search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push e1d8a1293d44015bb0894687d02c5c53339996f7
[wine/hacks.git] / dlls / rpcrt4 / rpc_message.c
blob46830c8583cfa408e9604c494a6a1e1d94cf76a2
1 /*
2 * RPC messages
3 *
4 * Copyright 2001-2002 Ove Kåven, TransGaming Technologies
5 * Copyright 2004 Filip Navara
6 * Copyright 2006 CodeWeavers
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #include <stdarg.h>
24 #include <stdio.h>
25 #include <string.h>
26
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winuser.h"
31
32 #include "rpc.h"
33 #include "rpcndr.h"
34 #include "rpcdcep.h"
35
36 #include "wine/debug.h"
37
38 #include "rpc_binding.h"
39 #include "rpc_defs.h"
40 #include "rpc_message.h"
41 #include "ncastatus.h"
42
43 WINE_DEFAULT_DEBUG_CHANNEL(rpc);
44
45 /* note: the DCE/RPC spec says the alignment amount should be 4, but
46 * MS/RPC servers seem to always use 16 */
47 #define AUTH_ALIGNMENT 16
48
49 /* gets the amount needed to round a value up to the specified alignment */
50 #define ROUND_UP_AMOUNT(value, alignment) \
51 (((alignment) - (((value) % (alignment)))) % (alignment))
52 #define ROUND_UP(value, alignment) (((value) + ((alignment) - 1)) & ~((alignment)-1))
53
54 enum secure_packet_direction
55 {
56 SECURE_PACKET_SEND,
57 SECURE_PACKET_RECEIVE
58 };
59
60 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg);
61
62 DWORD RPCRT4_GetHeaderSize(const RpcPktHdr *Header)
63 {
64 static const DWORD header_sizes[] = {
65 sizeof(Header->request), 0, sizeof(Header->response),
66 sizeof(Header->fault), 0, 0, 0, 0, 0, 0, 0, sizeof(Header->bind),
67 sizeof(Header->bind_ack), sizeof(Header->bind_nack),
68 0, 0, 0, 0, 0, 0, sizeof(Header->http)
69 };
70 ULONG ret = 0;
71
72 if (Header->common.ptype < sizeof(header_sizes) / sizeof(header_sizes[0])) {
73 ret = header_sizes[Header->common.ptype];
74 if (ret == 0)
75 FIXME("unhandled packet type\n");
76 if (Header->common.flags & RPC_FLG_OBJECT_UUID)
77 ret += sizeof(UUID);
78 } else {
79 WARN("invalid packet type %u\n", Header->common.ptype);
80 }
81
82 return ret;
83 }
84
85 static int packet_has_body(const RpcPktHdr *Header)
86 {
87 return (Header->common.ptype == PKT_FAULT) ||
88 (Header->common.ptype == PKT_REQUEST) ||
89 (Header->common.ptype == PKT_RESPONSE);
90 }
91
92 static int packet_has_auth_verifier(const RpcPktHdr *Header)
93 {
94 return !(Header->common.ptype == PKT_BIND_NACK) &&
95 !(Header->common.ptype == PKT_SHUTDOWN);
96 }
97
98 static VOID RPCRT4_BuildCommonHeader(RpcPktHdr *Header, unsigned char PacketType,
99 unsigned long DataRepresentation)
100 {
101 Header->common.rpc_ver = RPC_VER_MAJOR;
102 Header->common.rpc_ver_minor = RPC_VER_MINOR;
103 Header->common.ptype = PacketType;
104 Header->common.drep[0] = LOBYTE(LOWORD(DataRepresentation));
105 Header->common.drep[1] = HIBYTE(LOWORD(DataRepresentation));
106 Header->common.drep[2] = LOBYTE(HIWORD(DataRepresentation));
107 Header->common.drep[3] = HIBYTE(HIWORD(DataRepresentation));
108 Header->common.auth_len = 0;
109 Header->common.call_id = 1;
110 Header->common.flags = 0;
111 /* Flags and fragment length are computed in RPCRT4_Send. */
112 }
113
114 static RpcPktHdr *RPCRT4_BuildRequestHeader(unsigned long DataRepresentation,
115 unsigned long BufferLength,
116 unsigned short ProcNum,
117 UUID *ObjectUuid)
118 {
119 RpcPktHdr *header;
120 BOOL has_object;
121 RPC_STATUS status;
122
123 has_object = (ObjectUuid != NULL && !UuidIsNil(ObjectUuid, &status));
124 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
125 sizeof(header->request) + (has_object ? sizeof(UUID) : 0));
126 if (header == NULL) {
127 return NULL;
128 }
129
130 RPCRT4_BuildCommonHeader(header, PKT_REQUEST, DataRepresentation);
131 header->common.frag_len = sizeof(header->request);
132 header->request.alloc_hint = BufferLength;
133 header->request.context_id = 0;
134 header->request.opnum = ProcNum;
135 if (has_object) {
136 header->common.flags |= RPC_FLG_OBJECT_UUID;
137 header->common.frag_len += sizeof(UUID);
138 memcpy(&header->request + 1, ObjectUuid, sizeof(UUID));
139 }
140
141 return header;
142 }
143
144 RpcPktHdr *RPCRT4_BuildResponseHeader(unsigned long DataRepresentation,
145 unsigned long BufferLength)
146 {
147 RpcPktHdr *header;
148
149 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->response));
150 if (header == NULL) {
151 return NULL;
152 }
153
154 RPCRT4_BuildCommonHeader(header, PKT_RESPONSE, DataRepresentation);
155 header->common.frag_len = sizeof(header->response);
156 header->response.alloc_hint = BufferLength;
157
158 return header;
159 }
160
161 RpcPktHdr *RPCRT4_BuildFaultHeader(unsigned long DataRepresentation,
162 RPC_STATUS Status)
163 {
164 RpcPktHdr *header;
165
166 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->fault));
167 if (header == NULL) {
168 return NULL;
169 }
170
171 RPCRT4_BuildCommonHeader(header, PKT_FAULT, DataRepresentation);
172 header->common.frag_len = sizeof(header->fault);
173 header->fault.status = Status;
174
175 return header;
176 }
177
178 RpcPktHdr *RPCRT4_BuildBindHeader(unsigned long DataRepresentation,
179 unsigned short MaxTransmissionSize,
180 unsigned short MaxReceiveSize,
181 unsigned long AssocGroupId,
182 const RPC_SYNTAX_IDENTIFIER *AbstractId,
183 const RPC_SYNTAX_IDENTIFIER *TransferId)
184 {
185 RpcPktHdr *header;
186
187 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind));
188 if (header == NULL) {
189 return NULL;
190 }
191
192 RPCRT4_BuildCommonHeader(header, PKT_BIND, DataRepresentation);
193 header->common.frag_len = sizeof(header->bind);
194 header->bind.max_tsize = MaxTransmissionSize;
195 header->bind.max_rsize = MaxReceiveSize;
196 header->bind.assoc_gid = AssocGroupId;
197 header->bind.num_elements = 1;
198 header->bind.num_syntaxes = 1;
199 header->bind.abstract = *AbstractId;
200 header->bind.transfer = *TransferId;
201
202 return header;
203 }
204
205 static RpcPktHdr *RPCRT4_BuildAuthHeader(unsigned long DataRepresentation)
206 {
207 RpcPktHdr *header;
208
209 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
210 sizeof(header->common) + 12);
211 if (header == NULL)
212 return NULL;
213
214 RPCRT4_BuildCommonHeader(header, PKT_AUTH3, DataRepresentation);
215 header->common.frag_len = 0x14;
216 header->common.auth_len = 0;
217
218 return header;
219 }
220
221 RpcPktHdr *RPCRT4_BuildBindNackHeader(unsigned long DataRepresentation,
222 unsigned char RpcVersion,
223 unsigned char RpcVersionMinor)
224 {
225 RpcPktHdr *header;
226
227 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind_nack));
228 if (header == NULL) {
229 return NULL;
230 }
231
232 RPCRT4_BuildCommonHeader(header, PKT_BIND_NACK, DataRepresentation);
233 header->common.frag_len = sizeof(header->bind_nack);
234 header->bind_nack.reject_reason = REJECT_REASON_NOT_SPECIFIED;
235 header->bind_nack.protocols_count = 1;
236 header->bind_nack.protocols[0].rpc_ver = RpcVersion;
237 header->bind_nack.protocols[0].rpc_ver_minor = RpcVersionMinor;
238
239 return header;
240 }
241
242 RpcPktHdr *RPCRT4_BuildBindAckHeader(unsigned long DataRepresentation,
