search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove another global from clidfs that is only used in client.c.
[Samba.git] / source3 / rpc_parse / parse_prs.c
blobd549265fa11b07016504486f622ffb125f109013
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_RPC_PARSE
27
28 /**
29 * Dump a prs to a file: from the current location through to the end.
30 **/
31 void prs_dump(const char *name, int v, prs_struct *ps)
32 {
33 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
34 }
35
36 /**
37 * Dump from the start of the prs to the current location.
38 **/
39 void prs_dump_before(const char *name, int v, prs_struct *ps)
40 {
41 prs_dump_region(name, v, ps, 0, ps->data_offset);
42 }
43
44 /**
45 * Dump everything from the start of the prs up to the current location.
46 **/
47 void prs_dump_region(const char *name, int v, prs_struct *ps,
48 int from_off, int to_off)
49 {
50 int fd, i;
51 char *fname = NULL;
52 ssize_t sz;
53 if (DEBUGLEVEL < 50) return;
54 for (i=1;i<100;i++) {
55 if (v != -1) {
56 if (asprintf(&fname,"/tmp/%s_%d.%d.prs", name, v, i) < 0) {
57 return;
58 }
59 } else {
60 if (asprintf(&fname,"/tmp/%s.%d.prs", name, i) < 0) {
61 return;
62 }
63 }
64 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
65 if (fd != -1 || errno != EEXIST) break;
66 }
67 if (fd != -1) {
68 sz = write(fd, ps->data_p + from_off, to_off - from_off);
69 i = close(fd);
70 if ( (sz != to_off-from_off) || (i != 0) ) {
71 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
72 } else {
73 DEBUG(0,("created %s\n", fname));
74 }
75 }
76 SAFE_FREE(fname);
77 }
78
79 /*******************************************************************
80 Debug output for parsing info
81
82 XXXX side-effect of this function is to increase the debug depth XXXX.
83
84 ********************************************************************/
85
86 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
87 {
88 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(5+depth,depth), ps->data_offset, fn_name, desc));
89 }
90
91 /**
92 * Initialise an expandable parse structure.
93 *
94 * @param size Initial buffer size. If >0, a new buffer will be
95 * created with malloc().
96 *
97 * @return False if allocation fails, otherwise True.
98 **/
99
100 bool prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, bool io)
101 {
102 ZERO_STRUCTP(ps);
103 ps->io = io;
104 ps->bigendian_data = RPC_LITTLE_ENDIAN;
105 ps->align = RPC_PARSE_ALIGN;
106 ps->is_dynamic = False;
107 ps->data_offset = 0;
108 ps->buffer_size = 0;
109 ps->data_p = NULL;
110 ps->mem_ctx = ctx;
111
112 if (size != 0) {
113 ps->buffer_size = size;
114 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
115 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
116 return False;
117 }
118 memset(ps->data_p, '\0', (size_t)size);
119 ps->is_dynamic = True; /* We own this memory. */
120 } else if (MARSHALLING(ps)) {
121 /* If size is zero and we're marshalling we should allocate memory on demand. */
122 ps->is_dynamic = True;
123 }
124
125 return True;
126 }
127
128 /*******************************************************************
129 Delete the memory in a parse structure - if we own it.
130
131 NOTE: Contrary to the somewhat confusing naming, this function is not
132 intended for freeing memory allocated by prs_alloc_mem(). That memory
133 is attached to the talloc context given by ps->mem_ctx.
134 ********************************************************************/
135
136 void prs_mem_free(prs_struct *ps)
137 {
138 if(ps->is_dynamic)
139 SAFE_FREE(ps->data_p);
140 ps->is_dynamic = False;
141 ps->buffer_size = 0;
142 ps->data_offset = 0;
143 }
144
145 /*******************************************************************
146 Clear the memory in a parse structure.
147 ********************************************************************/
148
149 void prs_mem_clear(prs_struct *ps)
150 {
151 if (ps->buffer_size)
152 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
153 }
154
155 /*******************************************************************
156 Allocate memory when unmarshalling... Always zero clears.
157 ********************************************************************/
158
159 #if defined(PARANOID_MALLOC_CHECKER)
160 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
161 #else
162 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
163 #endif
164 {
165 char *ret = NULL;
166
167 if (size && count) {
168 /* We can't call the type-safe version here. */
169 ret = (char *)_talloc_zero_array(ps->mem_ctx, size, count,
170 "parse_prs");
171 }
172 return ret;
173 }
174
175 /*******************************************************************
176 Return the current talloc context we're using.
177 ********************************************************************/
178
179 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
180 {
181 return ps->mem_ctx;
182 }
183
184 /*******************************************************************
185 Hand some already allocated memory to a prs_struct.
186 ********************************************************************/
187
188 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, bool is_dynamic)
189 {
190 ps->is_dynamic = is_dynamic;
191 ps->data_p = buf;
192 ps->buffer_size = size;
193 }
194
195 /*******************************************************************
196 Take some memory back from a prs_struct.
197 ********************************************************************/
198
199 char *prs_take_memory(prs_struct *ps, uint32 *psize)
200 {
201 char *ret = ps->data_p;
202 if(psize)
203 *psize = ps->buffer_size;
204 ps->is_dynamic = False;
205 prs_mem_free(ps);
206 return ret;
207 }
208
209 /*******************************************************************
210 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
211 ********************************************************************/
212
213 bool prs_set_buffer_size(prs_struct *ps, uint32 newsize)
214 {
215 if (newsize > ps->buffer_size)
216 return prs_force_grow(ps, newsize - ps->buffer_size);
217
218 if (newsize < ps->buffer_size) {
219 ps->buffer_size = newsize;
220
221 /* newsize == 0 acts as a free and set pointer to NULL */
222 if (newsize == 0) {
223 SAFE_FREE(ps->data_p);
224 } else {
225 ps->data_p = (char *)SMB_REALLOC(ps->data_p, newsize);
226
227 if (ps->data_p == NULL) {
228 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
229 (unsigned int)newsize));
230 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
231 return False;
232 }
233 }
234 }
235
236 return True;
237 }
238
239 /*******************************************************************
240 Attempt, if needed, to grow a data buffer.
241 Also depends on the data stream mode (io).
242 ********************************************************************/
243
244 bool prs_grow(prs_struct *ps, uint32 extra_space)
245 {
246 uint32 new_size;
247
248 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
249
250 if(ps->data_offset + extra_space <= ps->buffer_size)
251 return True;
252
253 /*
254 * We cannot grow the buffer if we're not reading
255 * into the prs_struct, or if we don't own the memory.
