2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_RPC_PARSE
28 /*******************************************************************
29 interface/version dce/rpc pipe identification
30 ********************************************************************/
32 const struct ndr_syntax_id syntax_spoolss
= {
34 0x12345678, 0x1234, 0xabcd,
37 0x45, 0x67, 0x89, 0xab }
42 * IMPORTANT!! If you update this structure, make sure to
43 * update the index #defines in smb.h.
46 const struct pipe_id_info pipe_names
[] =
48 { PIPE_LSARPC
, &ndr_table_lsarpc
.syntax_id
, PIPE_LSASS
, &ndr_transfer_syntax
},
49 { PIPE_LSARPC
, &ndr_table_dssetup
.syntax_id
, PIPE_LSASS
, &ndr_transfer_syntax
},
50 { PIPE_SAMR
, &ndr_table_samr
.syntax_id
, PIPE_LSASS
, &ndr_transfer_syntax
},
51 { PIPE_NETLOGON
, &ndr_table_netlogon
.syntax_id
, PIPE_LSASS
, &ndr_transfer_syntax
},
52 { PIPE_SRVSVC
, &ndr_table_srvsvc
.syntax_id
, PIPE_NTSVCS
, &ndr_transfer_syntax
},
53 { PIPE_WKSSVC
, &ndr_table_wkssvc
.syntax_id
, PIPE_NTSVCS
, &ndr_transfer_syntax
},
54 { PIPE_WINREG
, &ndr_table_winreg
.syntax_id
, PIPE_WINREG
, &ndr_transfer_syntax
},
55 { PIPE_SPOOLSS
, &syntax_spoolss
, PIPE_SPOOLSS
, &ndr_transfer_syntax
},
56 { PIPE_NETDFS
, &ndr_table_netdfs
.syntax_id
, PIPE_NETDFS
, &ndr_transfer_syntax
},
57 { PIPE_ECHO
, &ndr_table_rpcecho
.syntax_id
, PIPE_ECHO
, &ndr_transfer_syntax
},
58 { PIPE_SHUTDOWN
, &ndr_table_initshutdown
.syntax_id
, PIPE_SHUTDOWN
, &ndr_transfer_syntax
},
59 { PIPE_SVCCTL
, &ndr_table_svcctl
.syntax_id
, PIPE_NTSVCS
, &ndr_transfer_syntax
},
60 { PIPE_EVENTLOG
, &ndr_table_eventlog
.syntax_id
, PIPE_EVENTLOG
, &ndr_transfer_syntax
},
61 { PIPE_NTSVCS
, &ndr_table_ntsvcs
.syntax_id
, PIPE_NTSVCS
, &ndr_transfer_syntax
},
62 { PIPE_EPMAPPER
, &ndr_table_epmapper
.syntax_id
, PIPE_EPMAPPER
, &ndr_transfer_syntax
},
63 { NULL
, NULL
, NULL
, NULL
}
66 /****************************************************************************
67 Return the pipe name from the index.
68 ****************************************************************************/
70 const char *cli_get_pipe_name(int pipe_idx
)
72 return &pipe_names
[pipe_idx
].client_pipe
[5];
75 /****************************************************************************
76 Return the pipe idx from the syntax.
77 ****************************************************************************/
78 int cli_get_pipe_idx(const RPC_IFACE
*syntax
)
81 for (i
= 0; pipe_names
[i
].client_pipe
; i
++) {
82 if (GUID_equal(&pipe_names
[i
].abstr_syntax
->uuid
, &syntax
->uuid
) &&
83 pipe_names
[i
].abstr_syntax
->if_version
== syntax
->if_version
)
