2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 2003-2005
6 Copyright (C) Jelmer Vernooij 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/network.h"
25 #include "lib/tsocket/tsocket.h"
26 #include "lib/util/tevent_ntstatus.h"
27 #include "librpc/rpc/dcerpc.h"
28 #include "librpc/gen_ndr/ndr_dcerpc.h"
29 #include "rpc_common.h"
31 /* we need to be able to get/set the fragment length without doing a full
33 void dcerpc_set_frag_length(DATA_BLOB
*blob
, uint16_t v
)
35 if (CVAL(blob
->data
,DCERPC_DREP_OFFSET
) & DCERPC_DREP_LE
) {
36 SSVAL(blob
->data
, DCERPC_FRAG_LEN_OFFSET
, v
);
38 RSSVAL(blob
->data
, DCERPC_FRAG_LEN_OFFSET
, v
);
42 uint16_t dcerpc_get_frag_length(const DATA_BLOB
*blob
)
44 if (CVAL(blob
->data
,DCERPC_DREP_OFFSET
) & DCERPC_DREP_LE
) {
45 return SVAL(blob
->data
, DCERPC_FRAG_LEN_OFFSET
);
47 return RSVAL(blob
->data
, DCERPC_FRAG_LEN_OFFSET
);
51 void dcerpc_set_auth_length(DATA_BLOB
*blob
, uint16_t v
)
53 if (CVAL(blob
->data
,DCERPC_DREP_OFFSET
) & DCERPC_DREP_LE
) {
54 SSVAL(blob
->data
, DCERPC_AUTH_LEN_OFFSET
, v
);
56 RSSVAL(blob
->data
, DCERPC_AUTH_LEN_OFFSET
, v
);
60 uint8_t dcerpc_get_endian_flag(DATA_BLOB
*blob
)
62 return blob
->data
[DCERPC_DREP_OFFSET
];
67 * @brief Pull a dcerpc_auth structure, taking account of any auth
68 * padding in the blob. For request/response packets we pass
69 * the whole data blob, so auth_data_only must be set to false
70 * as the blob contains data+pad+auth and no just pad+auth.
72 * @param pkt - The ncacn_packet strcuture
73 * @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
74 * @param pkt_trailer - The packet trailer data, usually the trailing
75 * auth_info blob, but in the request/response case
76 * this is the stub_and_verifier blob.
77 * @param auth - A preallocated dcerpc_auth *empty* structure
78 * @param auth_length - The length of the auth trail, sum of auth header
79 * lenght and pkt->auth_length
80 * @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
81 * (+ padding) or also other data.
83 * @return - A NTSTATUS error code.
85 NTSTATUS
dcerpc_pull_auth_trailer(struct ncacn_packet
*pkt
,
87 DATA_BLOB
*pkt_trailer
,
88 struct dcerpc_auth
*auth
,
89 uint32_t *auth_length
,
93 enum ndr_err_code ndr_err
;
94 uint32_t data_and_pad
;
96 data_and_pad
= pkt_trailer
->length
97 - (DCERPC_AUTH_TRAILER_LENGTH
+ pkt
->auth_length
);
99 /* paranoia check for pad size. This would be caught anyway by
100 the ndr_pull_advance() a few lines down, but it scared
101 Jeremy enough for him to call me, so we might as well check
102 it now, just to prevent someone posting a bogus YouTube
105 if (data_and_pad
> pkt_trailer
->length
) {
106 return NT_STATUS_INFO_LENGTH_MISMATCH
;
109 *auth_length
= pkt_trailer
->length
- data_and_pad
;
111 ndr
= ndr_pull_init_blob(pkt_trailer
, mem_ctx
);
113 return NT_STATUS_NO_MEMORY
;
116 if (!(pkt
->drep
[0] & DCERPC_DREP_LE
)) {
117 ndr
->flags
|= LIBNDR_FLAG_BIGENDIAN
;
120 ndr_err
= ndr_pull_advance(ndr
, data_and_pad
);
121 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
123 return ndr_map_error2ntstatus(ndr_err
);
126 ndr_err
= ndr_pull_dcerpc_auth(ndr
, NDR_SCALARS
|NDR_BUFFERS
, auth
);
127 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
129 return ndr_map_error2ntstatus(ndr_err
);
132 if (auth_data_only
&& data_and_pad
!= auth
->auth_pad_length
) {
133 DEBUG(1, (__location__
": WARNING: pad length mismatch. "
134 "Calculated %u got %u\n",
135 (unsigned)data_and_pad
,
136 (unsigned)auth
->auth_pad_length
));
139 DEBUG(6,(__location__
": auth_pad_length %u\n",
140 (unsigned)auth
->auth_pad_length
));
142 talloc_steal(mem_ctx
, auth
->credentials
.data
);
148 struct dcerpc_read_ncacn_packet_state
