3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1999.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
37 { 0x9f, 0xe8, 0x08, 0x00, \
38 0x2b, 0x10, 0x48, 0x60 } \
42 #define SYNT_NETLOGON_V2 \
45 0x8a885d04, 0x1ceb, 0x11c9, \
46 { 0x9f, 0xe8, 0x08, 0x00, \
47 0x2b, 0x10, 0x48, 0x60 } \
51 #define SYNT_WKSSVC_V1 \
54 0x6bffd098, 0xa112, 0x3610, \
55 { 0x98, 0x33, 0x46, 0xc3, \
56 0xf8, 0x7e, 0x34, 0x5a } \
60 #define SYNT_SRVSVC_V3 \
63 0x4b324fc8, 0x1670, 0x01d3, \
64 { 0x12, 0x78, 0x5a, 0x47, \
65 0xbf, 0x6e, 0xe1, 0x88 } \
69 #define SYNT_LSARPC_V0 \
72 0x12345778, 0x1234, 0xabcd, \
73 { 0xef, 0x00, 0x01, 0x23, \
74 0x45, 0x67, 0x89, 0xab } \
78 #define SYNT_SAMR_V1 \
81 0x12345778, 0x1234, 0xabcd, \
82 { 0xef, 0x00, 0x01, 0x23, \
83 0x45, 0x67, 0x89, 0xac } \
87 #define SYNT_NETLOGON_V1 \
90 0x12345678, 0x1234, 0xabcd, \
91 { 0xef, 0x00, 0x01, 0x23, \
92 0x45, 0x67, 0xcf, 0xfb } \
96 #define SYNT_WINREG_V1 \
99 0x338cd001, 0x2244, 0x31f1, \
100 { 0xaa, 0xaa, 0x90, 0x00, \
101 0x38, 0x00, 0x10, 0x03 } \
105 #define SYNT_SPOOLSS_V1 \
108 0x12345678, 0x1234, 0xabcd, \
109 { 0xef, 0x00, 0x01, 0x23, \
110 0x45, 0x67, 0x89, 0xab } \
114 #define SYNT_NONE_V0 \
118 { 0x00, 0x00, 0x00, 0x00, \
119 0x00, 0x00, 0x00, 0x00 } \
123 #define SYNT_NETDFS_V3 \
126 0x4fc742e0, 0x4a10, 0x11cf, \
127 { 0x82, 0x73, 0x00, 0xaa, \
128 0x00, 0x4a, 0xe6, 0x73 } \
132 struct pipe_id_info pipe_names
[] =
134 /* client pipe , abstract syntax , server pipe , transfer syntax */
135 { PIPE_LSARPC
, SYNT_LSARPC_V0
, PIPE_LSASS
, TRANS_SYNT_V2
},
136 { PIPE_SAMR
, SYNT_SAMR_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
137 { PIPE_NETLOGON
, SYNT_NETLOGON_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
138 { PIPE_SRVSVC
, SYNT_SRVSVC_V3
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
139 { PIPE_WKSSVC
, SYNT_WKSSVC_V1
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
140 { PIPE_WINREG
, SYNT_WINREG_V1
, PIPE_WINREG
, TRANS_SYNT_V2
},
141 { PIPE_SPOOLSS
, SYNT_SPOOLSS_V1
, PIPE_SPOOLSS
, TRANS_SYNT_V2
},
142 { PIPE_NETDFS
, SYNT_NETDFS_V3
, PIPE_NETDFS
, TRANS_SYNT_V2
},
143 { NULL
, SYNT_NONE_V0
, NULL
, SYNT_NONE_V0
}
146 /*******************************************************************
147 Inits an RPC_HDR structure.
148 ********************************************************************/
150 void init_rpc_hdr(RPC_HDR
*hdr
, enum RPC_PKT_TYPE pkt_type
, uint8 flags
,
151 uint32 call_id
, int data_len
, int auth_len
)
153 hdr
->major
= 5; /* RPC version 5 */
154 hdr
->minor
= 0; /* minor version 0 */
155 hdr
->pkt_type
= pkt_type
; /* RPC packet type */
156 hdr
->flags
= flags
; /* dce/rpc flags */
157 hdr
->pack_type
[0] = 0x10; /* little-endian data representation */
158 hdr
->pack_type
[1] = 0; /* packed data representation */
159 hdr
->pack_type
[2] = 0; /* packed data representation */
160 hdr
->pack_type
[3] = 0; /* packed data representation */
161 hdr
->frag_len
= data_len
; /* fragment length, fill in later */
162 hdr
->auth_len
= auth_len
; /* authentication length */