90 /*******************************************************************
91 Inits an RPC_HDR structure.
92 ********************************************************************/
94 void init_rpc_hdr(RPC_HDR
*hdr
, enum RPC_PKT_TYPE pkt_type
, uint8 flags
,
95 uint32 call_id
, int data_len
, int auth_len
)
97 hdr
->major
= 5; /* RPC version 5 */
98 hdr
->minor
= 0; /* minor version 0 */
99 hdr
->pkt_type
= pkt_type
; /* RPC packet type */
100 hdr
->flags
= flags
; /* dce/rpc flags */
101 hdr
->pack_type
[0] = 0x10; /* little-endian data representation */
102 hdr
->pack_type
[1] = 0; /* packed data representation */
103 hdr
->pack_type
[2] = 0; /* packed data representation */
104 hdr
->pack_type
[3] = 0; /* packed data representation */
105 hdr
->frag_len
= data_len
; /* fragment length, fill in later */
106 hdr
->auth_len
= auth_len
; /* authentication length */
107 hdr
->call_id
= call_id
; /* call identifier - match incoming RPC */
110 /*******************************************************************
111 Reads or writes an RPC_HDR structure.
112 ********************************************************************/
114 bool smb_io_rpc_hdr(const char *desc
, RPC_HDR
*rpc
, prs_struct
*ps
, int depth
)
119 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr");
122 if(!prs_uint8 ("major ", ps
, depth
, &rpc
->major
))
125 if(!prs_uint8 ("minor ", ps
, depth
, &rpc
->minor
))
127 if(!prs_uint8 ("pkt_type ", ps
, depth
, &rpc
->pkt_type
))
129 if(!prs_uint8 ("flags ", ps
, depth
, &rpc
->flags
))
132 /* We always marshall in little endian format. */
134 rpc
->pack_type
[0] = 0x10;
136 if(!prs_uint8("pack_type0", ps
, depth
, &rpc
->pack_type
[0]))
138 if(!prs_uint8("pack_type1", ps
, depth
, &rpc
->pack_type
[1]))
140 if(!prs_uint8("pack_type2", ps
, depth
, &rpc
->pack_type
[2]))
142 if(!prs_uint8("pack_type3", ps
, depth
, &rpc
->pack_type
[3]))
146 * If reading and pack_type[0] == 0 then the data is in big-endian
147 * format. Set the flag in the prs_struct to specify reverse-endainness.
150 if (UNMARSHALLING(ps
) && rpc
->pack_type
[0] == 0) {
151 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
152 prs_set_endian_data(ps
, RPC_BIG_ENDIAN
);
155 if(!prs_uint16("frag_len ", ps
, depth
, &rpc
->frag_len
))
157 if(!prs_uint16("auth_len ", ps
, depth
, &rpc
->auth_len
))
159 if(!prs_uint32("call_id ", ps
, depth
, &rpc
->call_id
))
164 /*******************************************************************
165 Reads or writes an RPC_IFACE structure.
166 ********************************************************************/
168 static bool smb_io_rpc_iface(const char *desc
, RPC_IFACE
*ifc
, prs_struct
*ps
, int depth
)
173 prs_debug(ps
, depth
, desc
, "smb_io_rpc_iface");
179 if (!smb_io_uuid( "uuid", &ifc
->uuid
, ps
, depth
))
182 if(!prs_uint32 ("version", ps
, depth
, &ifc
->if_version
))
188 /*******************************************************************
189 Inits an RPC_ADDR_STR structure.
190 ********************************************************************/
192 static void init_rpc_addr_str(RPC_ADDR_STR
*str
, const char *name
)
194 str
->len
= strlen(name
) + 1;
195 fstrcpy(str
->str
, name
);
198 /*******************************************************************
199 Reads or writes an RPC_ADDR_STR structure.
200 ********************************************************************/
202 static bool smb_io_rpc_addr_str(const char *desc
, RPC_ADDR_STR
*str
, prs_struct
*ps
, int depth
)
207 prs_debug(ps
, depth
, desc
, "smb_io_rpc_addr_str");
212 if(!prs_uint16 ( "len", ps
, depth
, &str
->len
))
214 if(!prs_uint8s (True
, "str", ps
, depth
, (uchar
*)str
->str
, MIN(str
->len
, sizeof(str
->str
)) ))
219 /*******************************************************************
220 Inits an RPC_HDR_BBA structure.
221 ********************************************************************/
223 static void init_rpc_hdr_bba(RPC_HDR_BBA
*bba
, uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
)
