search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data...
[Samba.git] / librpc / rpc / dcerpc_util.c
blob4d82e9a53a975c9af42b13734b4c9d4d113cd638
1 /*
2 Unix SMB/CIFS implementation.
3 raw dcerpc operations
4
5 Copyright (C) Andrew Tridgell 2003-2005
6 Copyright (C) Jelmer Vernooij 2004-2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/network.h"
24 #include <tevent.h>
25 #include "lib/tsocket/tsocket.h"
26 #include "lib/util/tevent_ntstatus.h"
27 #include "librpc/rpc/dcerpc.h"
28 #include "librpc/gen_ndr/ndr_dcerpc.h"
29 #include "rpc_common.h"
30 #include "lib/util/bitmap.h"
31
32 /* we need to be able to get/set the fragment length without doing a full
33 decode */
34 void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v)
35 {
36 if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
37 SSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
38 } else {
39 RSSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
40 }
41 }
42
43 uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob)
44 {
45 if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
46 return SVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
47 } else {
48 return RSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
49 }
50 }
51
52 void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
53 {
54 if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
55 SSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
56 } else {
57 RSSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
58 }
59 }
60
61 uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob)
62 {
63 return blob->data[DCERPC_DREP_OFFSET];
64 }
65
66
67 /**
68 * @brief Pull a dcerpc_auth structure, taking account of any auth
69 * padding in the blob. For request/response packets we pass
70 * the whole data blob, so auth_data_only must be set to false
71 * as the blob contains data+pad+auth and no just pad+auth.
72 *
73 * @param pkt - The ncacn_packet strcuture
74 * @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
75 * @param pkt_trailer - The packet trailer data, usually the trailing
76 * auth_info blob, but in the request/response case
77 * this is the stub_and_verifier blob.
78 * @param auth - A preallocated dcerpc_auth *empty* structure
79 * @param auth_length - The length of the auth trail, sum of auth header
80 * lenght and pkt->auth_length
81 * @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
82 * (+ padding) or also other data.
83 *
84 * @return - A NTSTATUS error code.
85 */
86 NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
87 TALLOC_CTX *mem_ctx,
88 const DATA_BLOB *pkt_trailer,
89 struct dcerpc_auth *auth,
90 uint32_t *_auth_length,
91 bool auth_data_only)
92 {
93 struct ndr_pull *ndr;
94 enum ndr_err_code ndr_err;
95 uint16_t data_and_pad;
96 uint16_t auth_length;
97 uint32_t tmp_length;
98
99 ZERO_STRUCTP(auth);
100 if (_auth_length != NULL) {
101 *_auth_length = 0;
102
103 if (auth_data_only) {
104 return NT_STATUS_INTERNAL_ERROR;
105 }
106 } else {
107 if (!auth_data_only) {
108 return NT_STATUS_INTERNAL_ERROR;
109 }
110 }
111
112 /* Paranoia checks for auth_length. The caller should check this... */
113 if (pkt->auth_length == 0) {
114 return NT_STATUS_INTERNAL_ERROR;
115 }
116
117 /* Paranoia checks for auth_length. The caller should check this... */
118 if (pkt->auth_length > pkt->frag_length) {
119 return NT_STATUS_INTERNAL_ERROR;
120 }
121 tmp_length = DCERPC_NCACN_PAYLOAD_OFFSET;
122 tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
123 tmp_length += pkt->auth_length;
124 if (tmp_length > pkt->frag_length) {