163 hdr
->call_id
= call_id
; /* call identifier - match incoming RPC */
166 /*******************************************************************
167 Reads or writes an RPC_HDR structure.
168 ********************************************************************/
170 BOOL
smb_io_rpc_hdr(char *desc
, RPC_HDR
*rpc
, prs_struct
*ps
, int depth
)
175 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr");
178 if(!prs_uint8 ("major ", ps
, depth
, &rpc
->major
))
181 if(!prs_uint8 ("minor ", ps
, depth
, &rpc
->minor
))
183 if(!prs_uint8 ("pkt_type ", ps
, depth
, &rpc
->pkt_type
))
185 if(!prs_uint8 ("flags ", ps
, depth
, &rpc
->flags
))
188 /* We always marshall in little endian format. */
190 rpc
->pack_type
[0] = 0x10;
192 if(!prs_uint8("pack_type0", ps
, depth
, &rpc
->pack_type
[0]))
194 if(!prs_uint8("pack_type1", ps
, depth
, &rpc
->pack_type
[1]))
196 if(!prs_uint8("pack_type2", ps
, depth
, &rpc
->pack_type
[2]))
198 if(!prs_uint8("pack_type3", ps
, depth
, &rpc
->pack_type
[3]))
202 * If reading and pack_type[0] == 0 then the data is in big-endian
203 * format. Set the flag in the prs_struct to specify reverse-endainness.
206 if (UNMARSHALLING(ps
) && rpc
->pack_type
[0] == 0) {
207 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
208 prs_set_endian_data(ps
, RPC_BIG_ENDIAN
);
211 if(!prs_uint16("frag_len ", ps
, depth
, &rpc
->frag_len
))
213 if(!prs_uint16("auth_len ", ps
, depth
, &rpc
->auth_len
))
215 if(!prs_uint32("call_id ", ps
, depth
, &rpc
->call_id
))
220 /*******************************************************************
221 Reads or writes an RPC_IFACE structure.
222 ********************************************************************/
224 static BOOL
smb_io_rpc_iface(char *desc
, RPC_IFACE
*ifc
, prs_struct
*ps
, int depth
)
229 prs_debug(ps
, depth
, desc
, "smb_io_rpc_iface");
235 if(!prs_uint32 ("data ", ps
, depth
, &ifc
->uuid
.time_low
))
237 if(!prs_uint16 ("data ", ps
, depth
, &ifc
->uuid
.time_mid
))
239 if(!prs_uint16 ("data ", ps
, depth
, &ifc
->uuid
.time_hi_and_version
))
242 if(!prs_uint8s (False
, "data ", ps
, depth
, ifc
->uuid
.remaining
, sizeof(ifc
->uuid
.remaining
)))
244 if(!prs_uint32 ( "version", ps
, depth
, &ifc
->version
))
250 /*******************************************************************
251 Inits an RPC_ADDR_STR structure.
252 ********************************************************************/
254 static void init_rpc_addr_str(RPC_ADDR_STR
*str
, char *name
)
256 str
->len
= strlen(name
) + 1;
257 fstrcpy(str
->str
, name
);
260 /*******************************************************************
261 Reads or writes an RPC_ADDR_STR structure.
262 ********************************************************************/
264 static BOOL
smb_io_rpc_addr_str(char *desc
, RPC_ADDR_STR
*str
, prs_struct
*ps
, int depth
)
269 prs_debug(ps
, depth
, desc
, "smb_io_rpc_addr_str");
274 if(!prs_uint16 ( "len", ps
, depth
, &str
->len
))
276 if(!prs_uint8s (True
, "str", ps
, depth
, (uchar
*)str
->str
, MIN(str
->len
, sizeof(str
->str
)) ))