225 bba
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
226 bba
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
227 bba
->assoc_gid
= assoc_gid
; /* associated group id (0x0) */
230 /*******************************************************************
231 Reads or writes an RPC_HDR_BBA structure.
232 ********************************************************************/
234 static bool smb_io_rpc_hdr_bba(const char *desc
, RPC_HDR_BBA
*rpc
, prs_struct
*ps
, int depth
)
239 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_bba");
242 if(!prs_uint16("max_tsize", ps
, depth
, &rpc
->max_tsize
))
244 if(!prs_uint16("max_rsize", ps
, depth
, &rpc
->max_rsize
))
246 if(!prs_uint32("assoc_gid", ps
, depth
, &rpc
->assoc_gid
))
251 /*******************************************************************
252 Inits an RPC_CONTEXT structure.
253 Note the transfer pointer must remain valid until this is marshalled.
254 ********************************************************************/
256 void init_rpc_context(RPC_CONTEXT
*rpc_ctx
, uint16 context_id
,
257 const RPC_IFACE
*abstract
, const RPC_IFACE
*transfer
)
259 rpc_ctx
->context_id
= context_id
; /* presentation context identifier (0x0) */
260 rpc_ctx
->num_transfer_syntaxes
= 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
262 /* num and vers. of interface client is using */
263 rpc_ctx
->abstract
= *abstract
;
265 /* vers. of interface to use for replies */
266 rpc_ctx
->transfer
= CONST_DISCARD(RPC_IFACE
*, transfer
);
269 /*******************************************************************
270 Inits an RPC_HDR_RB structure.
271 Note the context pointer must remain valid until this is marshalled.
272 ********************************************************************/
274 void init_rpc_hdr_rb(RPC_HDR_RB
*rpc
,
275 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
276 RPC_CONTEXT
*context
)
278 init_rpc_hdr_bba(&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
280 rpc
->num_contexts
= 1;
281 rpc
->rpc_context
= context
;
284 /*******************************************************************
285 Reads or writes an RPC_CONTEXT structure.
286 ********************************************************************/
288 bool smb_io_rpc_context(const char *desc
, RPC_CONTEXT
*rpc_ctx
, prs_struct
*ps
, int depth
)
297 if(!prs_uint16("context_id ", ps
, depth
, &rpc_ctx
->context_id
))
299 if(!prs_uint8 ("num_transfer_syntaxes", ps
, depth
, &rpc_ctx
->num_transfer_syntaxes
))
302 /* num_transfer_syntaxes must not be zero. */
303 if (rpc_ctx
->num_transfer_syntaxes
== 0)
306 if(!smb_io_rpc_iface("", &rpc_ctx
->abstract
, ps
, depth
))
309 if (UNMARSHALLING(ps
)) {
310 if (!(rpc_ctx
->transfer
= PRS_ALLOC_MEM(ps
, RPC_IFACE
, rpc_ctx
->num_transfer_syntaxes
))) {
315 for (i
= 0; i
< rpc_ctx
->num_transfer_syntaxes
; i
++ ) {
316 if (!smb_io_rpc_iface("", &rpc_ctx
->transfer
[i
], ps
, depth
))
322 /*******************************************************************
323 Reads or writes an RPC_HDR_RB structure.
324 ********************************************************************/
326 bool smb_io_rpc_hdr_rb(const char *desc
, RPC_HDR_RB
*rpc
, prs_struct
*ps
, int depth
)
333 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_rb");
336 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
339 if(!prs_uint8("num_contexts", ps
, depth
, &rpc
->num_contexts
))
342 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
344 /* num_contexts must not be zero. */
345 if (rpc
->num_contexts
== 0)
348 if (UNMARSHALLING(ps
)) {
349 if (!(rpc
->rpc_context
= PRS_ALLOC_MEM(ps
, RPC_CONTEXT
, rpc
->num_contexts
))) {
354 for (i
= 0; i
< rpc
->num_contexts
; i
++ ) {
355 if (!smb_io_rpc_context("", &rpc
->rpc_context
[i
], ps
, depth
))
362 /*******************************************************************
363 Inits an RPC_RESULTS structure.
365 lkclXXXX only one reason at the moment!
366 ********************************************************************/
368 static void init_rpc_results(RPC_RESULTS
*res
,
369 uint8 num_results
, uint16 result
, uint16 reason
)
371 res
->num_results
= num_results
; /* the number of results (0x01) */
372 res
->result
= result
; /* result (0x00 = accept) */
373 res
->reason
= reason
; /* reason (0x00 = no reason specified) */
376 /*******************************************************************
377 Reads or writes an RPC_RESULTS structure.
379 lkclXXXX only one reason at the moment!