125 return NT_STATUS_INTERNAL_ERROR;
126 }
127 if (pkt_trailer->length > UINT16_MAX) {
128 return NT_STATUS_INTERNAL_ERROR;
129 }
130
131 auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length;
132 if (pkt_trailer->length < auth_length) {
133 return NT_STATUS_RPC_PROTOCOL_ERROR;
134 }
135
136 data_and_pad = pkt_trailer->length - auth_length;
137
138 ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx);
139 if (!ndr) {
140 return NT_STATUS_NO_MEMORY;
141 }
142
143 if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
144 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
145 }
146
147 ndr_err = ndr_pull_advance(ndr, data_and_pad);
148 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
149 talloc_free(ndr);
150 return ndr_map_error2ntstatus(ndr_err);
151 }
152
153 ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth);
154 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
155 talloc_free(ndr);
156 ZERO_STRUCTP(auth);
157 return ndr_map_error2ntstatus(ndr_err);
158 }
159
160 if (data_and_pad < auth->auth_pad_length) {
161 DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
162 "Calculated %u got %u\n",
163 (unsigned)data_and_pad,
164 (unsigned)auth->auth_pad_length));
165 talloc_free(ndr);
166 ZERO_STRUCTP(auth);
167 return NT_STATUS_RPC_PROTOCOL_ERROR;
168 }
169
170 if (auth_data_only && data_and_pad != auth->auth_pad_length) {
171 DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
172 "Calculated %u got %u\n",
173 (unsigned)data_and_pad,
174 (unsigned)auth->auth_pad_length));
175 talloc_free(ndr);
176 ZERO_STRUCTP(auth);
177 return NT_STATUS_RPC_PROTOCOL_ERROR;
178 }
179
180 DEBUG(6,(__location__ ": auth_pad_length %u\n",
181 (unsigned)auth->auth_pad_length));
182
183 talloc_steal(mem_ctx, auth->credentials.data);
184 talloc_free(ndr);
185
186 if (_auth_length != NULL) {
187 *_auth_length = auth_length;
188 }
189
190 return NT_STATUS_OK;
191 }
192
193 /**
194 * @brief Verify the fields in ncacn_packet header.
195 *
196 * @param pkt - The ncacn_packet strcuture
197 * @param ptype - The expected PDU type
198 * @param max_auth_info - The maximum size of a possible auth trailer
199 * @param required_flags - The required flags for the pdu.
200 * @param optional_flags - The possible optional flags for the pdu.
201 *
202 * @return - A NTSTATUS error code.
203 */
204 NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
205 enum dcerpc_pkt_type ptype,
206 size_t max_auth_info,
207 uint8_t required_flags,
208 uint8_t optional_flags)
209 {
210 if (pkt->rpc_vers != 5) {
211 return NT_STATUS_RPC_PROTOCOL_ERROR;
212 }
213
214 if (pkt->rpc_vers_minor != 0) {
215 return NT_STATUS_RPC_PROTOCOL_ERROR;
216 }
217
218 if (pkt->auth_length > pkt->frag_length) {
219 return NT_STATUS_RPC_PROTOCOL_ERROR;
220 }
221
222 if (pkt->ptype != ptype) {
223 return NT_STATUS_RPC_PROTOCOL_ERROR;
224 }
225
226 if (max_auth_info > UINT16_MAX) {
227 return NT_STATUS_INTERNAL_ERROR;
228 }
229
230 if (pkt->auth_length > 0) {
231 size_t max_auth_length;
232
233 if (max_auth_info <= DCERPC_AUTH_TRAILER_LENGTH) {
234 return NT_STATUS_RPC_PROTOCOL_ERROR;
235 }
236 max_auth_length = max_auth_info - DCERPC_AUTH_TRAILER_LENGTH;
237
238 if (pkt->auth_length > max_auth_length) {
239 return NT_STATUS_RPC_PROTOCOL_ERROR;
240 }
241 }
242
243 if ((pkt->pfc_flags & required_flags) != required_flags) {
244 return NT_STATUS_RPC_PROTOCOL_ERROR;
245 }
246 if (pkt->pfc_flags & ~(optional_flags|required_flags)) {
247 return NT_STATUS_RPC_PROTOCOL_ERROR;
248 }
249
250 if (pkt->drep[0] & ~DCERPC_DREP_LE) {
251 return NT_STATUS_RPC_PROTOCOL_ERROR;