281 /*******************************************************************
282 Inits an RPC_HDR_BBA structure.
283 ********************************************************************/
285 static void init_rpc_hdr_bba(RPC_HDR_BBA
*bba
, uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
)
287 bba
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
288 bba
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
289 bba
->assoc_gid
= assoc_gid
; /* associated group id (0x0) */
292 /*******************************************************************
293 Reads or writes an RPC_HDR_BBA structure.
294 ********************************************************************/
296 static BOOL
smb_io_rpc_hdr_bba(char *desc
, RPC_HDR_BBA
*rpc
, prs_struct
*ps
, int depth
)
301 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_bba");
304 if(!prs_uint16("max_tsize", ps
, depth
, &rpc
->max_tsize
))
306 if(!prs_uint16("max_rsize", ps
, depth
, &rpc
->max_rsize
))
308 if(!prs_uint32("assoc_gid", ps
, depth
, &rpc
->assoc_gid
))
313 /*******************************************************************
314 Inits an RPC_HDR_RB structure.
315 ********************************************************************/
317 void init_rpc_hdr_rb(RPC_HDR_RB
*rpc
,
318 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
319 uint32 num_elements
, uint16 context_id
, uint8 num_syntaxes
,
320 RPC_IFACE
*abstract
, RPC_IFACE
*transfer
)
322 init_rpc_hdr_bba(&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
324 rpc
->num_elements
= num_elements
; /* the number of elements (0x1) */
325 rpc
->context_id
= context_id
; /* presentation context identifier (0x0) */
326 rpc
->num_syntaxes
= num_syntaxes
; /* the number of syntaxes (has always been 1?)(0x1) */
328 /* num and vers. of interface client is using */
329 rpc
->abstract
= *abstract
;
331 /* num and vers. of interface to use for replies */
332 rpc
->transfer
= *transfer
;
335 /*******************************************************************
336 Reads or writes an RPC_HDR_RB structure.
337 ********************************************************************/
339 BOOL
smb_io_rpc_hdr_rb(char *desc
, RPC_HDR_RB
*rpc
, prs_struct
*ps
, int depth
)
344 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_rb");
347 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
350 if(!prs_uint32("num_elements", ps
, depth
, &rpc
->num_elements
))
352 if(!prs_uint16("context_id ", ps
, depth
, &rpc
->context_id
))
354 if(!prs_uint8 ("num_syntaxes", ps
, depth
, &rpc
->num_syntaxes
))
357 if(!smb_io_rpc_iface("", &rpc
->abstract
, ps
, depth
))
359 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
365 /*******************************************************************
366 Inits an RPC_RESULTS structure.
368 lkclXXXX only one reason at the moment!
369 ********************************************************************/
371 static void init_rpc_results(RPC_RESULTS
*res
,
372 uint8 num_results
, uint16 result
, uint16 reason
)
374 res
->num_results
= num_results
; /* the number of results (0x01) */
375 res
->result
= result
; /* result (0x00 = accept) */
376 res
->reason
= reason
; /* reason (0x00 = no reason specified) */
379 /*******************************************************************
380 Reads or writes an RPC_RESULTS structure.
382 lkclXXXX only one reason at the moment!
383 ********************************************************************/
385 static BOOL
smb_io_rpc_results(char *desc
, RPC_RESULTS
*res
, prs_struct
*ps
, int depth
)
390 prs_debug(ps
, depth
, desc
, "smb_io_rpc_results");
396 if(!prs_uint8 ("num_results", ps
, depth
, &res
->num_results
))
402 if(!prs_uint16("result ", ps
, depth
, &res
->result
))
404 if(!prs_uint16("reason ", ps
, depth
, &res
->reason
))
409 /*******************************************************************
410 Init an RPC_HDR_BA structure.
412 lkclXXXX only one reason at the moment!