380 ********************************************************************/
382 static bool smb_io_rpc_results(const char *desc
, RPC_RESULTS
*res
, prs_struct
*ps
, int depth
)
387 prs_debug(ps
, depth
, desc
, "smb_io_rpc_results");
393 if(!prs_uint8 ("num_results", ps
, depth
, &res
->num_results
))
399 if(!prs_uint16("result ", ps
, depth
, &res
->result
))
401 if(!prs_uint16("reason ", ps
, depth
, &res
->reason
))
406 /*******************************************************************
407 Init an RPC_HDR_BA structure.
409 lkclXXXX only one reason at the moment!
411 ********************************************************************/
413 void init_rpc_hdr_ba(RPC_HDR_BA
*rpc
,
414 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
415 const char *pipe_addr
,
416 uint8 num_results
, uint16 result
, uint16 reason
,
419 init_rpc_hdr_bba (&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
420 init_rpc_addr_str(&rpc
->addr
, pipe_addr
);
421 init_rpc_results (&rpc
->res
, num_results
, result
, reason
);
423 /* the transfer syntax from the request */
424 memcpy(&rpc
->transfer
, transfer
, sizeof(rpc
->transfer
));
427 /*******************************************************************
428 Reads or writes an RPC_HDR_BA structure.
429 ********************************************************************/
431 bool smb_io_rpc_hdr_ba(const char *desc
, RPC_HDR_BA
*rpc
, prs_struct
*ps
, int depth
)
436 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_ba");
439 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
441 if(!smb_io_rpc_addr_str("", &rpc
->addr
, ps
, depth
))
443 if(!smb_io_rpc_results("", &rpc
->res
, ps
, depth
))
445 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
450 /*******************************************************************
451 Init an RPC_HDR_REQ structure.
452 ********************************************************************/
454 void init_rpc_hdr_req(RPC_HDR_REQ
*hdr
, uint32 alloc_hint
, uint16 opnum
)
456 hdr
->alloc_hint
= alloc_hint
; /* allocation hint */
457 hdr
->context_id
= 0; /* presentation context identifier */
458 hdr
->opnum
= opnum
; /* opnum */
461 /*******************************************************************
462 Reads or writes an RPC_HDR_REQ structure.
463 ********************************************************************/
465 bool smb_io_rpc_hdr_req(const char *desc
, RPC_HDR_REQ
*rpc
, prs_struct
*ps
, int depth
)
470 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_req");
473 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
475 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
477 if(!prs_uint16("opnum ", ps
, depth
, &rpc
->opnum
))
482 /*******************************************************************
483 Reads or writes an RPC_HDR_RESP structure.
484 ********************************************************************/
486 bool smb_io_rpc_hdr_resp(const char *desc
, RPC_HDR_RESP
*rpc
, prs_struct
*ps
, int depth
)
491 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_resp");
494 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
496 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
498 if(!prs_uint8 ("cancel_ct ", ps
, depth
, &rpc
->cancel_count
))
500 if(!prs_uint8 ("reserved ", ps
, depth
, &rpc
->reserved
))
505 /*******************************************************************
506 Reads or writes an RPC_HDR_FAULT structure.
507 ********************************************************************/
509 bool smb_io_rpc_hdr_fault(const char *desc
, RPC_HDR_FAULT
*rpc
, prs_struct
*ps
, int depth
)
514 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_fault");
517 if(!prs_dcerpc_status("status ", ps
, depth
, &rpc
->status
))
519 if(!prs_uint32("reserved", ps
, depth
, &rpc
->reserved
))
525 /*******************************************************************
526 Inits an RPC_HDR_AUTH structure.
527 ********************************************************************/
529 void init_rpc_hdr_auth(RPC_HDR_AUTH
*rai
,
530 uint8 auth_type
, uint8 auth_level
,
532 uint32 auth_context_id
)
534 rai
->auth_type
= auth_type
;
535 rai
->auth_level
= auth_level
;
536 rai
->auth_pad_len
= auth_pad_len
;
537 rai
->auth_reserved
= 0;
538 rai
->auth_context_id
= auth_context_id
;