252 }
253 if (pkt->drep[1] != 0) {
254 return NT_STATUS_RPC_PROTOCOL_ERROR;
255 }
256 if (pkt->drep[2] != 0) {
257 return NT_STATUS_RPC_PROTOCOL_ERROR;
258 }
259 if (pkt->drep[3] != 0) {
260 return NT_STATUS_RPC_PROTOCOL_ERROR;
261 }
262
263 return NT_STATUS_OK;
264 }
265
266 struct dcerpc_read_ncacn_packet_state {
267 #if 0
268 struct {
269 } caller;
270 #endif
271 DATA_BLOB buffer;
272 struct ncacn_packet *pkt;
273 };
274
275 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream,
276 void *private_data,
277 TALLOC_CTX *mem_ctx,
278 struct iovec **_vector,
279 size_t *_count);
280 static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq);
281
282 struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
283 struct tevent_context *ev,
284 struct tstream_context *stream)
285 {
286 struct tevent_req *req;
287 struct dcerpc_read_ncacn_packet_state *state;
288 struct tevent_req *subreq;
289
290 req = tevent_req_create(mem_ctx, &state,
291 struct dcerpc_read_ncacn_packet_state);
292 if (req == NULL) {
293 return NULL;
294 }
295
296 state->buffer = data_blob_const(NULL, 0);
297 state->pkt = talloc(state, struct ncacn_packet);
298 if (tevent_req_nomem(state->pkt, req)) {
299 goto post;
300 }
301
302 subreq = tstream_readv_pdu_send(state, ev,
303 stream,
304 dcerpc_read_ncacn_packet_next_vector,
305 state);
306 if (tevent_req_nomem(subreq, req)) {
307 goto post;
308 }
309 tevent_req_set_callback(subreq, dcerpc_read_ncacn_packet_done, req);
310
311 return req;
312 post:
313 tevent_req_post(req, ev);
314 return req;
315 }
316
317 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream,
318 void *private_data,
319 TALLOC_CTX *mem_ctx,
320 struct iovec **_vector,
321 size_t *_count)
322 {
323 struct dcerpc_read_ncacn_packet_state *state =
324 talloc_get_type_abort(private_data,
325 struct dcerpc_read_ncacn_packet_state);
326 struct iovec *vector;
327 off_t ofs = 0;
328
329 if (state->buffer.length == 0) {
330 /*
331 * first get enough to read the fragment length
332 *
333 * We read the full fixed ncacn_packet header
334 * in order to make wireshark happy with
335 * pcap files from socket_wrapper.
336 */
337 ofs = 0;
338 state->buffer.length = DCERPC_NCACN_PAYLOAD_OFFSET;
339 state->buffer.data = talloc_array(state, uint8_t,
340 state->buffer.length);
341 if (!state->buffer.data) {
342 return -1;
343 }
344 } else if (state->buffer.length == DCERPC_NCACN_PAYLOAD_OFFSET) {
345 /* now read the fragment length and allocate the full buffer */
346 size_t frag_len = dcerpc_get_frag_length(&state->buffer);
347
348 ofs = state->buffer.length;
349
350 if (frag_len < ofs) {
351 /*
352 * something is wrong, let the caller deal with it
353 */
354 *_vector = NULL;
355 *_count = 0;
356 return 0;
357 }
358
359 state->buffer.data = talloc_realloc(state,
360 state->buffer.data,
361 uint8_t, frag_len);
362 if (!state->buffer.data) {
363 return -1;
364 }
365 state->buffer.length = frag_len;
366 } else {
367 /* if we reach this we have a full fragment */
368 *_vector = NULL;
369 *_count = 0;
370 return 0;
371 }
372
373 /* now create the vector that we want to be filled */
374 vector = talloc_array(mem_ctx, struct iovec, 1);
375 if (!vector) {
376 return -1;
377 }
378
379 vector[0].iov_base = (void *) (state->buffer.data + ofs);
380 vector[0].iov_len = state->buffer.length - ofs;
381
382 *_vector = vector;
383 *_count = 1;
384 return 0;
385 }
386
387 static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq)
388 {
389 struct tevent_req *req = tevent_req_callback_data(subreq,
390 struct tevent_req);
391 struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req,