414 ********************************************************************/
416 void init_rpc_hdr_ba(RPC_HDR_BA
*rpc
,
417 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
419 uint8 num_results
, uint16 result
, uint16 reason
,
422 init_rpc_hdr_bba (&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
423 init_rpc_addr_str(&rpc
->addr
, pipe_addr
);
424 init_rpc_results (&rpc
->res
, num_results
, result
, reason
);
426 /* the transfer syntax from the request */
427 memcpy(&rpc
->transfer
, transfer
, sizeof(rpc
->transfer
));
430 /*******************************************************************
431 Reads or writes an RPC_HDR_BA structure.
432 ********************************************************************/
434 BOOL
smb_io_rpc_hdr_ba(char *desc
, RPC_HDR_BA
*rpc
, prs_struct
*ps
, int depth
)
439 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_ba");
442 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
444 if(!smb_io_rpc_addr_str("", &rpc
->addr
, ps
, depth
))
446 if(!smb_io_rpc_results("", &rpc
->res
, ps
, depth
))
448 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
453 /*******************************************************************
454 Init an RPC_HDR_REQ structure.
455 ********************************************************************/
457 void init_rpc_hdr_req(RPC_HDR_REQ
*hdr
, uint32 alloc_hint
, uint16 opnum
)
459 hdr
->alloc_hint
= alloc_hint
; /* allocation hint */
460 hdr
->context_id
= 0; /* presentation context identifier */
461 hdr
->opnum
= opnum
; /* opnum */
464 /*******************************************************************
465 Reads or writes an RPC_HDR_REQ structure.
466 ********************************************************************/
468 BOOL
smb_io_rpc_hdr_req(char *desc
, RPC_HDR_REQ
*rpc
, prs_struct
*ps
, int depth
)
473 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_req");
476 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
478 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
480 if(!prs_uint16("opnum ", ps
, depth
, &rpc
->opnum
))
485 /*******************************************************************
486 Reads or writes an RPC_HDR_RESP structure.
487 ********************************************************************/
489 BOOL
smb_io_rpc_hdr_resp(char *desc
, RPC_HDR_RESP
*rpc
, prs_struct
*ps
, int depth
)
494 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_resp");
497 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
499 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
501 if(!prs_uint8 ("cancel_ct ", ps
, depth
, &rpc
->cancel_count
))
503 if(!prs_uint8 ("reserved ", ps
, depth
, &rpc
->reserved
))
508 /*******************************************************************
509 Reads or writes an RPC_HDR_FAULT structure.
510 ********************************************************************/
512 BOOL
smb_io_rpc_hdr_fault(char *desc
, RPC_HDR_FAULT
*rpc
, prs_struct
*ps
, int depth
)
517 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_fault");
520 if(!prs_ntstatus("status ", ps
, depth
, &rpc
->status
))
522 if(!prs_uint32("reserved", ps
, depth
, &rpc
->reserved
))
528 /*******************************************************************
529 Init an RPC_HDR_AUTHA structure.
530 ********************************************************************/
532 void init_rpc_hdr_autha(RPC_HDR_AUTHA
*rai
,
533 uint16 max_tsize
, uint16 max_rsize
,
534 uint8 auth_type
, uint8 auth_level
,
537 rai
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
538 rai
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
540 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
541 rai
->auth_level
= auth_level
; /* 0x06 */
542 rai
->stub_type_len
= stub_type_len
; /* 0x00 */
543 rai
->padding
= 0; /* padding 0x00 */
545 rai
->unknown
= 0x0014a0c0; /* non-zero pointer to something */
548 /*******************************************************************
549 Reads or writes an RPC_HDR_AUTHA structure.
550 ********************************************************************/
552 BOOL
smb_io_rpc_hdr_autha(char *desc
, RPC_HDR_AUTHA
*rai
, prs_struct
*ps
, int depth
)
557 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_autha");
560 if(!prs_uint16("max_tsize ", ps
, depth
, &rai
->max_tsize
))
562 if(!prs_uint16("max_rsize ", ps
, depth
, &rai
->max_rsize
))
565 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
567 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
569 if(!prs_uint8 ("stub_type_len", ps
, depth
, &rai
->stub_type_len
))