256 */
257
258 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
259 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
260 (unsigned int)extra_space));
261 return False;
262 }
263
264 /*
265 * Decide how much extra space we really need.
266 */
267
268 extra_space -= (ps->buffer_size - ps->data_offset);
269 if(ps->buffer_size == 0) {
270 /*
271 * Ensure we have at least a PDU's length, or extra_space, whichever
272 * is greater.
273 */
274
275 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
276
277 if((ps->data_p = (char *)SMB_MALLOC(new_size)) == NULL) {
278 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
279 return False;
280 }
281 memset(ps->data_p, '\0', (size_t)new_size );
282 } else {
283 /*
284 * If the current buffer size is bigger than the space needed, just
285 * double it, else add extra_space.
286 */
287 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
288
289 if ((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
290 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
291 (unsigned int)new_size));
292 return False;
293 }
294
295 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
296 }
297 ps->buffer_size = new_size;
298
299 return True;
300 }
301
302 /*******************************************************************
303 Attempt to force a data buffer to grow by len bytes.
304 This is only used when appending more data onto a prs_struct
305 when reading an rpc reply, before unmarshalling it.
306 ********************************************************************/
307
308 bool prs_force_grow(prs_struct *ps, uint32 extra_space)
309 {
310 uint32 new_size = ps->buffer_size + extra_space;
311
312 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
313 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
314 (unsigned int)extra_space));
315 return False;
316 }
317
318 if((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
319 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
320 (unsigned int)new_size));
321 return False;
322 }
323
324 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
325
326 ps->buffer_size = new_size;
327
328 return True;
329 }
330
331 /*******************************************************************
332 Get the data pointer (external interface).
333 ********************************************************************/
334
335 char *prs_data_p(prs_struct *ps)
336 {
337 return ps->data_p;
338 }
339
340 /*******************************************************************
341 Get the current data size (external interface).
342 ********************************************************************/
343
344 uint32 prs_data_size(prs_struct *ps)
345 {
346 return ps->buffer_size;
347 }
348
349 /*******************************************************************
350 Fetch the current offset (external interface).
351 ********************************************************************/
352
353 uint32 prs_offset(prs_struct *ps)
354 {
355 return ps->data_offset;
356 }
357
358 /*******************************************************************
359 Set the current offset (external interface).
360 ********************************************************************/
361
362 bool prs_set_offset(prs_struct *ps, uint32 offset)
363 {
364 if(offset <= ps->data_offset) {
365 ps->data_offset = offset;
366 return True;
367 }
368
369 if(!prs_grow(ps, offset - ps->data_offset))
370 return False;
371
372 ps->data_offset = offset;
373 return True;
374 }
375
376 /*******************************************************************
377 Append the data from one parse_struct into another.
378 ********************************************************************/
379
380 bool prs_append_prs_data(prs_struct *dst, prs_struct *src)
381 {
382 if (prs_offset(src) == 0)
383 return True;
384
385 if(!prs_grow(dst, prs_offset(src)))
386 return False;
387
388 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
389 dst->data_offset += prs_offset(src);
390
391 return True;
392 }
393
394 /*******************************************************************
395 Append some data from one parse_struct into another.
396 ********************************************************************/
397
398 bool prs_append_some_data(prs_struct *dst, void *src_base, uint32_t start,
399 uint32_t len)
400 {
401 if (len == 0) {
402 return true;
403 }
404
405 if(!prs_grow(dst, len)) {
406 return false;
407 }
408
409 memcpy(&dst->data_p[dst->data_offset], ((char *)src_base) + start, (size_t)len);
410 dst->data_offset += len;
411 return true;
412 }
413
414 bool prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start,
415 uint32 len)
416 {
417 return prs_append_some_data(dst, src->data_p, start, len);
418 }
419
420 /*******************************************************************
421 Append the data from a buffer into a parse_struct.
422 ********************************************************************/
423
424 bool prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
425 {
426 if (len == 0)
427 return True;
428
429 if(!prs_grow(dst, len))
430 return False;
431
432 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
433 dst->data_offset += len;
434
435 return True;
436 }
437
438 /*******************************************************************
439 Copy some data from a parse_struct into a buffer.
440 ********************************************************************/
441
442 bool prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
443 {
444 if (len == 0)
445 return True;
446
447 if(!prs_mem_get(src, len))
448 return False;
449
450 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
451 src->data_offset += len;
452
453 return True;
454 }
455
456 /*******************************************************************
457 Copy all the data from a parse_struct into a buffer.
458 ********************************************************************/
459
460 bool prs_copy_all_data_out(char *dst, prs_struct *src)
461 {
462 uint32 len = prs_offset(src);
463
464 if (!len)
465 return True;
466
467 prs_set_offset(src, 0);
468 return prs_copy_data_out(dst, src, len);
469 }
470
471 /*******************************************************************
472 Set the data as X-endian (external interface).
473 ********************************************************************/
474
475 void prs_set_endian_data(prs_struct *ps, bool endian)
476 {
477 ps->bigendian_data = endian;
478 }
479
480 /*******************************************************************
481 Align a the data_len to a multiple of align bytes - filling with
482 zeros.