392 struct dcerpc_read_ncacn_packet_state);
393 int ret;
394 int sys_errno;
395 struct ndr_pull *ndr;
396 enum ndr_err_code ndr_err;
397 NTSTATUS status;
398
399 ret = tstream_readv_pdu_recv(subreq, &sys_errno);
400 TALLOC_FREE(subreq);
401 if (ret == -1) {
402 status = map_nt_error_from_unix_common(sys_errno);
403 tevent_req_nterror(req, status);
404 return;
405 }
406
407 ndr = ndr_pull_init_blob(&state->buffer, state->pkt);
408 if (tevent_req_nomem(ndr, req)) {
409 return;
410 }
411
412 if (!(CVAL(ndr->data, DCERPC_DREP_OFFSET) & DCERPC_DREP_LE)) {
413 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
414 }
415
416 if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
417 ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
418 }
419
420 ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, state->pkt);
421 TALLOC_FREE(ndr);
422 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
423 status = ndr_map_error2ntstatus(ndr_err);
424 tevent_req_nterror(req, status);
425 return;
426 }
427
428 if (state->pkt->frag_length != state->buffer.length) {
429 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
430 return;
431 }
432
433 tevent_req_done(req);
434 }
435
436 NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
437 TALLOC_CTX *mem_ctx,
438 struct ncacn_packet **pkt,
439 DATA_BLOB *buffer)
440 {
441 struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req,
442 struct dcerpc_read_ncacn_packet_state);
443 NTSTATUS status;
444
445 if (tevent_req_is_nterror(req, &status)) {
446 tevent_req_received(req);
447 return status;
448 }
449
450 *pkt = talloc_move(mem_ctx, &state->pkt);
451 if (buffer) {
452 buffer->data = talloc_move(mem_ctx, &state->buffer.data);
453 buffer->length = state->buffer.length;
454 }
455
456 tevent_req_received(req);
457 return NT_STATUS_OK;
458 }
459
460 const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
461 enum dcerpc_transport_t transport,
462 const struct ndr_interface_table *table)
463 {
464 NTSTATUS status;
465 const char *p = NULL;
466 const char *endpoint = NULL;
467 int i;
468 struct dcerpc_binding *default_binding = NULL;
469 TALLOC_CTX *frame = talloc_stackframe();
470
471 /* Find one of the default pipes for this interface */
472
473 for (i = 0; i < table->endpoints->count; i++) {
474 enum dcerpc_transport_t dtransport;
475 const char *dendpoint;
476
477 status = dcerpc_parse_binding(frame, table->endpoints->names[i],
478 &default_binding);
479 if (!NT_STATUS_IS_OK(status)) {
480 continue;
481 }
482
483 dtransport = dcerpc_binding_get_transport(default_binding);
484 dendpoint = dcerpc_binding_get_string_option(default_binding,
485 "endpoint");
486 if (dendpoint == NULL) {
487 TALLOC_FREE(default_binding);
488 continue;
489 }
490
491 if (transport == NCA_UNKNOWN) {
492 transport = dtransport;
493 }
494
495 if (transport != dtransport) {
496 TALLOC_FREE(default_binding);
497 continue;
498 }
499
500 p = dendpoint;
501 break;
502 }
503
504 if (p == NULL) {
505 goto done;
506 }
507
508 /*
509 * extract the pipe name without \\pipe from for example
510 * ncacn_np:[\\pipe\\epmapper]
511 */
512 if (transport == NCACN_NP) {
513 if (strncasecmp(p, "\\pipe\\", 6) == 0) {
514 p += 6;
515 }
516 if (strncmp(p, "\\", 1) == 0) {
517 p += 1;
518 }
519 }
520
521 endpoint = talloc_strdup(mem_ctx, p);
522
523 done:
524 talloc_free(frame);
525 return endpoint;
526 }
527
528 struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt)
529 {
530 struct dcerpc_sec_vt_header2 ret;
531
532 ZERO_STRUCT(ret);
533 ret.ptype = pkt->ptype;