571 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
574 if(!prs_uint32("unknown ", ps
, depth
, &rai
->unknown
)) /* 0x0014a0c0 */
580 /*******************************************************************
581 Checks an RPC_HDR_AUTH structure.
582 ********************************************************************/
584 BOOL
rpc_hdr_auth_chk(RPC_HDR_AUTH
*rai
)
586 return (rai
->auth_type
== NTLMSSP_AUTH_TYPE
&& rai
->auth_level
== NTLMSSP_AUTH_LEVEL
);
589 /*******************************************************************
590 Inits an RPC_HDR_AUTH structure.
591 ********************************************************************/
593 void init_rpc_hdr_auth(RPC_HDR_AUTH
*rai
,
594 uint8 auth_type
, uint8 auth_level
,
598 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
599 rai
->auth_level
= auth_level
; /* 0x06 */
600 rai
->stub_type_len
= stub_type_len
; /* 0x00 */
601 rai
->padding
= 0; /* padding 0x00 */
603 rai
->unknown
= ptr
; /* non-zero pointer to something */
606 /*******************************************************************
607 Reads or writes an RPC_HDR_AUTH structure.
608 ********************************************************************/
610 BOOL
smb_io_rpc_hdr_auth(char *desc
, RPC_HDR_AUTH
*rai
, prs_struct
*ps
, int depth
)
615 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_auth");
621 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
623 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
625 if(!prs_uint8 ("stub_type_len", ps
, depth
, &rai
->stub_type_len
))
627 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
630 if(!prs_uint32("unknown ", ps
, depth
, &rai
->unknown
)) /* 0x0014a0c0 */
636 /*******************************************************************
637 Checks an RPC_AUTH_VERIFIER structure.
638 ********************************************************************/
640 BOOL
rpc_auth_verifier_chk(RPC_AUTH_VERIFIER
*rav
,
641 char *signature
, uint32 msg_type
)
643 return (strequal(rav
->signature
, signature
) && rav
->msg_type
== msg_type
);
646 /*******************************************************************
647 Inits an RPC_AUTH_VERIFIER structure.
648 ********************************************************************/
650 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER
*rav
,
651 char *signature
, uint32 msg_type
)
653 fstrcpy(rav
->signature
, signature
); /* "NTLMSSP" */
654 rav
->msg_type
= msg_type
; /* NTLMSSP_MESSAGE_TYPE */
657 /*******************************************************************
658 Reads or writes an RPC_AUTH_VERIFIER structure.
659 ********************************************************************/
661 BOOL
smb_io_rpc_auth_verifier(char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
666 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
670 if(!prs_string("signature", ps
, depth
, rav
->signature
, strlen("NTLMSSP"),
671 sizeof(rav
->signature
)))
673 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
)) /* NTLMSSP_MESSAGE_TYPE */
679 /*******************************************************************
680 Inits an RPC_AUTH_NTLMSSP_NEG structure.
681 ********************************************************************/
683 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG
*neg
,
685 fstring myname
, fstring domain
)
687 int len_myname
= strlen(myname
);
688 int len_domain
= strlen(domain
);
690 neg
->neg_flgs
= neg_flgs
; /* 0x00b2b3 */
692 init_str_hdr(&neg
->hdr_domain
, len_domain
, len_domain
, 0x20 + len_myname
);
693 init_str_hdr(&neg
->hdr_myname
, len_myname
, len_myname
, 0x20);
695 fstrcpy(neg
->myname
, myname
);
696 fstrcpy(neg
->domain
, domain
);
699 /*******************************************************************
700 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
702 *** lkclXXXX HACK ALERT! ***
703 ********************************************************************/
705 BOOL
smb_io_rpc_auth_ntlmssp_neg(char *desc
, RPC_AUTH_NTLMSSP_NEG
*neg
, prs_struct
*ps
, int depth
)
707 uint32 start_offset
= prs_offset(ps
);
711 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_neg");
714 if(!prs_uint32("neg_flgs ", ps
, depth
, &neg
->neg_flgs
))
719 uint32 old_neg_flags
= neg
->neg_flgs
;
725 neg
->neg_flgs
= old_neg_flags
;
727 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
729 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
732 old_offset
= prs_offset(ps
);
734 if(!prs_set_offset(ps
, neg
->hdr_myname
.buffer
+ start_offset
- 12))
737 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
738 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
741 old_offset
+= neg
->hdr_myname
.str_str_len
;
743 if(!prs_set_offset(ps
, neg
->hdr_domain
.buffer
+ start_offset
- 12))
746 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
747 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
750 old_offset
+= neg
->hdr_domain
.str_str_len
;
752 if(!prs_set_offset(ps
, old_offset
))
756 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
758 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
761 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
762 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
764 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
765 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
772 /*******************************************************************
773 creates an RPC_AUTH_NTLMSSP_CHAL structure.