483 ********************************************************************/
484
485 bool prs_align(prs_struct *ps)
486 {
487 uint32 mod = ps->data_offset & (ps->align-1);
488
489 if (ps->align != 0 && mod != 0) {
490 uint32 extra_space = (ps->align - mod);
491 if(!prs_grow(ps, extra_space))
492 return False;
493 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
494 ps->data_offset += extra_space;
495 }
496
497 return True;
498 }
499
500 /******************************************************************
501 Align on a 2 byte boundary
502 *****************************************************************/
503
504 bool prs_align_uint16(prs_struct *ps)
505 {
506 bool ret;
507 uint8 old_align = ps->align;
508
509 ps->align = 2;
510 ret = prs_align(ps);
511 ps->align = old_align;
512
513 return ret;
514 }
515
516 /******************************************************************
517 Align on a 8 byte boundary
518 *****************************************************************/
519
520 bool prs_align_uint64(prs_struct *ps)
521 {
522 bool ret;
523 uint8 old_align = ps->align;
524
525 ps->align = 8;
526 ret = prs_align(ps);
527 ps->align = old_align;
528
529 return ret;
530 }
531
532 /******************************************************************
533 Align on a specific byte boundary
534 *****************************************************************/
535
536 bool prs_align_custom(prs_struct *ps, uint8 boundary)
537 {
538 bool ret;
539 uint8 old_align = ps->align;
540
541 ps->align = boundary;
542 ret = prs_align(ps);
543 ps->align = old_align;
544
545 return ret;
546 }
547
548
549
550 /*******************************************************************
551 Align only if required (for the unistr2 string mainly)
552 ********************************************************************/
553
554 bool prs_align_needed(prs_struct *ps, uint32 needed)
555 {
556 if (needed==0)
557 return True;
558 else
559 return prs_align(ps);
560 }
561
562 /*******************************************************************
563 Ensure we can read/write to a given offset.
564 ********************************************************************/
565
566 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
567 {
568 if(UNMARSHALLING(ps)) {
569 /*
570 * If reading, ensure that we can read the requested size item.
571 */
572 if (ps->data_offset + extra_size > ps->buffer_size) {
573 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
574 "buffer by %u bytes.\n",
575 (unsigned int)extra_size,
576 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
577 return NULL;
578 }
579 } else {
580 /*
581 * Writing - grow the buffer if needed.
582 */
583 if(!prs_grow(ps, extra_size))
584 return NULL;
585 }
586 return &ps->data_p[ps->data_offset];
587 }
588
589 /*******************************************************************
590 Change the struct type.
591 ********************************************************************/
592
593 void prs_switch_type(prs_struct *ps, bool io)
594 {
595 if ((ps->io ^ io) == True)
596 ps->io=io;
597 }
598
599 /*******************************************************************
600 Force a prs_struct to be dynamic even when it's size is 0.
601 ********************************************************************/
602
603 void prs_force_dynamic(prs_struct *ps)
604 {
605 ps->is_dynamic=True;
606 }
607
608 /*******************************************************************
609 Associate a session key with a parse struct.
610 ********************************************************************/
611
612 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
613 {
614 ps->sess_key = sess_key;
615 }
616
617 /*******************************************************************
618 Stream a uint8.
619 ********************************************************************/
620
621 bool prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
622 {
623 char *q = prs_mem_get(ps, 1);
624 if (q == NULL)
625 return False;
626
627 if (UNMARSHALLING(ps))
628 *data8 = CVAL(q,0);
629 else
630 SCVAL(q,0,*data8);
631
632 DEBUGADD(5,("%s%04x %s: %02x\n", tab_depth(5,depth), ps->data_offset, name, *data8));
633
634 ps->data_offset += 1;
635
636 return True;
637 }
638
639 /*******************************************************************
640 Stream a uint16* (allocate memory if unmarshalling)
641 ********************************************************************/
642
643 bool prs_pointer( const char *name, prs_struct *ps, int depth,
644 void *dta, size_t data_size,
645 bool (*prs_fn)(const char*, prs_struct*, int, void*) )
646 {
647 void ** data = (void **)dta;
648 uint32 data_p;
649
650 /* output f000baaa to stream if the pointer is non-zero. */
651
652 data_p = *data ? 0xf000baaa : 0;
653
654 if ( !prs_uint32("ptr", ps, depth, &data_p ))
655 return False;
656
657 /* we're done if there is no data */
658
659 if ( !data_p )
660 return True;
661
662 if (UNMARSHALLING(ps)) {
663 if (data_size) {
664 if ( !(*data = PRS_ALLOC_MEM(ps, char, data_size)) )
665 return False;
666 } else {
667 *data = NULL;
668 }
669 }
670
671 return prs_fn(name, ps, depth, *data);
672 }
673
674
675 /*******************************************************************
676 Stream a uint16.
677 ********************************************************************/
678
679 bool prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
680 {
681 char *q = prs_mem_get(ps, sizeof(uint16));
682 if (q == NULL)
683 return False;
684
685 if (UNMARSHALLING(ps)) {
686 if (ps->bigendian_data)
687 *data16 = RSVAL(q,0);
688 else
689 *data16 = SVAL(q,0);
690 } else {
691 if (ps->bigendian_data)
692 RSSVAL(q,0,*data16);
693 else
694 SSVAL(q,0,*data16);
695 }
696
697 DEBUGADD(5,("%s%04x %s: %04x\n", tab_depth(5,depth), ps->data_offset, name, *data16));
698
699 ps->data_offset += sizeof(uint16);
700
701 return True;
702 }
703
704 /*******************************************************************
705 Stream a uint32.
706 ********************************************************************/
707
708 bool prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
709 {
710 char *q = prs_mem_get(ps, sizeof(uint32));
711 if (q == NULL)
712 return False;
713
714 if (UNMARSHALLING(ps)) {
715 if (ps->bigendian_data)
716 *data32 = RIVAL(q,0);
717 else
718 *data32 = IVAL(q,0);
719 } else {
720 if (ps->bigendian_data)
721 RSIVAL(q,0,*data32);
722 else
723 SIVAL(q,0,*data32);
724 }
725
726 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
727
728 ps->data_offset += sizeof(uint32);
729
730 return True;
