***
915 ********************************************************************/
917 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP
*rsp
,
918 uchar lm_resp
[24], uchar nt_resp
[24],
919 const char *domain
, const char *user
, const char *wks
,
923 int dom_len
= strlen(domain
);
924 int wks_len
= strlen(wks
);
925 int usr_len
= strlen(user
);
926 int lm_len
= (lm_resp
!= NULL
) ? 24 : 0;
927 int nt_len
= (nt_resp
!= NULL
) ? 24 : 0;
929 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
931 #ifdef DEBUG_PASSWORD
932 DEBUG(100,("lm_resp\n"));
933 dump_data(100, (char *)lm_resp
, 24);
934 DEBUG(100,("nt_resp\n"));
935 dump_data(100, (char *)nt_resp
, 24);
938 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
939 domain
, user
, wks
, neg_flags
));
943 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
949 init_str_hdr(&rsp
->hdr_domain
, dom_len
, dom_len
, offset
);
952 init_str_hdr(&rsp
->hdr_usr
, usr_len
, usr_len
, offset
);
955 init_str_hdr(&rsp
->hdr_wks
, wks_len
, wks_len
, offset
);
958 init_str_hdr(&rsp
->hdr_lm_resp
, lm_len
, lm_len
, offset
);
961 init_str_hdr(&rsp
->hdr_nt_resp
, nt_len
, nt_len
, offset
);
964 init_str_hdr(&rsp
->hdr_sess_key
, 0, 0, offset
);
966 rsp
->neg_flags
= neg_flags
;
968 memcpy(rsp
->lm_resp
, lm_resp
, 24);
969 memcpy(rsp
->nt_resp
, nt_resp
, 24);
971 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
972 rpcstr_push(rsp
->domain
, domain
, sizeof(rsp
->domain
), 0);
973 rpcstr_push(rsp
->user
, user
, sizeof(rsp
->user
), 0);
974 rpcstr_push(rsp
->wks
, wks
, sizeof(rsp
->wks
), 0);
976 fstrcpy(rsp
->domain
, domain
);
977 fstrcpy(rsp
->user
, user
);
978 fstrcpy(rsp
->wks
, wks
);
981 rsp
->sess_key
[0] = 0;
984 /*******************************************************************
985 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
987 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
988 *** lkclXXXX the actual offset is at the start of the auth verifier ***
989 ********************************************************************/
991 BOOL
smb_io_rpc_auth_ntlmssp_resp(const char *desc
, RPC_AUTH_NTLMSSP_RESP
*rsp
, prs_struct
*ps
, int depth
)
996 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_resp");
1006 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
1008 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
1010 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
1012 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
1014 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1016 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1019 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1022 old_offset
= prs_offset(ps
);
1024 if(!prs_set_offset(ps
, rsp
->hdr_domain
.buffer
+ 0xc))
1027 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1028 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1031 old_offset
+= rsp
->hdr_domain
.str_str_len
;
1033 if(!prs_set_offset(ps
, rsp
->hdr_usr
.buffer
+ 0xc))
1036 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1037 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1040 old_offset
+= rsp
->hdr_usr
.str_str_len
;
1042 if(!prs_set_offset(ps
, rsp
->hdr_wks
.buffer
+ 0xc))
1045 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1046 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1049 old_offset
+= rsp
->hdr_wks
.str_str_len
;
1051 if(!prs_set_offset(ps
, rsp
->hdr_lm_resp
.buffer
+ 0xc))
1054 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1055 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1058 old_offset
+= rsp
->hdr_lm_resp
.str_str_len
;
1060 if(!prs_set_offset(ps
, rsp
->hdr_nt_resp
.buffer
+ 0xc))
1063 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1064 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1067 old_offset
+= rsp
->hdr_nt_resp
.str_str_len
;
1069 if (rsp
->hdr_sess_key
.str_str_len
!= 0) {
1071 if(!prs_set_offset(ps
, rsp
->hdr_sess_key
.buffer
+ 0x10))
1074 old_offset
+= rsp
->hdr_sess_key
.str_str_len
;
1076 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1077 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1081 if(!prs_set_offset(ps
, old_offset
))
1085 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
1087 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
1089 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
1091 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