774 ********************************************************************/
776 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL
*chl
,
780 chl
->unknown_1
= 0x0;
781 chl
->unknown_2
= 0x00000028;
782 chl
->neg_flags
= neg_flags
; /* 0x0082b1 */
784 memcpy(chl
->challenge
, challenge
, sizeof(chl
->challenge
));
785 memset((char *)chl
->reserved
, '\0', sizeof(chl
->reserved
));
788 /*******************************************************************
789 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
790 ********************************************************************/
792 BOOL
smb_io_rpc_auth_ntlmssp_chal(char *desc
, RPC_AUTH_NTLMSSP_CHAL
*chl
, prs_struct
*ps
, int depth
)
797 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chal");
800 if(!prs_uint32("unknown_1", ps
, depth
, &chl
->unknown_1
)) /* 0x0000 0000 */
802 if(!prs_uint32("unknown_2", ps
, depth
, &chl
->unknown_2
)) /* 0x0000 b2b3 */
804 if(!prs_uint32("neg_flags", ps
, depth
, &chl
->neg_flags
)) /* 0x0000 82b1 */
807 if(!prs_uint8s (False
, "challenge", ps
, depth
, chl
->challenge
, sizeof(chl
->challenge
)))
809 if(!prs_uint8s (False
, "reserved ", ps
, depth
, chl
->reserved
, sizeof(chl
->reserved
)))
815 /*******************************************************************
816 Inits an RPC_AUTH_NTLMSSP_RESP structure.
818 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
819 *** lkclXXXX the actual offset is at the start of the auth verifier ***
820 ********************************************************************/
822 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP
*rsp
,
823 uchar lm_resp
[24], uchar nt_resp
[24],
824 char *domain
, char *user
, char *wks
,
828 int dom_len
= strlen(domain
);
829 int wks_len
= strlen(wks
);
830 int usr_len
= strlen(user
);
831 int lm_len
= (lm_resp
!= NULL
) ? 24 : 0;
832 int nt_len
= (nt_resp
!= NULL
) ? 24 : 0;
834 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
836 #ifdef DEBUG_PASSWORD
837 DEBUG(100,("lm_resp\n"));
838 dump_data(100, (char *)lm_resp
, 24);
839 DEBUG(100,("nt_resp\n"));
840 dump_data(100, (char *)nt_resp
, 24);
843 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
844 domain
, user
, wks
, neg_flags
));
848 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
854 init_str_hdr(&rsp
->hdr_domain
, dom_len
, dom_len
, offset
);
857 init_str_hdr(&rsp
->hdr_usr
, usr_len
, usr_len
, offset
);
860 init_str_hdr(&rsp
->hdr_wks
, wks_len
, wks_len
, offset
);
863 init_str_hdr(&rsp
->hdr_lm_resp
, lm_len
, lm_len
, offset
);
866 init_str_hdr(&rsp
->hdr_nt_resp
, nt_len
, nt_len
, offset
);
869 init_str_hdr(&rsp
->hdr_sess_key
, 0, 0, offset
);
871 rsp
->neg_flags
= neg_flags
;
873 memcpy(rsp
->lm_resp
, lm_resp
, 24);
874 memcpy(rsp
->nt_resp
, nt_resp
, 24);
876 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
877 dos_struni2(rsp
->domain
, domain
, sizeof(rsp
->domain
));
878 dos_struni2(rsp
->user
, user
, sizeof(rsp
->user
));
879 dos_struni2(rsp
->wks
, wks
, sizeof(rsp
->wks
));
881 fstrcpy(rsp
->domain
, domain
);
882 fstrcpy(rsp
->user
, user
);
883 fstrcpy(rsp
->wks
, wks
);
886 rsp
->sess_key
[0] = 0;
889 /*******************************************************************
890 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
892 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
893 *** lkclXXXX the actual offset is at the start of the auth verifier ***
894 ********************************************************************/
896 BOOL
smb_io_rpc_auth_ntlmssp_resp(char *desc
, RPC_AUTH_NTLMSSP_RESP
*rsp
, prs_struct
*ps
, int depth
)
901 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_resp");
911 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
913 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
915 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
917 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
919 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
921 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
924 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
927 old_offset
= prs_offset(ps
);
929 if(!prs_set_offset(ps
, rsp
->hdr_domain