731 }
732
733 /*******************************************************************
734 Stream an int32.
735 ********************************************************************/
736
737 bool prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
738 {
739 char *q = prs_mem_get(ps, sizeof(int32));
740 if (q == NULL)
741 return False;
742
743 if (UNMARSHALLING(ps)) {
744 if (ps->bigendian_data)
745 *data32 = RIVALS(q,0);
746 else
747 *data32 = IVALS(q,0);
748 } else {
749 if (ps->bigendian_data)
750 RSIVALS(q,0,*data32);
751 else
752 SIVALS(q,0,*data32);
753 }
754
755 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
756
757 ps->data_offset += sizeof(int32);
758
759 return True;
760 }
761
762 /*******************************************************************
763 Stream a NTSTATUS
764 ********************************************************************/
765
766 bool prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
767 {
768 char *q = prs_mem_get(ps, sizeof(uint32));
769 if (q == NULL)
770 return False;
771
772 if (UNMARSHALLING(ps)) {
773 if (ps->bigendian_data)
774 *status = NT_STATUS(RIVAL(q,0));
775 else
776 *status = NT_STATUS(IVAL(q,0));
777 } else {
778 if (ps->bigendian_data)
779 RSIVAL(q,0,NT_STATUS_V(*status));
780 else
781 SIVAL(q,0,NT_STATUS_V(*status));
782 }
783
784 DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name,
785 nt_errstr(*status)));
786
787 ps->data_offset += sizeof(uint32);
788
789 return True;
790 }
791
792 /*******************************************************************
793 Stream a DCE error code
794 ********************************************************************/
795
796 bool prs_dcerpc_status(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
797 {
798 char *q = prs_mem_get(ps, sizeof(uint32));
799 if (q == NULL)
800 return False;
801
802 if (UNMARSHALLING(ps)) {
803 if (ps->bigendian_data)
804 *status = NT_STATUS(RIVAL(q,0));
805 else
806 *status = NT_STATUS(IVAL(q,0));
807 } else {
808 if (ps->bigendian_data)
809 RSIVAL(q,0,NT_STATUS_V(*status));
810 else
811 SIVAL(q,0,NT_STATUS_V(*status));
812 }
813
814 DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name,
815 dcerpc_errstr(debug_ctx(), NT_STATUS_V(*status))));
816
817 ps->data_offset += sizeof(uint32);
818
819 return True;
820 }
821
822
823 /*******************************************************************
824 Stream a WERROR
825 ********************************************************************/
826
827 bool prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
828 {
829 char *q = prs_mem_get(ps, sizeof(uint32));
830 if (q == NULL)
831 return False;
832
833 if (UNMARSHALLING(ps)) {
834 if (ps->bigendian_data)
835 *status = W_ERROR(RIVAL(q,0));
836 else
837 *status = W_ERROR(IVAL(q,0));
838 } else {
839 if (ps->bigendian_data)
840 RSIVAL(q,0,W_ERROR_V(*status));
841 else
842 SIVAL(q,0,W_ERROR_V(*status));
843 }
844
845 DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name,
846 win_errstr(*status)));
847
848 ps->data_offset += sizeof(uint32);
849
850 return True;
851 }
852
853
854 /******************************************************************
855 Stream an array of uint8s. Length is number of uint8s.
856 ********************************************************************/
857
858 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
859 {
860 int i;
861 char *q = prs_mem_get(ps, len);
862 if (q == NULL)
863 return False;
864
865 if (UNMARSHALLING(ps)) {
866 for (i = 0; i < len; i++)
867 data8s[i] = CVAL(q,i);
868 } else {
869 for (i = 0; i < len; i++)
870 SCVAL(q, i, data8s[i]);
871 }
872
873 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset ,name));
874 if (charmode)
875 print_asc(5, (unsigned char*)data8s, len);
876 else {
877 for (i = 0; i < len; i++)
878 DEBUGADD(5,("%02x ", data8s[i]));
879 }
880 DEBUGADD(5,("\n"));
881
882 ps->data_offset += len;
883
884 return True;
885 }
886
887 /******************************************************************
888 Stream an array of uint16s. Length is number of uint16s.
889 ********************************************************************/
890
891 bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
892 {
893 int i;
894 char *q = prs_mem_get(ps, len * sizeof(uint16));
895 if (q == NULL)
896 return False;
897
898 if (UNMARSHALLING(ps)) {
899 if (ps->bigendian_data) {
900 for (i = 0; i < len; i++)
901 data16s[i] = RSVAL(q, 2*i);
902 } else {
903 for (i = 0; i < len; i++)
904 data16s[i] = SVAL(q, 2*i);
905 }
906 } else {
907 if (ps->bigendian_data) {
908 for (i = 0; i < len; i++)
909 RSSVAL(q, 2*i, data16s[i]);
910 } else {
911 for (i = 0; i < len; i++)
912 SSVAL(q, 2*i, data16s[i]);
913 }
914 }
915
916 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
917 if (charmode)
918 print_asc(5, (unsigned char*)data16s, 2*len);
919 else {
920 for (i = 0; i < len; i++)
921 DEBUGADD(5,("%04x ", data16s[i]));
922 }
923 DEBUGADD(5,("\n"));
924
925 ps->data_offset += (len * sizeof(uint16));
926
927 return True;
928 }
929
930 /******************************************************************
931 Start using a function for streaming unicode chars. If unmarshalling,
932 output must be little-endian, if marshalling, input must be little-endian.
933 ********************************************************************/
934
935 static void dbg_rw_punival(bool charmode, const char *name, int depth, prs_struct *ps,
936 char *in_buf, char *out_buf, int len)
937 {
938 int i;
939
940 if (UNMARSHALLING(ps)) {
941 if (ps->bigendian_data) {
942 for (i = 0; i < len; i++)
943 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
944 } else {
945 for (i = 0; i < len; i++)
946 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
947 }
948 } else {
949 if (ps->bigendian_data) {
950 for (i = 0; i < len; i++)
951 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
952 } else {
953 for (i = 0; i < len; i++)
954 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
955 }
956 }
957
958 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
959 if (charmode)
960 print_asc(5, (unsigned char*)out_buf, 2*len);
961 else {
962 for (i = 0; i < len; i++)
963 DEBUGADD(5,("%04x ", out_buf[i]));
964 }
965 DEBUGADD(5,("\n"));
966 }
967
968 /******************************************************************
969 Stream a unistr. Always little endian.
970 ********************************************************************/
971
972 bool prs_uint16uni(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
973 {
974 char *q = prs_mem_get(ps, len * sizeof(uint16));
975 if (q == NULL)
976 return False;
977
978 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
979 ps->data_offset += (len * sizeof(uint16));
980
981 return True;