243 unsigned short MaxTransmissionSize,
244 unsigned short MaxReceiveSize,
245 unsigned long AssocGroupId,
246 LPCSTR ServerAddress,
247 unsigned long Result,
248 unsigned long Reason,
249 const RPC_SYNTAX_IDENTIFIER *TransferId)
250 {
251 RpcPktHdr *header;
252 unsigned long header_size;
253 RpcAddressString *server_address;
254 RpcResults *results;
255 RPC_SYNTAX_IDENTIFIER *transfer_id;
256
257 header_size = sizeof(header->bind_ack) +
258 ROUND_UP(FIELD_OFFSET(RpcAddressString, string[strlen(ServerAddress) + 1]), 4) +
259 sizeof(RpcResults) +
260 sizeof(RPC_SYNTAX_IDENTIFIER);
261
262 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, header_size);
263 if (header == NULL) {
264 return NULL;
265 }
266
267 RPCRT4_BuildCommonHeader(header, PKT_BIND_ACK, DataRepresentation);
268 header->common.frag_len = header_size;
269 header->bind_ack.max_tsize = MaxTransmissionSize;
270 header->bind_ack.max_rsize = MaxReceiveSize;
271 header->bind_ack.assoc_gid = AssocGroupId;
272 server_address = (RpcAddressString*)(&header->bind_ack + 1);
273 server_address->length = strlen(ServerAddress) + 1;
274 strcpy(server_address->string, ServerAddress);
275 /* results is 4-byte aligned */
276 results = (RpcResults*)((ULONG_PTR)server_address + ROUND_UP(FIELD_OFFSET(RpcAddressString, string[server_address->length]), 4));
277 results->num_results = 1;
278 results->results[0].result = Result;
279 results->results[0].reason = Reason;
280 transfer_id = (RPC_SYNTAX_IDENTIFIER*)(results + 1);
281 *transfer_id = *TransferId;
282
283 return header;
284 }
285
286 RpcPktHdr *RPCRT4_BuildHttpHeader(unsigned long DataRepresentation,
287 unsigned short flags,
288 unsigned short num_data_items,
289 unsigned int payload_size)
290 {
291 RpcPktHdr *header;
292
293 header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->http) + payload_size);
294 if (header == NULL) {
295 ERR("failed to allocate memory\n");
296 return NULL;
297 }
298
299 RPCRT4_BuildCommonHeader(header, PKT_HTTP, DataRepresentation);
300 /* since the packet isn't current sent using RPCRT4_Send, set the flags
301 * manually here */
302 header->common.flags = RPC_FLG_FIRST|RPC_FLG_LAST;
303 header->common.call_id = 0;
304 header->common.frag_len = sizeof(header->http) + payload_size;
305 header->http.flags = flags;
306 header->http.num_data_items = num_data_items;
307
308 return header;
309 }
310
311 #define WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, type, value) \
312 do { \
313 *(unsigned int *)(payload) = (type); \
314 (payload) += 4; \
315 *(unsigned int *)(payload) = (value); \
316 (payload) += 4; \
317 } while (0)
318
319 #define WRITE_HTTP_PAYLOAD_FIELD_UUID(payload, type, uuid) \
320 do { \
321 *(unsigned int *)(payload) = (type); \
322 (payload) += 4; \
323 *(UUID *)(payload) = (uuid); \
324 (payload) += sizeof(UUID); \
325 } while (0)
326
327 #define WRITE_HTTP_PAYLOAD_FIELD_FLOW_CONTROL(payload, bytes_transmitted, flow_control_increment, uuid) \
328 do { \
329 *(unsigned int *)(payload) = 0x00000001; \
330 (payload) += 4; \
331 *(unsigned int *)(payload) = (bytes_transmitted); \
332 (payload) += 4; \
333 *(unsigned int *)(payload) = (flow_control_increment); \
334 (payload) += 4; \
335 *(UUID *)(payload) = (uuid); \
336 (payload) += sizeof(UUID); \
337 } while (0)
338
339 RpcPktHdr *RPCRT4_BuildHttpConnectHeader(unsigned short flags, int out_pipe,
340 const UUID *connection_uuid,
341 const UUID *pipe_uuid,
342 const UUID *association_uuid)
343 {
344 RpcPktHdr *header;
345 unsigned int size;
346 char *payload;
347
348 size = 8 + 4 + sizeof(UUID) + 4 + sizeof(UUID) + 8;
349 if (!out_pipe)
350 size += 8 + 4 + sizeof(UUID);
351
352 header = RPCRT4_BuildHttpHeader(NDR_LOCAL_DATA_REPRESENTATION, flags,
353 out_pipe ? 4 : 6, size);
354 if (!header) return NULL;
355 payload = (char *)(&header->http+1);
356
357 /* FIXME: what does this part of the payload do? */
358 WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, 0x00000006, 0x00000001);
359
360 WRITE_HTTP_PAYLOAD_FIELD_UUID(payload, 0x00000003, *connection_uuid);
361 WRITE_HTTP_PAYLOAD_FIELD_UUID(payload, 0x00000003, *pipe_uuid);
362
363 if (out_pipe)
364 /* FIXME: what does this part of the payload do? */
365 WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, 0x00000000, 0x00010000);
366 else
367 {
368 /* FIXME: what does this part of the payload do? */
369 WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, 0x00000004, 0x40000000);
370 /* FIXME: what does this part of the payload do? */
371 WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, 0x00000005, 0x000493e0);
372
373 WRITE_HTTP_PAYLOAD_FIELD_UUID(payload, 0x0000000c, *association_uuid);
374 }
375
376 return header;
377 }
378
379 RpcPktHdr *RPCRT4_BuildHttpFlowControlHeader(BOOL server, ULONG bytes_transmitted,
380 ULONG flow_control_increment,
381 const UUID *pipe_uuid)
382 {
383 RpcPktHdr *header;
384 char *payload;
385
386 header = RPCRT4_BuildHttpHeader(NDR_LOCAL_DATA_REPRESENTATION, 0x2, 2,
387 5 * sizeof(ULONG) + sizeof(UUID));
388 if (!header) return NULL;
389 payload = (char *)(&header->http+1);
390
391 WRITE_HTTP_PAYLOAD_FIELD_UINT32(payload, 0x0000000d, (server ? 0x0 : 0x3));
392
393 WRITE_HTTP_PAYLOAD_FIELD_FLOW_CONTROL(payload, bytes_transmitted,
394 flow_control_increment, *pipe_uuid);
395 return header;
396 }
397
398 VOID RPCRT4_FreeHeader(RpcPktHdr *Header)
399 {
400 HeapFree(GetProcessHeap(), 0, Header);
401 }
402
403 NCA_STATUS RPC2NCA_STATUS(RPC_STATUS status)
404 {
405 switch (status)
406 {
407 case ERROR_INVALID_HANDLE: return NCA_S_FAULT_CONTEXT_MISMATCH;
408 case ERROR_OUTOFMEMORY: return NCA_S_FAULT_REMOTE_NO_MEMORY;
409 case RPC_S_NOT_LISTENING: return NCA_S_SERVER_TOO_BUSY;
410 case RPC_S_UNKNOWN_IF: return NCA_S_UNK_IF;
411 case RPC_S_SERVER_TOO_BUSY: return NCA_S_SERVER_TOO_BUSY;
412 case RPC_S_CALL_FAILED: return NCA_S_FAULT_UNSPEC;
413 case RPC_S_CALL_FAILED_DNE: return NCA_S_MANAGER_NOT_ENTERED;
414 case RPC_S_PROTOCOL_ERROR: return NCA_S_PROTO_ERROR;
415 case RPC_S_UNSUPPORTED_TYPE: return NCA_S_UNSUPPORTED_TYPE;
416 case RPC_S_INVALID_TAG: return NCA_S_FAULT_INVALID_TAG;
417 case RPC_S_INVALID_BOUND: return NCA_S_FAULT_INVALID_BOUND;
418 case RPC_S_PROCNUM_OUT_OF_RANGE: return NCA_S_OP_RNG_ERROR;
419 case RPC_X_SS_HANDLES_MISMATCH: return NCA_S_FAULT_CONTEXT_MISMATCH;
420 case RPC_S_CALL_CANCELLED: return NCA_S_FAULT_CANCEL;
421 case RPC_S_COMM_FAILURE: return NCA_S_COMM_FAILURE;
422 case RPC_X_WRONG_PIPE_ORDER: return NCA_S_FAULT_PIPE_ORDER;
423 case RPC_X_PIPE_CLOSED: return NCA_S_FAULT_PIPE_CLOSED;
424 case RPC_X_PIPE_DISCIPLINE_ERROR: return NCA_S_FAULT_PIPE_DISCIPLINE;
425 case RPC_X_PIPE_EMPTY: return NCA_S_FAULT_PIPE_EMPTY;
426 case STATUS_FLOAT_DIVIDE_BY_ZERO: return NCA_S_FAULT_FP_DIV_ZERO;
427 case STATUS_FLOAT_INVALID_OPERATION: return NCA_S_FAULT_FP_ERROR;
428 case STATUS_FLOAT_OVERFLOW: return NCA_S_FAULT_FP_OVERFLOW;
429 case STATUS_FLOAT_UNDERFLOW: return NCA_S_FAULT_FP_UNDERFLOW;
430 case STATUS_INTEGER_DIVIDE_BY_ZERO: return NCA_S_FAULT_INT_DIV_BY_ZERO;