.buffer
+ 0xc))
932 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
933 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
936 old_offset
+= rsp
->hdr_domain
.str_str_len
;
938 if(!prs_set_offset(ps
, rsp
->hdr_usr
.buffer
+ 0xc))
941 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
942 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
945 old_offset
+= rsp
->hdr_usr
.str_str_len
;
947 if(!prs_set_offset(ps
, rsp
->hdr_wks
.buffer
+ 0xc))
950 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
951 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
954 old_offset
+= rsp
->hdr_wks
.str_str_len
;
956 if(!prs_set_offset(ps
, rsp
->hdr_lm_resp
.buffer
+ 0xc))
959 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
960 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
963 old_offset
+= rsp
->hdr_lm_resp
.str_str_len
;
965 if(!prs_set_offset(ps
, rsp
->hdr_nt_resp
.buffer
+ 0xc))
968 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
969 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
972 old_offset
+= rsp
->hdr_nt_resp
.str_str_len
;
974 if (rsp
->hdr_sess_key
.str_str_len
!= 0) {
976 if(!prs_set_offset(ps
, rsp
->hdr_sess_key
.buffer
+ 0x10))
979 old_offset
+= rsp
->hdr_sess_key
.str_str_len
;
981 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
982 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
986 if(!prs_set_offset(ps
, old_offset
))
990 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
992 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
994 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
996 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
998 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1000 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1003 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1006 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1007 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1010 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1011 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1014 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1015 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1017 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1018 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1020 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1021 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1023 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1024 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1031 /*******************************************************************
1032 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1033 ********************************************************************/
1035 BOOL
rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
, uint32 crc32
, uint32 seq_num
)
1040 if (chk
->crc32
!= crc32
||
1041 chk
->ver
!= NTLMSSP_SIGN_VERSION
||
1042 chk
->seq_num
!= seq_num
)
1044 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1045 crc32
, NTLMSSP_SIGN_VERSION
, seq_num
));
1046 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1047 chk
->crc32
, chk
->ver
, chk
->seq_num
));
1053 /*******************************************************************
1054 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1055 ********************************************************************/
1057 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
,
1058 uint32 ver
, uint32 crc32
, uint32 seq_num
)
1061 chk
->reserved
= 0x0;
1063 chk
->seq_num
= seq_num
;
1066 /*******************************************************************
1067 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1068 ********************************************************************/
1070 BOOL
smb_io_rpc_auth_ntlmssp_chk(char *desc
, RPC_AUTH_NTLMSSP_CHK
*chk
, prs_struct
*ps
, int depth
)
1075 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chk");
1081 if(!prs_uint32("ver ", ps
, depth
, &chk
->ver
))
1083 if(!prs_uint32("reserved", ps
, depth
, &chk
->reserved
))
1085 if(!prs_uint32("crc32 ", ps
, depth
, &chk
->crc32
))
1087 if(!prs_uint32("seq_num ", ps
, depth
, &chk
->seq_num
))