534 memcpy(&ret.drep, pkt->drep, sizeof(ret.drep));
535 ret.call_id = pkt->call_id;
536
537 switch (pkt->ptype) {
538 case DCERPC_PKT_REQUEST:
539 ret.context_id = pkt->u.request.context_id;
540 ret.opnum = pkt->u.request.opnum;
541 break;
542
543 case DCERPC_PKT_RESPONSE:
544 ret.context_id = pkt->u.response.context_id;
545 break;
546
547 case DCERPC_PKT_FAULT:
548 ret.context_id = pkt->u.fault.context_id;
549 break;
550
551 default:
552 break;
553 }
554
555 return ret;
556 }
557
558 bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1,
559 const struct dcerpc_sec_vt_header2 *v2)
560 {
561 if (v1->ptype != v2->ptype) {
562 return false;
563 }
564
565 if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) {
566 return false;
567 }
568
569 if (v1->call_id != v2->call_id) {
570 return false;
571 }
572
573 if (v1->context_id != v2->context_id) {
574 return false;
575 }
576
577 if (v1->opnum != v2->opnum) {
578 return false;
579 }
580
581 return true;
582 }
583
584 static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r)
585 {
586 bool ret = false;
587 TALLOC_CTX *frame = talloc_stackframe();
588 struct bitmap *commands_seen;
589 int i;
590
591 if (r->count.count == 0) {
592 ret = true;
593 goto done;
594 }
595
596 if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) {
597 goto done;
598 }
599
600 commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1);
601 if (commands_seen == NULL) {
602 goto done;
603 }
604
605 for (i=0; i < r->count.count; i++) {
606 enum dcerpc_sec_vt_command_enum cmd =
607 r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM;
608
609 if (bitmap_query(commands_seen, cmd)) {
610 /* Each command must appear at most once. */
611 goto done;
612 }
613 bitmap_set(commands_seen, cmd);
614
615 switch (cmd) {
616 case DCERPC_SEC_VT_COMMAND_BITMASK1:
617 case DCERPC_SEC_VT_COMMAND_PCONTEXT:
618 case DCERPC_SEC_VT_COMMAND_HEADER2:
619 break;
620 default:
621 if ((r->commands[i].u._unknown.length % 4) != 0) {
622 goto done;
623 }
624 break;
625 }
626 }
627 ret = true;
628 done:
629 TALLOC_FREE(frame);
630 return ret;
631 }
632
633 static bool dcerpc_sec_vt_bitmask_check(const uint32_t *bitmask1,
634 struct dcerpc_sec_vt *c)
635 {
636 if (bitmask1 == NULL) {
637 if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
638 DEBUG(10, ("SEC_VT check Bitmask1 must_process_command "
639 "failed\n"));
640 return false;
641 }
642
643 return true;
644 }
645
646 if ((c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING)
647 && (!(*bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING))) {
648 DEBUG(10, ("SEC_VT check Bitmask1 client_header_signing "
649 "failed\n"));
650 return false;
651 }
652 return true;
653 }
654
655 static bool dcerpc_sec_vt_pctx_check(const struct dcerpc_sec_vt_pcontext *pcontext,
656 struct dcerpc_sec_vt *c)
657 {
658 TALLOC_CTX *mem_ctx;
659 bool ok;
660
661 if (pcontext == NULL) {
662 if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
663 DEBUG(10, ("SEC_VT check Pcontext must_process_command "
664 "failed\n"));
665 return false;
666 }
667
668 return true;
669 }
670
671 mem_ctx = talloc_stackframe();
672 ok = ndr_syntax_id_equal(&pcontext->abstract_syntax,
673 &c->u.pcontext.abstract_syntax);
674 if (!ok) {
675 DEBUG(10, ("SEC_VT check pcontext abstract_syntax failed: "
676 "%s vs. %s\n",
677 ndr_syntax_id_to_string(mem_ctx,
678 &pcontext->abstract_syntax),
679 ndr_syntax_id_to_string(mem_ctx,
680 &c->u.pcontext.abstract_syntax)));
681 goto err_ctx_free;
682 }
683 ok = ndr_syntax_id_equal(&pcontext->transfer_syntax,
684 &c->u.pcontext.transfer_syntax);
685 if (!ok) {