431 case STATUS_INTEGER_OVERFLOW: return NCA_S_FAULT_INT_OVERFLOW;
432 default: return status;
433 }
434 }
435
436 static RPC_STATUS NCA2RPC_STATUS(NCA_STATUS status)
437 {
438 switch (status)
439 {
440 case NCA_S_COMM_FAILURE: return RPC_S_COMM_FAILURE;
441 case NCA_S_OP_RNG_ERROR: return RPC_S_PROCNUM_OUT_OF_RANGE;
442 case NCA_S_UNK_IF: return RPC_S_UNKNOWN_IF;
443 case NCA_S_YOU_CRASHED: return RPC_S_CALL_FAILED;
444 case NCA_S_PROTO_ERROR: return RPC_S_PROTOCOL_ERROR;
445 case NCA_S_OUT_ARGS_TOO_BIG: return ERROR_NOT_ENOUGH_SERVER_MEMORY;
446 case NCA_S_SERVER_TOO_BUSY: return RPC_S_SERVER_TOO_BUSY;
447 case NCA_S_UNSUPPORTED_TYPE: return RPC_S_UNSUPPORTED_TYPE;
448 case NCA_S_FAULT_INT_DIV_BY_ZERO: return RPC_S_ZERO_DIVIDE;
449 case NCA_S_FAULT_ADDR_ERROR: return RPC_S_ADDRESS_ERROR;
450 case NCA_S_FAULT_FP_DIV_ZERO: return RPC_S_FP_DIV_ZERO;
451 case NCA_S_FAULT_FP_UNDERFLOW: return RPC_S_FP_UNDERFLOW;
452 case NCA_S_FAULT_FP_OVERFLOW: return RPC_S_FP_OVERFLOW;
453 case NCA_S_FAULT_INVALID_TAG: return RPC_S_INVALID_TAG;
454 case NCA_S_FAULT_INVALID_BOUND: return RPC_S_INVALID_BOUND;
455 case NCA_S_RPC_VERSION_MISMATCH: return RPC_S_PROTOCOL_ERROR;
456 case NCA_S_UNSPEC_REJECT: return RPC_S_CALL_FAILED_DNE;
457 case NCA_S_BAD_ACTID: return RPC_S_CALL_FAILED_DNE;
458 case NCA_S_WHO_ARE_YOU_FAILED: return RPC_S_CALL_FAILED;
459 case NCA_S_MANAGER_NOT_ENTERED: return RPC_S_CALL_FAILED_DNE;
460 case NCA_S_FAULT_CANCEL: return RPC_S_CALL_CANCELLED;
461 case NCA_S_FAULT_ILL_INST: return RPC_S_ADDRESS_ERROR;
462 case NCA_S_FAULT_FP_ERROR: return RPC_S_FP_OVERFLOW;
463 case NCA_S_FAULT_INT_OVERFLOW: return RPC_S_ADDRESS_ERROR;
464 case NCA_S_FAULT_UNSPEC: return RPC_S_CALL_FAILED;
465 case NCA_S_FAULT_PIPE_EMPTY: return RPC_X_PIPE_EMPTY;
466 case NCA_S_FAULT_PIPE_CLOSED: return RPC_X_PIPE_CLOSED;
467 case NCA_S_FAULT_PIPE_ORDER: return RPC_X_WRONG_PIPE_ORDER;
468 case NCA_S_FAULT_PIPE_DISCIPLINE: return RPC_X_PIPE_DISCIPLINE_ERROR;
469 case NCA_S_FAULT_PIPE_COMM_ERROR: return RPC_S_COMM_FAILURE;
470 case NCA_S_FAULT_PIPE_MEMORY: return ERROR_OUTOFMEMORY;
471 case NCA_S_FAULT_CONTEXT_MISMATCH: return ERROR_INVALID_HANDLE;
472 case NCA_S_FAULT_REMOTE_NO_MEMORY: return ERROR_NOT_ENOUGH_SERVER_MEMORY;
473 default: return status;
474 }
475 }
476
477 /* assumes the common header fields have already been validated */
478 BOOL RPCRT4_IsValidHttpPacket(RpcPktHdr *hdr, unsigned char *data,
479 unsigned short data_len)
480 {
481 unsigned short i;
482 BYTE *p = data;
483
484 for (i = 0; i < hdr->http.num_data_items; i++)
485 {
486 ULONG type;
487
488 if (data_len < sizeof(ULONG))
489 return FALSE;
490
491 type = *(ULONG *)p;
492 p += sizeof(ULONG);
493 data_len -= sizeof(ULONG);
494
495 switch (type)
496 {
497 case 0x3:
498 case 0xc:
499 if (data_len < sizeof(GUID))
500 return FALSE;
501 p += sizeof(GUID);
502 data_len -= sizeof(GUID);
503 break;
504 case 0x0:
505 case 0x2:
506 case 0x4:
507 case 0x5:
508 case 0x6:
509 case 0xd:
510 if (data_len < sizeof(ULONG))
511 return FALSE;
512 p += sizeof(ULONG);
513 data_len -= sizeof(ULONG);
514 break;
515 case 0x1:
516 if (data_len < 24)
517 return FALSE;
518 p += 24;
519 data_len -= 24;
520 break;
521 default:
522 FIXME("unimplemented type 0x%x\n", type);
523 break;
524 }
525 }
526 return TRUE;
527 }
528
529 /* assumes the HTTP packet has been validated */
530 static unsigned char *RPCRT4_NextHttpHeaderField(unsigned char *data)
531 {
532 ULONG type;
533
534 type = *(ULONG *)data;
535 data += sizeof(ULONG);
536
537 switch (type)
538 {
539 case 0x3:
540 case 0xc:
541 return data + sizeof(GUID);
542 case 0x0:
543 case 0x2:
544 case 0x4:
545 case 0x5:
546 case 0x6:
547 case 0xd:
548 return data + sizeof(ULONG);
549 case 0x1:
550 return data + 24;
551 default:
552 FIXME("unimplemented type 0x%x\n", type);
553 return data;
554 }
555 }
556
557 #define READ_HTTP_PAYLOAD_FIELD_TYPE(data) *(ULONG *)(data)
558 #define GET_HTTP_PAYLOAD_FIELD_DATA(data) ((data) + sizeof(ULONG))
559
560 /* assumes the HTTP packet has been validated */
561 RPC_STATUS RPCRT4_ParseHttpPrepareHeader1(RpcPktHdr *header,
562 unsigned char *data, ULONG *field1)
563 {
564 ULONG type;
565 if (header->http.flags != 0x0)
566 {
567 ERR("invalid flags 0x%x\n", header->http.flags);
568 return RPC_S_PROTOCOL_ERROR;
569 }
570 if (header->http.num_data_items != 1)
571 {
572 ERR("invalid number of data items %d\n", header->http.num_data_items);
573 return RPC_S_PROTOCOL_ERROR;
574 }
575 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
576 if (type != 0x00000002)
577 {
578 ERR("invalid type 0x%08x\n", type);
579 return RPC_S_PROTOCOL_ERROR;
580 }
581 *field1 = *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data);
582 return RPC_S_OK;
583 }
584
585 /* assumes the HTTP packet has been validated */
586 RPC_STATUS RPCRT4_ParseHttpPrepareHeader2(RpcPktHdr *header,
587 unsigned char *data, ULONG *field1,
588 ULONG *bytes_until_next_packet,
589 ULONG *field3)
590 {
591 ULONG type;
592 if (header->http.flags != 0x0)
593 {
594 ERR("invalid flags 0x%x\n", header->http.flags);
595 return RPC_S_PROTOCOL_ERROR;
596 }
597 if (header->http.num_data_items != 3)
598 {
599 ERR("invalid number of data items %d\n", header->http.num_data_items);
600 return RPC_S_PROTOCOL_ERROR;
601 }
602
603 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
604 if (type != 0x00000006)
605 {
606 ERR("invalid type for field 1: 0x%08x\n", type);
607 return RPC_S_PROTOCOL_ERROR;
608 }
609 *field1 = *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data);
610 data = RPCRT4_NextHttpHeaderField(data);
611
612 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
613 if (type != 0x00000000)
614 {
615 ERR("invalid type for field 2: 0x%08x\n", type);
616 return RPC_S_PROTOCOL_ERROR;
617 }
618 *bytes_until_next_packet = *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data);
619 data = RPCRT4_NextHttpHeaderField(data);
620
621 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
622 if (type != 0x00000002)
623 {
624 ERR("invalid type for field 3: 0x%08x\n", type);
625 return RPC_S_PROTOCOL_ERROR;
626 }
627 *field3 = *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data);
628
629 return RPC_S_OK;
630 }
631
632 RPC_STATUS RPCRT4_ParseHttpFlowControlHeader(RpcPktHdr *header,
633 unsigned char *data, BOOL server,
634 ULONG *bytes_transmitted,
635 ULONG *flow_control_increment,
636 UUID *pipe_uuid)
637 {
638 ULONG type;
639 if (header->http.flags != 0x2)
640 {
641 ERR("invalid flags 0x%x\n", header->http.flags);
642 return RPC_S_PROTOCOL_ERROR;
643 }
644 if (header->http.num_data_items != 2)
645 {
646 ERR("invalid number of data items %d\n", header->http.num_data_items);
647 return RPC_S_PROTOCOL_ERROR;
648 }
649
650 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
651 if (type != 0x0000000d)
652 {
653 ERR("invalid type for field 1: 0x%08x\n", type);
654 return RPC_S_PROTOCOL_ERROR;
655 }
656 if (*(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data) != (server ? 0x3 : 0x0))
657 {