541 /*******************************************************************
542 Reads or writes an RPC_HDR_AUTH structure.
543 ********************************************************************/
545 bool smb_io_rpc_hdr_auth(const char *desc
, RPC_HDR_AUTH
*rai
, prs_struct
*ps
, int depth
)
550 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_auth");
556 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
))
558 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
))
560 if(!prs_uint8 ("auth_pad_len ", ps
, depth
, &rai
->auth_pad_len
))
562 if(!prs_uint8 ("auth_reserved", ps
, depth
, &rai
->auth_reserved
))
564 if(!prs_uint32("auth_context_id", ps
, depth
, &rai
->auth_context_id
))
570 /*******************************************************************
571 Checks an RPC_AUTH_VERIFIER structure.
572 ********************************************************************/
574 bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER
*rav
,
575 const char *signature
, uint32 msg_type
)
577 return (strequal(rav
->signature
, signature
) && rav
->msg_type
== msg_type
);
580 /*******************************************************************
581 Inits an RPC_AUTH_VERIFIER structure.
582 ********************************************************************/
584 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER
*rav
,
585 const char *signature
, uint32 msg_type
)
587 fstrcpy(rav
->signature
, signature
); /* "NTLMSSP" */
588 rav
->msg_type
= msg_type
; /* NTLMSSP_MESSAGE_TYPE */
591 /*******************************************************************
592 Reads or writes an RPC_AUTH_VERIFIER structure.
593 ********************************************************************/
595 bool smb_io_rpc_auth_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
600 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
604 if(!prs_string("signature", ps
, depth
, rav
->signature
,
605 sizeof(rav
->signature
)))
607 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
)) /* NTLMSSP_MESSAGE_TYPE */
613 /*******************************************************************
614 This parses an RPC_AUTH_VERIFIER for schannel. I think
615 ********************************************************************/
617 bool smb_io_rpc_schannel_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
622 prs_debug(ps
, depth
, desc
, "smb_io_rpc_schannel_verifier");
625 if(!prs_string("signature", ps
, depth
, rav
->signature
, sizeof(rav
->signature
)))
627 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
))
633 /*******************************************************************
634 creates an RPC_AUTH_SCHANNEL_NEG structure.
635 ********************************************************************/
637 void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG
*neg
,
638 const char *domain
, const char *myname
)
642 fstrcpy(neg
->domain
, domain
);
643 fstrcpy(neg
->myname
, myname
);
646 /*******************************************************************
647 Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
648 ********************************************************************/
650 bool smb_io_rpc_auth_schannel_neg(const char *desc
, RPC_AUTH_SCHANNEL_NEG
*neg
,
651 prs_struct
*ps
, int depth
)
656 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_schannel_neg");
662 if(!prs_uint32("type1", ps
, depth
, &neg
->type1
))
664 if(!prs_uint32("type2", ps
, depth
, &neg
->type2
))
666 if(!prs_string("domain ", ps
, depth
, neg
->domain
, sizeof(neg
->domain
)))
668 if(!prs_string("myname ", ps
, depth
, neg
->myname
, sizeof(neg
->myname
)))
674 /*******************************************************************
675 reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
676 ********************************************************************/
678 bool smb_io_rpc_auth_schannel_chk(const char *desc
, int auth_len
,
679 RPC_AUTH_SCHANNEL_CHK
* chk
,
680 prs_struct
*ps
, int depth
)
685 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_schannel_chk");
688 if ( !prs_uint8s(False
, "sig ", ps
, depth
, chk
->sig
, sizeof(chk
->sig
)) )
691 if ( !prs_uint8s(False
, "seq_num", ps
, depth
, chk
->seq_num
, sizeof(chk
->seq_num
)) )
694 if ( !prs_uint8s(False
, "packet_digest", ps
, depth
, chk
->packet_digest
, sizeof(chk
->packet_digest
)) )
697 if ( auth_len
== RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN
) {
698 if ( !prs_uint8s(False
, "confounder", ps
, depth
, chk
->confounder
, sizeof(chk
->confounder
)) )