1093 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1095 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1098 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1101 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1102 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1105 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1106 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1109 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1110 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1112 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1113 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1115 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1116 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1118 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1119 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1126 /*******************************************************************
1127 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1128 ********************************************************************/
1130 BOOL
rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
, uint32 crc32
, uint32 seq_num
)
1135 if (chk
->crc32
!= crc32
||
1136 chk
->ver
!= NTLMSSP_SIGN_VERSION
||
1137 chk
->seq_num
!= seq_num
)
1139 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1140 chk
->crc32
, chk
->ver
, chk
->seq_num
));
1142 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1143 crc32
, NTLMSSP_SIGN_VERSION
, seq_num
));
1149 /*******************************************************************
1150 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1151 ********************************************************************/
1153 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
,
1154 uint32 ver
, uint32 crc32
, uint32 seq_num
)
1157 chk
->reserved
= 0x0;
1159 chk
->seq_num
= seq_num
;
1162 /*******************************************************************
1163 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1164 ********************************************************************/
1166 BOOL
smb_io_rpc_auth_ntlmssp_chk(const char *desc
, RPC_AUTH_NTLMSSP_CHK
*chk
, prs_struct
*ps
, int depth
)
1171 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chk");
1177 if(!prs_uint32("ver ", ps
, depth
, &chk
->ver
))
1179 if(!prs_uint32("reserved", ps
, depth
, &chk
->reserved
))
1181 if(!prs_uint32("crc32 ", ps
, depth
, &chk
->crc32
))
1183 if(!prs_uint32("seq_num ", ps
, depth
, &chk
->seq_num
))
1189 /*******************************************************************
1190 creates an RPC_AUTH_NETSEC_NEG structure.
1191 ********************************************************************/
1192 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG
*neg
,
1193 const char *domain
, const char *myname
)
1197 fstrcpy(neg
->domain
, domain
);
1198 fstrcpy(neg
->myname
, myname
);
1201 /*******************************************************************
1202 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1203 ********************************************************************/
1205 BOOL
smb_io_rpc_auth_netsec_neg(const char *desc
, RPC_AUTH_NETSEC_NEG
*neg
,
1206 prs_struct
*ps
, int depth
)
1211 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_neg");
1217 if(!prs_uint32("type1", ps
, depth
, &neg
->type1
))
1219 if(!prs_uint32("type2", ps
, depth
, &neg
->type2
))
1221 if(!prs_string("domain ", ps
, depth
, neg
->domain
, sizeof(neg
->domain
)))
1223 if(!prs_string("myname ", ps
, depth
, neg
->myname
, sizeof(neg
->myname
)))
1229 /*******************************************************************
1230 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1231 ********************************************************************/
1232 BOOL
smb_io_rpc_auth_netsec_chk(const char *desc
, int auth_len
,
1233 RPC_AUTH_NETSEC_CHK
* chk
,
1234 prs_struct
*ps
, int depth
)
1239 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_chk");
1242 if ( !prs_uint8s(False
, "sig ", ps
, depth
, chk
->sig
, sizeof(chk
->sig
)) )
1245 if ( !prs_uint8s(False
, "seq_num", ps
, depth
, chk
->seq_num
, sizeof(chk
->seq_num
)) )
1248 if ( !prs_uint8s(False
, "packet_digest", ps
, depth
, chk
->packet_digest
, sizeof(chk
->packet_digest
)) )
1251 if ( auth_len
== RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN
) {
1252 if ( !prs_uint8s(False
, "confounder", ps
, depth
, chk
->confounder
, sizeof(chk
->confounder
)) )