658 ERR("invalid type for 0xd field data: 0x%08x\n", *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data));
659 return RPC_S_PROTOCOL_ERROR;
660 }
661 data = RPCRT4_NextHttpHeaderField(data);
662
663 type = READ_HTTP_PAYLOAD_FIELD_TYPE(data);
664 if (type != 0x00000001)
665 {
666 ERR("invalid type for field 2: 0x%08x\n", type);
667 return RPC_S_PROTOCOL_ERROR;
668 }
669 *bytes_transmitted = *(ULONG *)GET_HTTP_PAYLOAD_FIELD_DATA(data);
670 *flow_control_increment = *(ULONG *)(GET_HTTP_PAYLOAD_FIELD_DATA(data) + 4);
671 *pipe_uuid = *(UUID *)(GET_HTTP_PAYLOAD_FIELD_DATA(data) + 8);
672
673 return RPC_S_OK;
674 }
675
676
677 static RPC_STATUS RPCRT4_SecurePacket(RpcConnection *Connection,
678 enum secure_packet_direction dir,
679 RpcPktHdr *hdr, unsigned int hdr_size,
680 unsigned char *stub_data, unsigned int stub_data_size,
681 RpcAuthVerifier *auth_hdr,
682 unsigned char *auth_value, unsigned int auth_value_size)
683 {
684 SecBufferDesc message;
685 SecBuffer buffers[4];
686 SECURITY_STATUS sec_status;
687
688 message.ulVersion = SECBUFFER_VERSION;
689 message.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
690 message.pBuffers = buffers;
691
692 buffers[0].cbBuffer = hdr_size;
693 buffers[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
694 buffers[0].pvBuffer = hdr;
695 buffers[1].cbBuffer = stub_data_size;
696 buffers[1].BufferType = SECBUFFER_DATA;
697 buffers[1].pvBuffer = stub_data;
698 buffers[2].cbBuffer = sizeof(*auth_hdr);
699 buffers[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
700 buffers[2].pvBuffer = auth_hdr;
701 buffers[3].cbBuffer = auth_value_size;
702 buffers[3].BufferType = SECBUFFER_TOKEN;
703 buffers[3].pvBuffer = auth_value;
704
705 if (dir == SECURE_PACKET_SEND)
706 {
707 if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
708 {
709 sec_status = EncryptMessage(&Connection->ctx, 0, &message, 0 /* FIXME */);
710 if (sec_status != SEC_E_OK)
711 {
712 ERR("EncryptMessage failed with 0x%08x\n", sec_status);
713 return RPC_S_SEC_PKG_ERROR;
714 }
715 }
716 else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
717 {
718 sec_status = MakeSignature(&Connection->ctx, 0, &message, 0 /* FIXME */);
719 if (sec_status != SEC_E_OK)
720 {
721 ERR("MakeSignature failed with 0x%08x\n", sec_status);
722 return RPC_S_SEC_PKG_ERROR;
723 }
724 }
725 }
726 else if (dir == SECURE_PACKET_RECEIVE)
727 {
728 if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
729 {
730 sec_status = DecryptMessage(&Connection->ctx, &message, 0 /* FIXME */, 0);
731 if (sec_status != SEC_E_OK)
732 {
733 ERR("DecryptMessage failed with 0x%08x\n", sec_status);
734 return RPC_S_SEC_PKG_ERROR;
735 }
736 }
737 else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
738 {
739 sec_status = VerifySignature(&Connection->ctx, &message, 0 /* FIXME */, NULL);
740 if (sec_status != SEC_E_OK)
741 {
742 ERR("VerifySignature failed with 0x%08x\n", sec_status);
743 return RPC_S_SEC_PKG_ERROR;
744 }
745 }
746 }
747
748 return RPC_S_OK;
749 }
750
751 /***********************************************************************
752 * RPCRT4_SendWithAuth (internal)
753 *
754 * Transmit a packet with authorization data over connection in acceptable fragments.
755 */
756 static RPC_STATUS RPCRT4_SendWithAuth(RpcConnection *Connection, RpcPktHdr *Header,
757 void *Buffer, unsigned int BufferLength,
758 const void *Auth, unsigned int AuthLength)
759 {
760 PUCHAR buffer_pos;
761 DWORD hdr_size;
762 LONG count;
763 unsigned char *pkt;
764 LONG alen;
765 RPC_STATUS status;
766
767 RPCRT4_SetThreadCurrentConnection(Connection);
768
769 buffer_pos = Buffer;
770 /* The packet building functions save the packet header size, so we can use it. */
771 hdr_size = Header->common.frag_len;
772 if (AuthLength)
773 Header->common.auth_len = AuthLength;
774 else if (Connection->AuthInfo && packet_has_auth_verifier(Header))
775 {
776 if ((Connection->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(Header))
777 Header->common.auth_len = Connection->encryption_auth_len;
778 else
779 Header->common.auth_len = Connection->signature_auth_len;
780 }
781 else
782 Header->common.auth_len = 0;
783 Header->common.flags |= RPC_FLG_FIRST;
784 Header->common.flags &= ~RPC_FLG_LAST;
785
786 alen = RPC_AUTH_VERIFIER_LEN(&Header->common);
787
788 while (!(Header->common.flags & RPC_FLG_LAST)) {
789 unsigned char auth_pad_len = Header->common.auth_len ? ROUND_UP_AMOUNT(BufferLength, AUTH_ALIGNMENT) : 0;
790 unsigned int pkt_size = BufferLength + hdr_size + alen + auth_pad_len;
791
792 /* decide if we need to split the packet into fragments */
793 if (pkt_size <= Connection->MaxTransmissionSize) {
794 Header->common.flags |= RPC_FLG_LAST;
795 Header->common.frag_len = pkt_size;
796 } else {
797 auth_pad_len = 0;
798 /* make sure packet payload will be a multiple of 16 */
799 Header->common.frag_len =
800 ((Connection->MaxTransmissionSize - hdr_size - alen) & ~(AUTH_ALIGNMENT-1)) +
801 hdr_size + alen;
802 }
803
804 pkt = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Header->common.frag_len);
805
806 memcpy(pkt, Header, hdr_size);
807
808 /* fragment consisted of header only and is the last one */
809 if (hdr_size == Header->common.frag_len)
810 goto write;
811
812 memcpy(pkt + hdr_size, buffer_pos, Header->common.frag_len - hdr_size - auth_pad_len - alen);
813
814 /* add the authorization info */
815 if (Connection->AuthInfo && packet_has_auth_verifier(Header))
816 {
817 RpcAuthVerifier *auth_hdr = (RpcAuthVerifier *)&pkt[Header->common.frag_len - alen];
818
819 auth_hdr->auth_type = Connection->AuthInfo->AuthnSvc;
820 auth_hdr->auth_level = Connection->AuthInfo->AuthnLevel;
821 auth_hdr->auth_pad_length = auth_pad_len;
822 auth_hdr->auth_reserved = 0;
823 /* a unique number... */
824 auth_hdr->auth_context_id = (unsigned long)Connection;
825
826 if (AuthLength)
827 memcpy(auth_hdr + 1, Auth, AuthLength);
828 else
829 {
830 status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_SEND,
831 (RpcPktHdr *)pkt, hdr_size,
832 pkt + hdr_size, Header->common.frag_len - hdr_size - alen,
833 auth_hdr,
834 (unsigned char *)(auth_hdr + 1), Header->common.auth_len);
835 if (status != RPC_S_OK)
836 {
837 HeapFree(GetProcessHeap(), 0, pkt);
838 RPCRT4_SetThreadCurrentConnection(NULL);
839 return status;
840 }
841 }
842 }
843
844 write:
845 count = rpcrt4_conn_write(Connection, pkt, Header->common.frag_len);
846 HeapFree(GetProcessHeap(), 0, pkt);
847 if (count<0) {
848 WARN("rpcrt4_conn_write failed (auth)\n");
849 RPCRT4_SetThreadCurrentConnection(NULL);
850 return RPC_S_CALL_FAILED;
851 }
852
853 buffer_pos += Header->common.frag_len - hdr_size - alen - auth_pad_len;
854 BufferLength -= Header->common.frag_len - hdr_size - alen - auth_pad_len;
855 Header->common.flags &= ~RPC_FLG_FIRST;
856 }
857
858 RPCRT4_SetThreadCurrentConnection(NULL);
859 return RPC_S_OK;
860 }
861
862 /***********************************************************************
863 * RPCRT4_ClientAuthorize (internal)
864 *
865 * Authorize a client connection. A NULL in param signifies a new connection.
