librpc/rpc/dcerpc_util.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    raw dcerpc operations
   4
   5    Copyright (C) Andrew Tridgell 2003-2005
   6    Copyright (C) Jelmer Vernooij 2004-2005
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "librpc/rpc/dcerpc.h"
  24 #include "librpc/gen_ndr/ndr_dcerpc.h"
  25
  26 /* we need to be able to get/set the fragment length without doing a full
  27    decode */
  28 void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v)
  29 {
  30         if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
  31                 SSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
  32         } else {
  33                 RSSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
  34         }
  35 }
  36
  37 uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob)
  38 {
  39         if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
  40                 return SVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
  41         } else {
  42                 return RSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
  43         }
  44 }
  45
  46 void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
  47 {
  48         if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
  49                 SSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
  50         } else {
  51                 RSSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
  52         }
  53 }
  54
  55 uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob)
  56 {
  57         return blob->data[DCERPC_DREP_OFFSET];
  58 }
  59
  60
  61 /**
  62 * @brief        Pull a dcerpc_auth structure, taking account of any auth
  63 *               padding in the blob. For request/response packets we pass
  64 *               the whole data blob, so auth_data_only must be set to false
  65 *               as the blob contains data+pad+auth and no just pad+auth.
  66 *
  67 * @param pkt            - The ncacn_packet strcuture
  68 * @param mem_ctx        - The mem_ctx used to allocate dcerpc_auth elements
  69 * @param pkt_trailer    - The packet trailer data, usually the trailing
  70 *                         auth_info blob, but in the request/response case
  71 *                         this is the stub_and_verifier blob.
  72 * @param auth           - A preallocated dcerpc_auth *empty* structure
  73 * @param auth_length    - The length of the auth trail, sum of auth header
  74 *                         lenght and pkt->auth_length
  75 * @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
  76 *                         (+ padding) or also other data.
  77 *
  78 * @return               - A NTSTATUS error code.
  79 */
  80 NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
  81                                   TALLOC_CTX *mem_ctx,
  82                                   DATA_BLOB *pkt_trailer,
  83                                   struct dcerpc_auth *auth,
  84                                   uint32_t *auth_length,
  85                                   bool auth_data_only)
  86 {
  87         struct ndr_pull *ndr;
  88         enum ndr_err_code ndr_err;
  89         uint32_t data_and_pad;
  90
  91         data_and_pad = pkt_trailer->length
  92                         - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length);
  93
  94         /* paranoia check for pad size. This would be caught anyway by
  95            the ndr_pull_advance() a few lines down, but it scared
  96            Jeremy enough for him to call me, so we might as well check
  97            it now, just to prevent someone posting a bogus YouTube
  98            video in the future.
  99         */
 100         if (data_and_pad > pkt_trailer->length) {
 101                 return NT_STATUS_INFO_LENGTH_MISMATCH;
 102         }
 103
 104         *auth_length = pkt_trailer->length - data_and_pad;
 105
 106         ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx);
 107         if (!ndr) {
 108                 return NT_STATUS_NO_MEMORY;
 109         }
 110
 111         if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
 112                 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 113         }
 114
 115         ndr_err = ndr_pull_advance(ndr, data_and_pad);
 116         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 117                 talloc_free(ndr);
 118                 return ndr_map_error2ntstatus(ndr_err);
 119         }
 120
 121         ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth);
 122         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 123                 talloc_free(ndr);
 124                 return ndr_map_error2ntstatus(ndr_err);
 125         }
 126
 127         if (auth_data_only && data_and_pad != auth->auth_pad_length) {
 128                 DEBUG(1, (__location__ ": WARNING: pad length mismatch. "
 129                           "Calculated %u  got %u\n",
 130                           (unsigned)data_and_pad,
 131                           (unsigned)auth->auth_pad_length));
 132         }
 133
 134         DEBUG(6,(__location__ ": auth_pad_length %u\n",
 135                  (unsigned)auth->auth_pad_length));
 136
 137         talloc_steal(mem_ctx, auth->credentials.data);
 138         talloc_free(ndr);
 139
 140         return NT_STATUS_OK;
 141 }