{
154 struct ncacn_packet
*pkt
;
157 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context
*stream
,
160 struct iovec
**_vector
,
162 static void dcerpc_read_ncacn_packet_done(struct tevent_req
*subreq
);
164 struct tevent_req
*dcerpc_read_ncacn_packet_send(TALLOC_CTX
*mem_ctx
,
165 struct tevent_context
*ev
,
166 struct tstream_context
*stream
)
168 struct tevent_req
*req
;
169 struct dcerpc_read_ncacn_packet_state
*state
;
170 struct tevent_req
*subreq
;
172 req
= tevent_req_create(mem_ctx
, &state
,
173 struct dcerpc_read_ncacn_packet_state
);
178 state
->buffer
= data_blob_const(NULL
, 0);
179 state
->pkt
= talloc(state
, struct ncacn_packet
);
180 if (tevent_req_nomem(state
->pkt
, req
)) {
184 subreq
= tstream_readv_pdu_send(state
, ev
,
186 dcerpc_read_ncacn_packet_next_vector
,
188 if (tevent_req_nomem(subreq
, req
)) {
191 tevent_req_set_callback(subreq
, dcerpc_read_ncacn_packet_done
, req
);
195 tevent_req_post(req
, ev
);
199 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context
*stream
,
202 struct iovec
**_vector
,
205 struct dcerpc_read_ncacn_packet_state
*state
=
206 talloc_get_type_abort(private_data
,
207 struct dcerpc_read_ncacn_packet_state
);
208 struct iovec
*vector
;
211 if (state
->buffer
.length
== 0) {
212 /* first get enough to read the fragment length */
214 state
->buffer
.length
= DCERPC_FRAG_LEN_OFFSET
+ 2;
215 state
->buffer
.data
= talloc_array(state
, uint8_t,
216 state
->buffer
.length
);
217 if (!state
->buffer
.data
) {
220 } else if (state
->buffer
.length
== (DCERPC_FRAG_LEN_OFFSET
+ 2)) {
221 /* now read the fragment length and allocate the full buffer */
222 size_t frag_len
= dcerpc_get_frag_length(&state
->buffer
);
224 ofs
= state
->buffer
.length
;
226 state
->buffer
.data
= talloc_realloc(state
,
229 if (!state
->buffer
.data
) {
232 state
->buffer
.length
= frag_len
;
234 /* if we reach this we have a full fragment */
240 /* now create the vector that we want to be filled */
241 vector
= talloc_array(mem_ctx
, struct iovec
, 1);
246 vector
[0].iov_base
= (void *) (state
->buffer
.data
+ ofs
);
247 vector
[0].iov_len
= state
->buffer
.length
- ofs
;
254 static void dcerpc_read_ncacn_packet_done(struct tevent_req
*subreq
)
256 struct tevent_req
*req
= tevent_req_callback_data(subreq
,
258 struct dcerpc_read_ncacn_packet_state
*state
= tevent_req_data(req
,
259 struct dcerpc_read_ncacn_packet_state
);
262 struct ndr_pull
*ndr
;
263 enum ndr_err_code ndr_err
;
266 ret
= tstream_readv_pdu_recv(subreq
, &sys_errno
);
269 status
= map_nt_error_from_unix(sys_errno
);
270 tevent_req_nterror(req
, status
);
274 ndr
= ndr_pull_init_blob(&state
->buffer
, state
->pkt
);
275 if (tevent_req_nomem(ndr
, req
)) {
279 if (!(CVAL(ndr
->data
, DCERPC_DREP_OFFSET
) & DCERPC_DREP_LE
)) {
280 ndr
->flags
|= LIBNDR_FLAG_BIGENDIAN
;
283 if (CVAL(ndr
->data
, DCERPC_PFC_OFFSET
) & DCERPC_PFC_FLAG_OBJECT_UUID
) {
284 ndr
->flags
|= LIBNDR_FLAG_OBJECT_PRESENT
;
287 ndr_err
= ndr_pull_ncacn_packet(ndr
, NDR_SCALARS
|NDR_BUFFERS
, state
->pkt
);
289 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
290 status
= ndr_map_error2ntstatus(ndr_err
);
291 tevent_req_nterror(req
, status
);
295 tevent_req_done(req
);
298 NTSTATUS
dcerpc_read_ncacn_packet_recv(struct tevent_req
*req
,
300 struct ncacn_packet
**pkt
,
303 struct dcerpc_read_ncacn_packet_state
*state
= tevent_req_data(req
,
304 struct dcerpc_read_ncacn_packet_state
);
307 if (tevent_req_is_nterror(req
, &status
)) {
308 tevent_req_received(req
);
312 *pkt
= talloc_move(mem_ctx
, &state
->pkt
);
314 buffer
->data
= talloc_move(mem_ctx
, &state
->buffer
.data
);
315 buffer
->length
= state
->buffer
.length
;
318 tevent_req_received(req
);