866 */
867 static RPC_STATUS RPCRT4_ClientAuthorize(RpcConnection *conn, SecBuffer *in,
868 SecBuffer *out)
869 {
870 SECURITY_STATUS r;
871 SecBufferDesc out_desc;
872 SecBufferDesc inp_desc;
873 SecPkgContext_Sizes secctx_sizes;
874 BOOL continue_needed;
875 ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
876 ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
877
878 if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
879 context_req |= ISC_REQ_INTEGRITY;
880 else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
881 context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
882
883 out->BufferType = SECBUFFER_TOKEN;
884 out->cbBuffer = conn->AuthInfo->cbMaxToken;
885 out->pvBuffer = HeapAlloc(GetProcessHeap(), 0, out->cbBuffer);
886 if (!out->pvBuffer) return ERROR_OUTOFMEMORY;
887
888 out_desc.ulVersion = 0;
889 out_desc.cBuffers = 1;
890 out_desc.pBuffers = out;
891
892 inp_desc.cBuffers = 1;
893 inp_desc.pBuffers = in;
894 inp_desc.ulVersion = 0;
895
896 r = InitializeSecurityContextW(&conn->AuthInfo->cred, in ? &conn->ctx : NULL,
897 in ? NULL : conn->AuthInfo->server_principal_name, context_req, 0,
898 SECURITY_NETWORK_DREP, in ? &inp_desc : NULL, 0, &conn->ctx,
899 &out_desc, &conn->attr, &conn->exp);
900 if (FAILED(r))
901 {
902 WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
903 goto failed;
904 }
905
906 TRACE("r = 0x%08x, attr = 0x%08x\n", r, conn->attr);
907 continue_needed = ((r == SEC_I_CONTINUE_NEEDED) ||
908 (r == SEC_I_COMPLETE_AND_CONTINUE));
909
910 if ((r == SEC_I_COMPLETE_NEEDED) || (r == SEC_I_COMPLETE_AND_CONTINUE))
911 {
912 TRACE("complete needed\n");
913 r = CompleteAuthToken(&conn->ctx, &out_desc);
914 if (FAILED(r))
915 {
916 WARN("CompleteAuthToken failed with error 0x%08x\n", r);
917 goto failed;
918 }
919 }
920
921 TRACE("cbBuffer = %d\n", out->cbBuffer);
922
923 if (!continue_needed)
924 {
925 r = QueryContextAttributesA(&conn->ctx, SECPKG_ATTR_SIZES, &secctx_sizes);
926 if (FAILED(r))
927 {
928 WARN("QueryContextAttributes failed with error 0x%08x\n", r);
929 goto failed;
930 }
931 conn->signature_auth_len = secctx_sizes.cbMaxSignature;
932 conn->encryption_auth_len = secctx_sizes.cbSecurityTrailer;
933 }
934
935 return RPC_S_OK;
936
937 failed:
938 HeapFree(GetProcessHeap(), 0, out->pvBuffer);
939 out->pvBuffer = NULL;
940 return ERROR_ACCESS_DENIED; /* FIXME: is this correct? */
941 }
942
943 /***********************************************************************
944 * RPCRT4_AuthorizeBinding (internal)
945 */
946 RPC_STATUS RPCRT4_AuthorizeConnection(RpcConnection* conn, BYTE *challenge,
947 ULONG count)
948 {
949 SecBuffer inp, out;
950 RpcPktHdr *resp_hdr;
951 RPC_STATUS status;
952
953 TRACE("challenge %s, %d bytes\n", challenge, count);
954
955 inp.BufferType = SECBUFFER_TOKEN;
956 inp.pvBuffer = challenge;
957 inp.cbBuffer = count;
958
959 status = RPCRT4_ClientAuthorize(conn, &inp, &out);
960 if (status) return status;
961
962 resp_hdr = RPCRT4_BuildAuthHeader(NDR_LOCAL_DATA_REPRESENTATION);
963 if (!resp_hdr)
964 return E_OUTOFMEMORY;
965
966 status = RPCRT4_SendWithAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
967
968 HeapFree(GetProcessHeap(), 0, out.pvBuffer);
969 RPCRT4_FreeHeader(resp_hdr);
970
971 return status;
972 }
973
974 /***********************************************************************
975 * RPCRT4_Send (internal)
976 *
977 * Transmit a packet over connection in acceptable fragments.
978 */
979 RPC_STATUS RPCRT4_Send(RpcConnection *Connection, RpcPktHdr *Header,
980 void *Buffer, unsigned int BufferLength)
981 {
982 RPC_STATUS r;
983 SecBuffer out;
984
985 if (!Connection->AuthInfo || SecIsValidHandle(&Connection->ctx))
986 {
987 return RPCRT4_SendWithAuth(Connection, Header, Buffer, BufferLength, NULL, 0);
988 }
989
990 /* tack on a negotiate packet */
991 r = RPCRT4_ClientAuthorize(Connection, NULL, &out);
992 if (r == RPC_S_OK)
993 {
994 r = RPCRT4_SendWithAuth(Connection, Header, Buffer, BufferLength, out.pvBuffer, out.cbBuffer);
995 HeapFree(GetProcessHeap(), 0, out.pvBuffer);
996 }
997
998 return r;
999 }
1000
1001 /* validates version and frag_len fields */
1002 RPC_STATUS RPCRT4_ValidateCommonHeader(const RpcPktCommonHdr *hdr)
1003 {
1004 DWORD hdr_length;
1005
1006 /* verify if the header really makes sense */
1007 if (hdr->rpc_ver != RPC_VER_MAJOR ||
1008 hdr->rpc_ver_minor != RPC_VER_MINOR)
1009 {
1010 WARN("unhandled packet version\n");
1011 return RPC_S_PROTOCOL_ERROR;
1012 }
1013
1014 hdr_length = RPCRT4_GetHeaderSize((const RpcPktHdr*)hdr);
1015 if (hdr_length == 0)
1016 {
1017 WARN("header length == 0\n");
1018 return RPC_S_PROTOCOL_ERROR;
1019 }
1020
1021 if (hdr->frag_len < hdr_length)
1022 {
1023 WARN("bad frag length %d\n", hdr->frag_len);
1024 return RPC_S_PROTOCOL_ERROR;
1025 }
1026
1027 return RPC_S_OK;
1028 }
1029
1030 /***********************************************************************
1031 * RPCRT4_default_receive_fragment (internal)
1032 *
1033 * Receive a fragment from a connection.