686 DEBUG(10, ("SEC_VT check pcontext transfer_syntax failed: "
687 "%s vs. %s\n",
688 ndr_syntax_id_to_string(mem_ctx,
689 &pcontext->transfer_syntax),
690 ndr_syntax_id_to_string(mem_ctx,
691 &c->u.pcontext.transfer_syntax)));
692 goto err_ctx_free;
693 }
694
695 ok = true;
696 err_ctx_free:
697 talloc_free(mem_ctx);
698 return ok;
699 }
700
701 static bool dcerpc_sec_vt_hdr2_check(const struct dcerpc_sec_vt_header2 *header2,
702 struct dcerpc_sec_vt *c)
703 {
704 if (header2 == NULL) {
705 if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
706 DEBUG(10, ("SEC_VT check Header2 must_process_command failed\n"));
707 return false;
708 }
709
710 return true;
711 }
712
713 if (!dcerpc_sec_vt_header2_equal(header2, &c->u.header2)) {
714 DEBUG(10, ("SEC_VT check Header2 failed\n"));
715 return false;
716 }
717
718 return true;
719 }
720
721 bool dcerpc_sec_verification_trailer_check(
722 const struct dcerpc_sec_verification_trailer *vt,
723 const uint32_t *bitmask1,
724 const struct dcerpc_sec_vt_pcontext *pcontext,
725 const struct dcerpc_sec_vt_header2 *header2)
726 {
727 size_t i;
728
729 if (!dcerpc_sec_vt_is_valid(vt)) {
730 return false;
731 }
732
733 for (i=0; i < vt->count.count; i++) {
734 bool ok;
735 struct dcerpc_sec_vt *c = &vt->commands[i];
736
737 switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) {
738 case DCERPC_SEC_VT_COMMAND_BITMASK1:
739 ok = dcerpc_sec_vt_bitmask_check(bitmask1, c);
740 if (!ok) {
741 return false;
742 }
743 break;
744
745 case DCERPC_SEC_VT_COMMAND_PCONTEXT:
746 ok = dcerpc_sec_vt_pctx_check(pcontext, c);
747 if (!ok) {
748 return false;
749 }
750 break;
751
752 case DCERPC_SEC_VT_COMMAND_HEADER2: {
753 ok = dcerpc_sec_vt_hdr2_check(header2, c);
754 if (!ok) {
755 return false;
756 }
757 break;
758 }
759
760 default:
761 if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
762 DEBUG(10, ("SEC_VT check Unknown must_process_command failed\n"));
763 return false;
764 }
765
766 break;
767 }
768 }
769
770 return true;
771 }
772
773 static const struct ndr_syntax_id dcerpc_bind_time_features_prefix = {
774 .uuid = {
775 .time_low = 0x6cb71c2c,
776 .time_mid = 0x9812,
777 .time_hi_and_version = 0x4540,
778 .clock_seq = {0x00, 0x00},
779 .node = {0x00,0x00,0x00,0x00,0x00,0x00}
780 },
781 .if_version = 1,
782 };
783
784 bool dcerpc_extract_bind_time_features(struct ndr_syntax_id s, uint64_t *_features)
785 {
786 uint8_t values[8];
787 uint64_t features = 0;
788
789 values[0] = s.uuid.clock_seq[0];
790 values[1] = s.uuid.clock_seq[1];
791 values[2] = s.uuid.node[0];
792 values[3] = s.uuid.node[1];
793 values[4] = s.uuid.node[2];
794 values[5] = s.uuid.node[3];
795 values[6] = s.uuid.node[4];
796 values[7] = s.uuid.node[5];
797
798 ZERO_STRUCT(s.uuid.clock_seq);
799 ZERO_STRUCT(s.uuid.node);
800
801 if (!ndr_syntax_id_equal(&s, &dcerpc_bind_time_features_prefix)) {
802 if (_features != NULL) {
803 *_features = 0;
804 }
805 return false;
806 }
807
808 features = BVAL(values, 0);
809
810 if (_features != NULL) {
811 *_features = features;
812 }
813
814 return true;
815 }
816
817 struct ndr_syntax_id dcerpc_construct_bind_time_features(uint64_t features)
818 {
819 struct ndr_syntax_id s = dcerpc_bind_time_features_prefix;
820 uint8_t values[8];
821
822 SBVAL(values, 0, features);
823
824 s.uuid.clock_seq[0] = values[0];
825 s.uuid.clock_seq[1] = values[1];
826 s.uuid.node[0] = values[2];
827 s.uuid.node[1] = values[3];
828 s.uuid.node[2] = values[4];
829 s.uuid.node[3] = values[5];
830 s.uuid.node[4] = values[6];
831 s.uuid.node[5] = values[7];
832
833 return s;
834 }
Samba GIT mirror