982 }
983
984 /******************************************************************
985 Stream an array of uint32s. Length is number of uint32s.
986 ********************************************************************/
987
988 bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
989 {
990 int i;
991 char *q = prs_mem_get(ps, len * sizeof(uint32));
992 if (q == NULL)
993 return False;
994
995 if (UNMARSHALLING(ps)) {
996 if (ps->bigendian_data) {
997 for (i = 0; i < len; i++)
998 data32s[i] = RIVAL(q, 4*i);
999 } else {
1000 for (i = 0; i < len; i++)
1001 data32s[i] = IVAL(q, 4*i);
1002 }
1003 } else {
1004 if (ps->bigendian_data) {
1005 for (i = 0; i < len; i++)
1006 RSIVAL(q, 4*i, data32s[i]);
1007 } else {
1008 for (i = 0; i < len; i++)
1009 SIVAL(q, 4*i, data32s[i]);
1010 }
1011 }
1012
1013 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1014 if (charmode)
1015 print_asc(5, (unsigned char*)data32s, 4*len);
1016 else {
1017 for (i = 0; i < len; i++)
1018 DEBUGADD(5,("%08x ", data32s[i]));
1019 }
1020 DEBUGADD(5,("\n"));
1021
1022 ps->data_offset += (len * sizeof(uint32));
1023
1024 return True;
1025 }
1026
1027 /******************************************************************
1028 Stream an array of unicode string, length/buffer specified separately,
1029 in uint16 chars. The unicode string is already in little-endian format.
1030 ********************************************************************/
1031
1032 bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
1033 {
1034 char *p;
1035 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
1036 if (q == NULL)
1037 return False;
1038
1039 /* If the string is empty, we don't have anything to stream */
1040 if (str->buf_len==0)
1041 return True;
1042
1043 if (UNMARSHALLING(ps)) {
1044 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
1045 if (str->buffer == NULL)
1046 return False;
1047 }
1048
1049 p = (char *)str->buffer;
1050
1051 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
1052
1053 ps->data_offset += (str->buf_len * sizeof(uint16));
1054
1055 return True;
1056 }
1057
1058 /******************************************************************
1059 Stream a string, length/buffer specified separately,
1060 in uint8 chars.
1061 ********************************************************************/
1062
1063 bool prs_string2(bool charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
1064 {
1065 unsigned int i;
1066 char *q = prs_mem_get(ps, str->str_str_len);
1067 if (q == NULL)
1068 return False;
1069
1070 if (UNMARSHALLING(ps)) {
1071 if (str->str_str_len > str->str_max_len) {
1072 return False;
1073 }
1074 if (str->str_max_len) {
1075 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1076 if (str->buffer == NULL)
1077 return False;
1078 } else {
1079 str->buffer = NULL;
1080 /* Return early to ensure Coverity isn't confused. */
1081 DEBUGADD(5,("%s%04x %s: \n", tab_depth(5,depth), ps->data_offset, name));
1082 return True;
1083 }
1084 }
1085
1086 if (UNMARSHALLING(ps)) {
1087 for (i = 0; i < str->str_str_len; i++)
1088 str->buffer[i] = CVAL(q,i);
1089 } else {
1090 for (i = 0; i < str->str_str_len; i++)
1091 SCVAL(q, i, str->buffer[i]);
1092 }
1093
1094 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1095 if (charmode)
1096 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1097 else {
1098 for (i = 0; i < str->str_str_len; i++)
1099 DEBUG(5,("%02x ", str->buffer[i]));
1100 }
1101 DEBUGADD(5,("\n"));
1102
1103 ps->data_offset += str->str_str_len;
1104
1105 return True;
1106 }
1107
1108 /******************************************************************
1109 Stream a unicode string, length/buffer specified separately,
1110 in uint16 chars. The unicode string is already in little-endian format.
1111 ********************************************************************/
1112
1113 bool prs_unistr2(bool charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1114 {
1115 char *p;
1116 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1117 if (q == NULL)
1118 return False;
1119
1120 /* If the string is empty, we don't have anything to stream */
1121 if (str->uni_str_len==0)
1122 return True;
1123
1124 if (UNMARSHALLING(ps)) {
1125 if (str->uni_str_len > str->uni_max_len) {
1126 return False;
1127 }
1128 if (str->uni_max_len) {
1129 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1130 if (str->buffer == NULL)
1131 return False;
1132 } else {
1133 str->buffer = NULL;
1134 }
1135 }
1136
1137 p = (char *)str->buffer;
1138
1139 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1140
1141 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1142
1143 return True;
1144 }
1145
1146 /******************************************************************
1147 Stream a unicode string, length/buffer specified separately,
1148 in uint16 chars. The unicode string is already in little-endian format.
1149 ********************************************************************/
1150
1151 bool prs_unistr3(bool charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1152 {
1153 char *p;
1154 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1155 if (q == NULL)
1156 return False;
1157
1158 if (UNMARSHALLING(ps)) {
1159 if (str->uni_str_len) {
1160 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1161 if (str->str.buffer == NULL)
1162 return False;
1163 } else {
1164 str->str.buffer = NULL;
1165 }
1166 }
1167
1168 p = (char *)str->str.buffer;
1169
1170 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1171 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1172
1173 return True;
1174 }
1175
1176 /*******************************************************************
1177 Stream a unicode null-terminated string. As the string is already
1178 in little-endian format then do it as a stream of bytes.
1179 ********************************************************************/
1180
1181 bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1182 {
1183 unsigned int len = 0;
1184 unsigned char *p = (unsigned char *)str->buffer;
1185 uint8 *start;
1186 char *q;
1187 uint32 max_len;
1188 uint16* ptr;
1189
1190 if (MARSHALLING(ps)) {
1191
1192 for(len = 0; str->buffer[len] != 0; len++)
1193 ;
1194
1195 q = prs_mem_get(ps, (len+1)*2);
1196 if (q == NULL)
1197 return False;
1198
1199 start = (uint8*)q;
1200
1201 for(len = 0; str->buffer[len] != 0; len++) {
1202 if(ps->bigendian_data) {
1203 /* swap bytes - p is little endian, q is big endian. */
1204 q[0] = (char)p[1];
1205 q[1] = (char)p[0];
1206 p += 2;
1207 q += 2;
1208 }
1209 else
1210 {
1211 q[0] = (char)p[0];
1212 q[1] = (char)p[1];
1213 p += 2;
1214 q += 2;
1215 }
1216 }
1217
1218 /*
1219 * even if the string is 'empty' (only an \0 char)
1220 * at this point the leading \0 hasn't been parsed.