1034 */
1035 static RPC_STATUS RPCRT4_default_receive_fragment(RpcConnection *Connection, RpcPktHdr **Header, void **Payload)
1036 {
1037 RPC_STATUS status;
1038 DWORD hdr_length;
1039 LONG dwRead;
1040 RpcPktCommonHdr common_hdr;
1041
1042 *Header = NULL;
1043 *Payload = NULL;
1044
1045 TRACE("(%p, %p, %p)\n", Connection, Header, Payload);
1046
1047 /* read packet common header */
1048 dwRead = rpcrt4_conn_read(Connection, &common_hdr, sizeof(common_hdr));
1049 if (dwRead != sizeof(common_hdr)) {
1050 WARN("Short read of header, %d bytes\n", dwRead);
1051 status = RPC_S_CALL_FAILED;
1052 goto fail;
1053 }
1054
1055 status = RPCRT4_ValidateCommonHeader(&common_hdr);
1056 if (status != RPC_S_OK) goto fail;
1057
1058 hdr_length = RPCRT4_GetHeaderSize((RpcPktHdr*)&common_hdr);
1059 if (hdr_length == 0) {
1060 WARN("header length == 0\n");
1061 status = RPC_S_PROTOCOL_ERROR;
1062 goto fail;
1063 }
1064
1065 *Header = HeapAlloc(GetProcessHeap(), 0, hdr_length);
1066 memcpy(*Header, &common_hdr, sizeof(common_hdr));
1067
1068 /* read the rest of packet header */
1069 dwRead = rpcrt4_conn_read(Connection, &(*Header)->common + 1, hdr_length - sizeof(common_hdr));
1070 if (dwRead != hdr_length - sizeof(common_hdr)) {
1071 WARN("bad header length, %d bytes, hdr_length %d\n", dwRead, hdr_length);
1072 status = RPC_S_CALL_FAILED;
1073 goto fail;
1074 }
1075
1076 if (common_hdr.frag_len - hdr_length)
1077 {
1078 *Payload = HeapAlloc(GetProcessHeap(), 0, common_hdr.frag_len - hdr_length);
1079 if (!*Payload)
1080 {
1081 status = RPC_S_OUT_OF_RESOURCES;
1082 goto fail;
1083 }
1084
1085 dwRead = rpcrt4_conn_read(Connection, *Payload, common_hdr.frag_len - hdr_length);
1086 if (dwRead != common_hdr.frag_len - hdr_length)
1087 {
1088 WARN("bad data length, %d/%d\n", dwRead, common_hdr.frag_len - hdr_length);
1089 status = RPC_S_CALL_FAILED;
1090 goto fail;
1091 }
1092 }
1093 else
1094 *Payload = NULL;
1095
1096 /* success */
1097 status = RPC_S_OK;
1098
1099 fail:
1100 if (status != RPC_S_OK) {
1101 RPCRT4_FreeHeader(*Header);
1102 *Header = NULL;
1103 HeapFree(GetProcessHeap(), 0, *Payload);
1104 *Payload = NULL;
1105 }
1106 return status;
1107 }
1108
1109 static RPC_STATUS RPCRT4_receive_fragment(RpcConnection *Connection, RpcPktHdr **Header, void **Payload)
1110 {
1111 if (Connection->ops->receive_fragment)
1112 return Connection->ops->receive_fragment(Connection, Header, Payload);
1113 else
1114 return RPCRT4_default_receive_fragment(Connection, Header, Payload);
1115 }
1116
1117 /***********************************************************************
1118 * RPCRT4_ReceiveWithAuth (internal)
1119 *
1120 * Receive a packet from connection, merge the fragments and return the auth
1121 * data.
1122 */
1123 RPC_STATUS RPCRT4_ReceiveWithAuth(RpcConnection *Connection, RpcPktHdr **Header,
1124 PRPC_MESSAGE pMsg,
1125 unsigned char **auth_data_out,
1126 unsigned long *auth_length_out)
1127 {
1128 RPC_STATUS status;
1129 DWORD hdr_length;
1130 unsigned short first_flag;
1131 unsigned long data_length;
1132 unsigned long buffer_length;
1133 unsigned long auth_length = 0;
1134 unsigned char *auth_data = NULL;
1135 RpcPktHdr *CurrentHeader = NULL;
1136 void *payload = NULL;
1137
1138 *Header = NULL;
1139 pMsg->Buffer = NULL;
1140
1141 TRACE("(%p, %p, %p, %p)\n", Connection, Header, pMsg, auth_data_out);
1142
1143 RPCRT4_SetThreadCurrentConnection(Connection);
1144
1145 status = RPCRT4_receive_fragment(Connection, Header, &payload);
1146 if (status != RPC_S_OK) goto fail;
1147
1148 hdr_length = RPCRT4_GetHeaderSize(*Header);
1149
1150 /* read packet body */
1151 switch ((*Header)->common.ptype) {
1152 case PKT_RESPONSE:
1153 pMsg->BufferLength = (*Header)->response.alloc_hint;
1154 break;
1155 case PKT_REQUEST:
1156 pMsg->BufferLength = (*Header)->request.alloc_hint;
1157 break;
1158 default:
1159 pMsg->BufferLength = (*Header)->common.frag_len - hdr_length - RPC_AUTH_VERIFIER_LEN(&(*Header)->common);
1160 }
1161
1162 TRACE("buffer length = %u\n", pMsg->BufferLength);
1163
1164 pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
1165 if (!pMsg->Buffer)
1166 {
1167 status = ERROR_OUTOFMEMORY;
1168 goto fail;
1169 }
1170
1171 first_flag = RPC_FLG_FIRST;
1172 auth_length = (*Header)->common.auth_len;
1173 if (auth_length) {
1174 auth_data = HeapAlloc(GetProcessHeap(), 0, RPC_AUTH_VERIFIER_LEN(&(*Header)->common));
1175 if (!auth_data) {
1176 status = RPC_S_OUT_OF_RESOURCES;
1177 goto fail;
1178 }
1179 }
1180 CurrentHeader = *Header;
1181 buffer_length = 0;
1182 while (TRUE)
1183 {
1184 unsigned int header_auth_len = RPC_AUTH_VERIFIER_LEN(&CurrentHeader->common);
1185
1186 /* verify header fields */
1187
1188 if ((CurrentHeader->common.frag_len < hdr_length) ||
1189 (CurrentHeader->common.frag_len - hdr_length < header_auth_len)) {
1190 WARN("frag_len %d too small for hdr_length %d and auth_len %d\n",
1191 CurrentHeader->common.frag_len, hdr_length, CurrentHeader->common.auth_len);
1192 status = RPC_S_PROTOCOL_ERROR;
1193 goto fail;
1194 }
1195
1196 if (CurrentHeader->common.auth_len != auth_length) {
1197 WARN("auth_len header field changed from %ld to %d\n",
1198 auth_length, CurrentHeader->common.auth_len);
1199 status = RPC_S_PROTOCOL_ERROR;
1200 goto fail;
1201 }
1202
1203 if ((CurrentHeader->common.flags & RPC_FLG_FIRST) != first_flag) {
1204 TRACE("invalid packet flags\n");
1205 status = RPC_S_PROTOCOL_ERROR;
1206 goto fail;
1207 }
1208
1209 data_length = CurrentHeader->common.frag_len - hdr_length - header_auth_len;
1210 if (data_length + buffer_length > pMsg->BufferLength) {
1211 TRACE("allocation hint exceeded, new buffer length = %ld\n",
1212 data_length + buffer_length);
1213 pMsg->BufferLength = data_length + buffer_length;
1214 status = I_RpcReAllocateBuffer(pMsg);
1215 if (status != RPC_S_OK) goto fail;
1216 }
1217
1218 memcpy((unsigned char *)pMsg->Buffer + buffer_length, payload, data_length);
1219
1220 if (header_auth_len) {
1221 if (header_auth_len < sizeof(RpcAuthVerifier) ||
1222 header_auth_len > RPC_AUTH_VERIFIER_LEN(&(*Header)->common)) {
1223 WARN("bad auth verifier length %d\n", header_auth_len);
1224 status = RPC_S_PROTOCOL_ERROR;
1225 goto fail;
1226 }
1227
1228 /* FIXME: we should accumulate authentication data for the bind,
1229 * bind_ack, alter_context and alter_context_response if necessary.
1230 * however, the details of how this is done is very sketchy in the
1231 * DCE/RPC spec. for all other packet types that have authentication
1232 * verifier data then it is just duplicated in all the fragments */
1233 memcpy(auth_data, (unsigned char *)payload + data_length, header_auth_len);
1234
1235 /* these packets are handled specially, not by the generic SecurePacket
1236 * function */
1237 if (!auth_data_out && SecIsValidHandle(&Connection->ctx))
1238 {
1239 status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_RECEIVE,
1240 CurrentHeader, hdr_length,
1241 (unsigned char *)pMsg->Buffer + buffer_length, data_length,
1242 (RpcAuthVerifier *)auth_data,
1243 auth_data + sizeof(RpcAuthVerifier),
1244 header_auth_len - sizeof(RpcAuthVerifier));
1245 if (status != RPC_S_OK) goto fail;
1246 }
1247 }
1248
1249 buffer_length += data_length;
1250 if (!(CurrentHeader->common.flags & RPC_FLG_LAST)) {
1251 TRACE("next header\n");
1252
1253 if (*Header != CurrentHeader)
1254 {
1255 RPCRT4_FreeHeader(CurrentHeader);
1256 CurrentHeader = NULL;
1257 }
1258 HeapFree(GetProcessHeap(), 0, payload);
1259 payload = NULL;
1260
1261 status = RPCRT4_receive_fragment(Connection, &CurrentHeader, &payload);
1262 if (status != RPC_S_OK) goto fail;
1263
1264 first_flag = 0;
1265 } else {
1266 break;
1267 }
1268 }
1269 pMsg->BufferLength = buffer_length;
1270
1271 /* success */
1272 status = RPC_S_OK;
1273
1274 fail:
1275 RPCRT4_SetThreadCurrentConnection(NULL);
1276 if (CurrentHeader != *Header)
1277 RPCRT4_FreeHeader(CurrentHeader);
1278 if (status != RPC_S_OK) {
1279 I_RpcFree(pMsg->Buffer);
1280 pMsg->Buffer = NULL;
1281 RPCRT4_FreeHeader(*Header);
1282 *Header = NULL;
1283 }
1284 if (auth_data_out && status == RPC_S_OK) {
1285 *auth_length_out = auth_length;
1286 *auth_data_out = auth_data;
1287 }
1288 else
1289 HeapFree(GetProcessHeap(), 0, auth_data);
1290 HeapFree(GetProcessHeap(), 0, payload);
1291 return status;
1292 }
1293
1294 /***********************************************************************
1295 * RPCRT4_Receive (internal)
1296 *
1297 * Receive a packet from connection and merge the fragments.
1298 */
1299 RPC_STATUS RPCRT4_Receive(RpcConnection *Connection, RpcPktHdr **Header,
1300 PRPC_MESSAGE pMsg)
1301 {
1302 return RPCRT4_ReceiveWithAuth(Connection, Header, pMsg, NULL, NULL);
1303 }
1304
1305 /***********************************************************************
1306 * I_RpcNegotiateTransferSyntax [RPCRT4.@]
1307 *
1308 * Negotiates the transfer syntax used by a client connection by connecting
1309 * to the server.
1310 *
1311 * PARAMS
1312 * pMsg [I] RPC Message structure.
1313 * pAsync [I] Asynchronous state to set.
1314 *
1315 * RETURNS
1316 * Success: RPC_S_OK.
1317 * Failure: Any error code.
1318 */
1319 RPC_STATUS WINAPI I_RpcNegotiateTransferSyntax(PRPC_MESSAGE pMsg)
1320 {
1321 RpcBinding* bind = pMsg->Handle;
1322 RpcConnection* conn;
1323 RPC_STATUS status = RPC_S_OK;
1324
1325 TRACE("(%p)\n", pMsg);
1326
1327 if (!bind || bind->server)
1328 {
1329 ERR("no binding\n");
1330 return RPC_S_INVALID_BINDING;
1331 }
1332
1333 /* if we already have a connection, we don't need to negotiate again */
1334 if (!pMsg->ReservedForRuntime)
1335 {
1336 RPC_CLIENT_INTERFACE *cif = pMsg->RpcInterfaceInformation;
1337 if (!cif) return RPC_S_INTERFACE_NOT_FOUND;
1338
1339 if (!bind->Endpoint || !bind->Endpoint[0])
1340 {
1341 TRACE("automatically resolving partially bound binding\n");
1342 status = RpcEpResolveBinding(bind, cif);
1343 if (status != RPC_S_OK) return status;
1344 }
1345
1346 status = RPCRT4_OpenBinding(bind, &conn, &cif->TransferSyntax,
1347 &cif->InterfaceId);
1348
1349 if (status == RPC_S_OK)
1350 {
1351 pMsg->ReservedForRuntime = conn;
1352 RPCRT4_AddRefBinding(bind);
1353 }
1354 }
1355
1356 return status;
1357 }
1358
1359 /***********************************************************************
1360 * I_RpcGetBuffer [RPCRT4.@]
1361 *
1362 * Allocates a buffer for use by I_RpcSend or I_RpcSendReceive and binds to the
1363 * server interface.
1364 *
1365 * PARAMS
1366 * pMsg [I/O] RPC message information.
1367 *
1368 * RETURNS
1369 * Success: RPC_S_OK.
1370 * Failure: RPC_S_INVALID_BINDING if pMsg->Handle is invalid.
1371 * RPC_S_SERVER_UNAVAILABLE if unable to connect to server.
1372 * ERROR_OUTOFMEMORY if buffer allocation failed.
1373 *
1374 * NOTES
1375 * The pMsg->BufferLength field determines the size of the buffer to allocate,
1376 * in bytes.
1377 *
1378 * Use I_RpcFreeBuffer() to unbind from the server and free the message buffer.
1379 *
1380 * SEE ALSO
1381 * I_RpcFreeBuffer(), I_RpcSend(), I_RpcReceive(), I_RpcSendReceive().
1382 */
1383 RPC_STATUS WINAPI I_RpcGetBuffer(PRPC_MESSAGE pMsg)
1384 {
1385 RPC_STATUS status;
1386 RpcBinding* bind = pMsg->Handle;
1387
1388 TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1389
1390 if (!bind)
1391 {
1392 ERR("no binding\n");
1393 return RPC_S_INVALID_BINDING;
1394 }
1395
1396 pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
1397 TRACE("Buffer=%p\n", pMsg->Buffer);
1398
1399 if (!pMsg->Buffer)
1400 return ERROR_OUTOFMEMORY;
1401
1402 if (!bind->server)
1403 {
1404 status = I_RpcNegotiateTransferSyntax(pMsg);
1405 if (status != RPC_S_OK)
1406 I_RpcFree(pMsg->Buffer);
1407 }
1408 else
1409 status = RPC_S_OK;
1410
1411 return status;
1412 }
1413
1414 /***********************************************************************
1415 * I_RpcReAllocateBuffer (internal)
1416 */
1417 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg)
1418 {
1419 TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1420 pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->BufferLength);
1421
1422 TRACE("Buffer=%p\n", pMsg->Buffer);
1423 return pMsg->Buffer ? RPC_S_OK : ERROR_OUTOFMEMORY;
1424 }
1425
1426 /***********************************************************************
1427 * I_RpcFreeBuffer [RPCRT4.@]
1428 *
1429 * Frees a buffer allocated by I_RpcGetBuffer or I_RpcReceive and unbinds from
1430 * the server interface.
1431 *
1432 * PARAMS
1433 * pMsg [I/O] RPC message information.
1434 *
1435 * RETURNS
1436 * RPC_S_OK.
1437 *
1438 * SEE ALSO
1439 * I_RpcGetBuffer(), I_RpcReceive().
1440 */
1441 RPC_STATUS WINAPI I_RpcFreeBuffer(PRPC_MESSAGE pMsg)
1442 {
1443 RpcBinding* bind = pMsg->Handle;
1444
1445 TRACE("(%p) Buffer=%p\n", pMsg, pMsg->Buffer);
1446
1447 if (!bind)
1448 {
1449 ERR("no binding\n");
1450 return RPC_S_INVALID_BINDING;
1451 }
1452
1453 if (pMsg->ReservedForRuntime)
1454 {
1455 RpcConnection *conn = pMsg->ReservedForRuntime;
1456 RPCRT4_CloseBinding(bind, conn);
1457 RPCRT4_ReleaseBinding(bind);
1458 pMsg->ReservedForRuntime = NULL;
1459 }
1460 I_RpcFree(pMsg->Buffer);
1461 return RPC_S_OK;
1462 }
1463
1464 static void CALLBACK async_apc_notifier_proc(ULONG_PTR ulParam)
1465 {
1466 RPC_ASYNC_STATE *state = (RPC_ASYNC_STATE *)ulParam;
1467 state->u.APC.NotificationRoutine(state, NULL, state->Event);
1468 }
1469
1470 static DWORD WINAPI async_notifier_proc(LPVOID p)
1471 {
1472 RpcConnection *conn = p;
1473 RPC_ASYNC_STATE *state = conn->async_state;
1474
1475 if (state && conn->ops->wait_for_incoming_data(conn) != -1)
1476 {
1477 state->Event = RpcCallComplete;
1478 switch (state->NotificationType)
1479 {
1480 case RpcNotificationTypeEvent:
1481 TRACE("RpcNotificationTypeEvent %p\n", state->u.hEvent);
1482 SetEvent(state->u.hEvent);
1483 break;
1484 case RpcNotificationTypeApc:
1485 TRACE("RpcNotificationTypeApc %p\n", state->u.APC.hThread);
1486 QueueUserAPC(async_apc_notifier_proc, state->u.APC.hThread, (ULONG_PTR)state);
1487 break;
1488 case RpcNotificationTypeIoc:
1489 TRACE("RpcNotificationTypeIoc %p, 0x%x, 0x%lx, %p\n",
1490 state->u.IOC.hIOPort, state->u.IOC.dwNumberOfBytesTransferred,
1491 state->u.IOC.dwCompletionKey, state->u.IOC.lpOverlapped);
1492 PostQueuedCompletionStatus(state->u.IOC.hIOPort,
1493 state->u.IOC.dwNumberOfBytesTransferred,
1494 state->u.IOC.dwCompletionKey,
1495 state->u.IOC.lpOverlapped);
1496 break;
1497 case RpcNotificationTypeHwnd:
1498 TRACE("RpcNotificationTypeHwnd %p 0x%x\n", state->u.HWND.hWnd,
1499 state->u.HWND.Msg);
1500 PostMessageW(state->u.HWND.hWnd, state->u.HWND.Msg, 0, 0);
1501 break;
1502 case RpcNotificationTypeCallback:
1503 TRACE("RpcNotificationTypeCallback %p\n", state->u.NotificationRoutine);
1504 state->u.NotificationRoutine(state, NULL, state->Event);
1505 break;
1506 case RpcNotificationTypeNone:
1507 TRACE("RpcNotificationTypeNone\n");
1508 break;
1509 default:
1510 FIXME("unknown NotificationType: %d/0x%x\n", state->NotificationType, state->NotificationType);
1511 break;
1512 }
1513 }
1514
1515 return 0;
1516 }
1517
1518 /***********************************************************************
1519 * I_RpcSend [RPCRT4.@]
1520 *
1521 * Sends a message to the server.