1221 * so parse it now
1222 */
1223
1224 q[0] = 0;
1225 q[1] = 0;
1226 q += 2;
1227
1228 len++;
1229
1230 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1231 print_asc(5, (unsigned char*)start, 2*len);
1232 DEBUGADD(5, ("\n"));
1233 }
1234 else { /* unmarshalling */
1235
1236 uint32 alloc_len = 0;
1237 q = ps->data_p + prs_offset(ps);
1238
1239 /*
1240 * Work out how much space we need and talloc it.
1241 */
1242 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1243
1244 /* the test of the value of *ptr helps to catch the circumstance
1245 where we have an emtpty (non-existent) string in the buffer */
1246 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1247 /* do nothing */
1248 ;
1249
1250 if (alloc_len < max_len)
1251 alloc_len += 1;
1252
1253 /* should we allocate anything at all? */
1254 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1255 if ((str->buffer == NULL) && (alloc_len > 0))
1256 return False;
1257
1258 p = (unsigned char *)str->buffer;
1259
1260 len = 0;
1261 /* the (len < alloc_len) test is to prevent us from overwriting
1262 memory that is not ours...if we get that far, we have a non-null
1263 terminated string in the buffer and have messed up somewhere */
1264 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1265 if(ps->bigendian_data)
1266 {
1267 /* swap bytes - q is big endian, p is little endian. */
1268 p[0] = (unsigned char)q[1];
1269 p[1] = (unsigned char)q[0];
1270 p += 2;
1271 q += 2;
1272 } else {
1273
1274 p[0] = (unsigned char)q[0];
1275 p[1] = (unsigned char)q[1];
1276 p += 2;
1277 q += 2;
1278 }
1279
1280 len++;
1281 }
1282 if (len < alloc_len) {
1283 /* NULL terminate the UNISTR */
1284 str->buffer[len++] = '\0';
1285 }
1286
1287 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1288 print_asc(5, (unsigned char*)str->buffer, 2*len);
1289 DEBUGADD(5, ("\n"));
1290 }
1291
1292 /* set the offset in the prs_struct; 'len' points to the
1293 terminiating NULL in the UNISTR so we need to go one more
1294 uint16 */
1295 ps->data_offset += (len)*2;
1296
1297 return True;
1298 }
1299
1300
1301 /*******************************************************************
1302 Stream a null-terminated string. len is strlen, and therefore does
1303 not include the null-termination character.
1304 ********************************************************************/
1305
1306 bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1307 {
1308 char *q;
1309 int i;
1310 int len;
1311
1312 if (UNMARSHALLING(ps))
1313 len = strlen(&ps->data_p[ps->data_offset]);
1314 else
1315 len = strlen(str);
1316
1317 len = MIN(len, (max_buf_size-1));
1318
1319 q = prs_mem_get(ps, len+1);
1320 if (q == NULL)
1321 return False;
1322
1323 for(i = 0; i < len; i++) {
1324 if (UNMARSHALLING(ps))
1325 str[i] = q[i];
1326 else
1327 q[i] = str[i];
1328 }
1329
1330 /* The terminating null. */
1331 str[i] = '\0';
1332
1333 if (MARSHALLING(ps)) {
1334 q[i] = '\0';
1335 }
1336
1337 ps->data_offset += len+1;
1338
1339 dump_data(5+depth, (uint8 *)q, len);
1340
1341 return True;
1342 }
1343
1344 bool prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **str)
1345 {
1346 size_t len;
1347 char *tmp_str;
1348
1349 if (UNMARSHALLING(ps)) {
1350 len = strlen(&ps->data_p[ps->data_offset]);
1351 } else {
1352 len = strlen(*str);
1353 }
1354
1355 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1356
1357 if (tmp_str == NULL) {
1358 return False;
1359 }
1360
1361 if (MARSHALLING(ps)) {
1362 strncpy(tmp_str, *str, len);
1363 }
1364
1365 if (!prs_string(name, ps, depth, tmp_str, len+1)) {
1366 return False;
1367 }
1368
1369 *str = tmp_str;
1370 return True;
1371 }
1372
1373 /*******************************************************************
1374 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1375 uint16 should be stored, or gets the size if reading.
1376 ********************************************************************/
1377
1378 bool prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1379 {
1380 *offset = ps->data_offset;
1381 if (UNMARSHALLING(ps)) {
1382 /* reading. */
1383 return prs_uint16(name, ps, depth, data16);
1384 } else {
1385 char *q = prs_mem_get(ps, sizeof(uint16));
1386 if(q ==NULL)
1387 return False;
1388 ps->data_offset += sizeof(uint16);
1389 }
1390 return True;
1391 }
1392
1393 /*******************************************************************
1394 prs_uint16 wrapper. call this and it retrospectively stores the size.
1395 does nothing on reading, as that is already handled by ...._pre()
1396 ********************************************************************/
1397
1398 bool prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1399 uint32 ptr_uint16, uint32 start_offset)
1400 {
1401 if (MARSHALLING(ps)) {
1402 /*
1403 * Writing - temporarily move the offset pointer.
1404 */
1405 uint16 data_size = ps->data_offset - start_offset;
1406 uint32 old_offset = ps->data_offset;
1407
1408 ps->data_offset = ptr_uint16;
1409 if(!prs_uint16(name, ps, depth, &data_size)) {
1410 ps->data_offset = old_offset;
1411 return False;
1412 }
1413 ps->data_offset = old_offset;
1414 } else {
1415 ps->data_offset = start_offset + (uint32)(*data16);
1416 }
1417 return True;
1418 }
1419
1420 /*******************************************************************
1421 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1422 uint32 should be stored, or gets the size if reading.