1522 *
1523 * PARAMS
1524 * pMsg [I/O] RPC message information.
1525 *
1526 * RETURNS
1527 * Unknown.
1528 *
1529 * NOTES
1530 * The buffer must have been allocated with I_RpcGetBuffer().
1531 *
1532 * SEE ALSO
1533 * I_RpcGetBuffer(), I_RpcReceive(), I_RpcSendReceive().
1534 */
1535 RPC_STATUS WINAPI I_RpcSend(PRPC_MESSAGE pMsg)
1536 {
1537 RpcBinding* bind = pMsg->Handle;
1538 RpcConnection* conn;
1539 RPC_STATUS status;
1540 RpcPktHdr *hdr;
1541
1542 TRACE("(%p)\n", pMsg);
1543 if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1544
1545 conn = pMsg->ReservedForRuntime;
1546
1547 hdr = RPCRT4_BuildRequestHeader(pMsg->DataRepresentation,
1548 pMsg->BufferLength,
1549 pMsg->ProcNum & ~RPC_FLAGS_VALID_BIT,
1550 &bind->ObjectUuid);
1551 if (!hdr)
1552 return ERROR_OUTOFMEMORY;
1553 hdr->common.call_id = conn->NextCallId++;
1554
1555 status = RPCRT4_Send(conn, hdr, pMsg->Buffer, pMsg->BufferLength);
1556
1557 RPCRT4_FreeHeader(hdr);
1558
1559 if (status == RPC_S_OK && pMsg->RpcFlags & RPC_BUFFER_ASYNC)
1560 {
1561 if (!QueueUserWorkItem(async_notifier_proc, conn, WT_EXECUTEDEFAULT | WT_EXECUTELONGFUNCTION))
1562 status = RPC_S_OUT_OF_RESOURCES;
1563 }
1564
1565 return status;
1566 }
1567
1568 /* is this status something that the server can't recover from? */
1569 static inline BOOL is_hard_error(RPC_STATUS status)
1570 {
1571 switch (status)
1572 {
1573 case 0: /* user-defined fault */
1574 case ERROR_ACCESS_DENIED:
1575 case ERROR_INVALID_PARAMETER:
1576 case RPC_S_PROTOCOL_ERROR:
1577 case RPC_S_CALL_FAILED:
1578 case RPC_S_CALL_FAILED_DNE:
1579 case RPC_S_SEC_PKG_ERROR:
1580 return TRUE;
1581 default:
1582 return FALSE;
1583 }
1584 }
1585
1586 /***********************************************************************
1587 * I_RpcReceive [RPCRT4.@]
1588 */
1589 RPC_STATUS WINAPI I_RpcReceive(PRPC_MESSAGE pMsg)
1590 {
1591 RpcBinding* bind = pMsg->Handle;
1592 RPC_STATUS status;
1593 RpcPktHdr *hdr = NULL;
1594 RpcConnection *conn;
1595
1596 TRACE("(%p)\n", pMsg);
1597 if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1598
1599 conn = pMsg->ReservedForRuntime;
1600 status = RPCRT4_Receive(conn, &hdr, pMsg);
1601 if (status != RPC_S_OK) {
1602 WARN("receive failed with error %x\n", status);
1603 goto fail;
1604 }
1605
1606 switch (hdr->common.ptype) {
1607 case PKT_RESPONSE:
1608 break;
1609 case PKT_FAULT:
1610 ERR ("we got fault packet with status 0x%lx\n", hdr->fault.status);
1611 status = NCA2RPC_STATUS(hdr->fault.status);
1612 if (is_hard_error(status))
1613 goto fail;
1614 break;
1615 default:
1616 WARN("bad packet type %d\n", hdr->common.ptype);
1617 status = RPC_S_PROTOCOL_ERROR;
1618 goto fail;
1619 }
1620
1621 /* success */
1622 RPCRT4_FreeHeader(hdr);
1623 return status;
1624
1625 fail:
1626 RPCRT4_FreeHeader(hdr);
1627 RPCRT4_DestroyConnection(conn);
1628 pMsg->ReservedForRuntime = NULL;
1629 return status;
1630 }
1631
1632 /***********************************************************************
1633 * I_RpcSendReceive [RPCRT4.@]
1634 *
1635 * Sends a message to the server and receives the response.
1636 *
1637 * PARAMS
1638 * pMsg [I/O] RPC message information.
1639 *
1640 * RETURNS
1641 * Success: RPC_S_OK.
1642 * Failure: Any error code.
1643 *
1644 * NOTES
1645 * The buffer must have been allocated with I_RpcGetBuffer().
1646 *
1647 * SEE ALSO
1648 * I_RpcGetBuffer(), I_RpcSend(), I_RpcReceive().
1649 */
1650 RPC_STATUS WINAPI I_RpcSendReceive(PRPC_MESSAGE pMsg)
1651 {
1652 RPC_STATUS status;
1653 void *original_buffer;
1654
1655 TRACE("(%p)\n", pMsg);
1656
1657 original_buffer = pMsg->Buffer;
1658 status = I_RpcSend(pMsg);
1659 if (status == RPC_S_OK)
1660 status = I_RpcReceive(pMsg);
1661 /* free the buffer replaced by a new buffer in I_RpcReceive */
1662 if (status == RPC_S_OK)
1663 I_RpcFree(original_buffer);
1664 return status;
1665 }
1666
1667 /***********************************************************************
1668 * I_RpcAsyncSetHandle [RPCRT4.@]
1669 *
1670 * Sets the asynchronous state of the handle contained in the RPC message
1671 * structure.
1672 *
1673 * PARAMS
1674 * pMsg [I] RPC Message structure.
1675 * pAsync [I] Asynchronous state to set.
1676 *
1677 * RETURNS
1678 * Success: RPC_S_OK.
1679 * Failure: Any error code.
1680 */
1681 RPC_STATUS WINAPI I_RpcAsyncSetHandle(PRPC_MESSAGE pMsg, PRPC_ASYNC_STATE pAsync)
1682 {
1683 RpcBinding* bind = pMsg->Handle;
1684 RpcConnection *conn;
1685
1686 TRACE("(%p, %p)\n", pMsg, pAsync);
1687
1688 if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1689
1690 conn = pMsg->ReservedForRuntime;
1691 conn->async_state = pAsync;
1692
1693 return RPC_S_OK;
1694 }
1695
1696 /***********************************************************************
1697 * I_RpcAsyncAbortCall [RPCRT4.@]
1698 *
1699 * Aborts an asynchronous call.
1700 *
1701 * PARAMS
1702 * pAsync [I] Asynchronous state.
1703 * ExceptionCode [I] Exception code.
1704 *
1705 * RETURNS
1706 * Success: RPC_S_OK.
1707 * Failure: Any error code.
1708 */
1709 RPC_STATUS WINAPI I_RpcAsyncAbortCall(PRPC_ASYNC_STATE pAsync, ULONG ExceptionCode)
1710 {
1711 FIXME("(%p, %d): stub\n", pAsync, ExceptionCode);
1712 return RPC_S_INVALID_ASYNC_HANDLE;
1713 }
useful hacks and other patches not (yet) suitable for mainline