1423 ********************************************************************/
1424
1425 bool prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1426 {
1427 *offset = ps->data_offset;
1428 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1429 /* reading. */
1430 return prs_uint32(name, ps, depth, data32);
1431 } else {
1432 ps->data_offset += sizeof(uint32);
1433 }
1434 return True;
1435 }
1436
1437 /*******************************************************************
1438 prs_uint32 wrapper. call this and it retrospectively stores the size.
1439 does nothing on reading, as that is already handled by ...._pre()
1440 ********************************************************************/
1441
1442 bool prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1443 uint32 ptr_uint32, uint32 data_size)
1444 {
1445 if (MARSHALLING(ps)) {
1446 /*
1447 * Writing - temporarily move the offset pointer.
1448 */
1449 uint32 old_offset = ps->data_offset;
1450 ps->data_offset = ptr_uint32;
1451 if(!prs_uint32(name, ps, depth, &data_size)) {
1452 ps->data_offset = old_offset;
1453 return False;
1454 }
1455 ps->data_offset = old_offset;
1456 }
1457 return True;
1458 }
1459
1460 /* useful function to store a structure in rpc wire format */
1461 int tdb_prs_store(TDB_CONTEXT *tdb, TDB_DATA kbuf, prs_struct *ps)
1462 {
1463 TDB_DATA dbuf;
1464 dbuf.dptr = (uint8 *)ps->data_p;
1465 dbuf.dsize = prs_offset(ps);
1466 return tdb_trans_store(tdb, kbuf, dbuf, TDB_REPLACE);
1467 }
1468
1469 /* useful function to fetch a structure into rpc wire format */
1470 int tdb_prs_fetch(TDB_CONTEXT *tdb, TDB_DATA kbuf, prs_struct *ps, TALLOC_CTX *mem_ctx)
1471 {
1472 TDB_DATA dbuf;
1473
1474 prs_init_empty(ps, mem_ctx, UNMARSHALL);
1475
1476 dbuf = tdb_fetch(tdb, kbuf);
1477 if (!dbuf.dptr)
1478 return -1;
1479
1480 prs_give_memory(ps, (char *)dbuf.dptr, dbuf.dsize, True);
1481
1482 return 0;
1483 }
1484
1485 /*******************************************************************
1486 hash a stream.
1487 ********************************************************************/
1488
1489 bool prs_hash1(prs_struct *ps, uint32 offset, int len)
1490 {
1491 char *q;
1492
1493 q = ps->data_p;
1494 q = &q[offset];
1495
1496 #ifdef DEBUG_PASSWORD
1497 DEBUG(100, ("prs_hash1\n"));
1498 dump_data(100, (uint8 *)ps->sess_key, 16);
1499 dump_data(100, (uint8 *)q, len);
1500 #endif
1501 SamOEMhash((uchar *) q, (const unsigned char *)ps->sess_key, len);
1502
1503 #ifdef DEBUG_PASSWORD
1504 dump_data(100, (uint8 *)q, len);
1505 #endif
1506
1507 return True;
1508 }
1509
1510 /*******************************************************************
1511 Create a digest over the entire packet (including the data), and
1512 MD5 it with the session key.
1513 ********************************************************************/
1514
1515 static void schannel_digest(struct schannel_auth_struct *a,
1516 enum pipe_auth_level auth_level,
1517 RPC_AUTH_SCHANNEL_CHK * verf,
1518 char *data, size_t data_len,
1519 uchar digest_final[16])
1520 {
1521 uchar whole_packet_digest[16];
1522 uchar zeros[4];
1523 struct MD5Context ctx3;
1524
1525 ZERO_STRUCT(zeros);
1526
1527 /* verfiy the signature on the packet by MD5 over various bits */
1528 MD5Init(&ctx3);
1529 /* use our sequence number, which ensures the packet is not
1530 out of order */
1531 MD5Update(&ctx3, zeros, sizeof(zeros));
1532 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1533 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1534 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1535 }
1536 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1537 MD5Final(whole_packet_digest, &ctx3);
1538 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1539
1540 /* MD5 this result and the session key, to prove that
1541 only a valid client could had produced this */
1542 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1543 }
1544
1545 /*******************************************************************
1546 Calculate the key with which to encode the data payload
1547 ********************************************************************/
1548
1549 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1550 RPC_AUTH_SCHANNEL_CHK *verf,
1551 uchar sealing_key[16])
1552 {
1553 uchar zeros[4];
1554 uchar digest2[16];
1555 uchar sess_kf0[16];
1556 int i;
1557
1558 ZERO_STRUCT(zeros);
1559
1560 for (i = 0; i < sizeof(sess_kf0); i++) {
1561 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1562 }
1563
1564 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1565
1566 /* MD5 of sess_kf0 and 4 zero bytes */
1567 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1568 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1569
1570 /* MD5 of the above result, plus 8 bytes of sequence number */
1571 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1572 dump_data_pw("sealing_key:\n", sealing_key, 16);
1573 }
1574
1575 /*******************************************************************
1576 Encode or Decode the sequence number (which is symmetric)
1577 ********************************************************************/
1578
1579 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1580 RPC_AUTH_SCHANNEL_CHK *verf)
1581 {
1582 uchar zeros[4];
1583 uchar sequence_key[16];
1584 uchar digest1[16];
1585
1586 ZERO_STRUCT(zeros);
1587
1588 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1589 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1590
1591 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1592
1593 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1594
1595 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1596 SamOEMhash(verf->seq_num, sequence_key, 8);
1597 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1598 }
1599
1600 /*******************************************************************
1601 creates an RPC_AUTH_SCHANNEL_CHK structure.
1602 ********************************************************************/
1603
1604 static bool init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1605 const uchar sig[8],
1606 const uchar packet_digest[8],
1607 const uchar seq_num[8], const uchar confounder[8])
1608 {
1609 if (chk == NULL)
1610 return False;
1611
1612 memcpy(chk->sig, sig, sizeof(chk->sig));
1613 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1614 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1615 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1616
1617 return True;
1618 }
1619
1620 /*******************************************************************
1621 Encode a blob of data using the schannel alogrithm, also produceing
1622 a checksum over the original data. We currently only support
1623 signing and sealing togeather - the signing-only code is close, but not
1624 quite compatible with what MS does.
1625 ********************************************************************/
1626
1627 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1628 enum schannel_direction direction,
1629 RPC_AUTH_SCHANNEL_CHK * verf,
1630 char *data, size_t data_len)
1631 {
1632 uchar digest_final[16];
1633 uchar confounder[8];
1634 uchar seq_num[8];
1635 static const uchar nullbytes[8] = { 0, };
1636
1637 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1638 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1639 const uchar *schannel_sig = NULL;
1640
1641 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1642
1643 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1644 schannel_sig = schannel_seal_sig;
1645 } else {
1646 schannel_sig = schannel_sign_sig;
1647 }
1648
1649 /* fill the 'confounder' with random data */
1650 generate_random_buffer(confounder, sizeof(confounder));
1651
1652 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1653
1654 RSIVAL(seq_num, 0, a->seq_num);
1655
1656 switch (direction) {
1657 case SENDER_IS_INITIATOR:
1658 SIVAL(seq_num, 4, 0x80);
1659 break;
1660 case SENDER_IS_ACCEPTOR:
1661 SIVAL(seq_num, 4, 0x0);
1662 break;
1663 }
1664
1665 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1666
1667 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1668 seq_num, confounder);
1669
1670 /* produce a digest of the packet to prove it's legit (before we seal it) */
1671 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1672 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1673
1674 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1675 uchar sealing_key[16];
1676
1677 /* get the key to encode the data with */
1678 schannel_get_sealing_key(a, verf, sealing_key);
1679
1680 /* encode the verification data */
1681 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1682 SamOEMhash(verf->confounder, sealing_key, 8);
1683
1684 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1685
1686 /* encode the packet payload */
1687 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1688 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1689 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1690 }
1691
1692 /* encode the sequence number (key based on packet digest) */
1693 /* needs to be done after the sealing, as the original version
1694 is used in the sealing stuff... */
1695 schannel_deal_with_seq_num(a, verf);
1696
1697 return;
1698 }
1699
1700 /*******************************************************************
1701 Decode a blob of data using the schannel alogrithm, also verifiying
1702 a checksum over the original data. We currently can verify signed messages,
1703 as well as decode sealed messages
1704 ********************************************************************/
1705
1706 bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1707 enum schannel_direction direction,
1708 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1709 {
1710 uchar digest_final[16];
1711
1712 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1713 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1714 const uchar *schannel_sig = NULL;
1715
1716 uchar seq_num[8];
1717
1718 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1719
1720 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1721 schannel_sig = schannel_seal_sig;
1722 } else {
1723 schannel_sig = schannel_sign_sig;
1724 }
1725
1726 /* Create the expected sequence number for comparison */
1727 RSIVAL(seq_num, 0, a->seq_num);
1728
1729 switch (direction) {
1730 case SENDER_IS_INITIATOR:
1731 SIVAL(seq_num, 4, 0x80);
1732 break;
1733 case SENDER_IS_ACCEPTOR:
1734 SIVAL(seq_num, 4, 0x0);
1735 break;
1736 }
1737
1738 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1739 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1740
1741 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1742
1743 /* extract the sequence number (key based on supplied packet digest) */
1744 /* needs to be done before the sealing, as the original version
1745 is used in the sealing stuff... */
1746 schannel_deal_with_seq_num(a, verf);
1747
1748 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1749 /* don't even bother with the below if the sequence number is out */
1750 /* The sequence number is MD5'ed with a key based on the whole-packet
1751 digest, as supplied by the client. We check that it's a valid
1752 checksum after the decode, below
1753 */
1754 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1755 dump_data(2, verf->seq_num, sizeof(verf->seq_num));
1756 DEBUG(2, ("should be:\n"));
1757 dump_data(2, seq_num, sizeof(seq_num));
1758
1759 return False;
1760 }
1761
1762 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1763 /* Validate that the other end sent the expected header */
1764 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1765 dump_data(2, verf->sig, sizeof(verf->sig));
1766 DEBUG(2, ("should be:\n"));
1767 dump_data(2, schannel_sig, sizeof(schannel_sig));
1768 return False;
1769 }
1770
1771 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1772 uchar sealing_key[16];
1773
1774 /* get the key to extract the data with */
1775 schannel_get_sealing_key(a, verf, sealing_key);
1776
1777 /* extract the verification data */
1778 dump_data_pw("verf->confounder:\n", verf->confounder,
1779 sizeof(verf->confounder));
1780 SamOEMhash(verf->confounder, sealing_key, 8);
1781
1782 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1783 sizeof(verf->confounder));
1784
1785 /* extract the packet payload */
1786 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1787 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1788 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1789 }
1790
1791 /* digest includes 'data' after unsealing */
1792 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1793
1794 dump_data_pw("Calculated digest:\n", digest_final,
1795 sizeof(digest_final));
1796 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1797 sizeof(verf->packet_digest));
1798
1799 /* compare - if the client got the same result as us, then
1800 it must know the session key */
1801 return (memcmp(digest_final, verf->packet_digest,
1802 sizeof(verf->packet_digest)) == 0);
1803 }
1804
1805 /*******************************************************************
1806 creates a new prs_struct containing a DATA_BLOB
1807 ********************************************************************/
1808 bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1809 {
1810 if (!prs_init( prs, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL ))
1811 return False;
1812
1813
1814 if (!prs_copy_data_in(prs, (char *)blob->data, blob->length))
1815 return False;
1816
1817 return True;
1818 }
1819
1820 /*******************************************************************
1821 return the contents of a prs_struct in a DATA_BLOB
1822 ********************************************************************/
1823 bool prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1824 {
1825 blob->length = prs_data_size(prs);
1826 blob->data = (uint8 *)TALLOC_ZERO_SIZE(mem_ctx, blob->length);
1827
1828 /* set the pointer at the end of the buffer */
1829 prs_set_offset( prs, prs_data_size(prs) );
1830
1831 if (!prs_copy_all_data_out((char *)blob->data, prs))
1832 return False;
1833
1834 return True;
1835 }
Samba GIT mirror