search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r10243: fix net rpc shutdown (missing alignments and sending an invalid UNISTR4 for...
[Samba.git] / source / rpc_parse / parse_prs.c
blob842a8e68086acc5b26935ff812cd9f154c720b22
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30 * Dump a prs to a file: from the current location through to the end.
31 **/
32 void prs_dump(char *name, int v, prs_struct *ps)
33 {
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37 /**
38 * Dump from the start of the prs to the current location.
39 **/
40 void prs_dump_before(char *name, int v, prs_struct *ps)
41 {
42 prs_dump_region(name, v, ps, 0, ps->data_offset);
43 }
44
45 /**
46 * Dump everything from the start of the prs up to the current location.
47 **/
48 void prs_dump_region(char *name, int v, prs_struct *ps,
49 int from_off, int to_off)
50 {
51 int fd, i;
52 pstring fname;
53 if (DEBUGLEVEL < 50) return;
54 for (i=1;i<100;i++) {
55 if (v != -1) {
56 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
57 } else {
58 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
59 }
60 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
61 if (fd != -1 || errno != EEXIST) break;
62 }
63 if (fd != -1) {
64 write(fd, ps->data_p + from_off, to_off - from_off);
65 close(fd);
66 DEBUG(0,("created %s\n", fname));
67 }
68 }
69
70 /*******************************************************************
71 Debug output for parsing info
72
73 XXXX side-effect of this function is to increase the debug depth XXXX.
74
75 ********************************************************************/
76
77 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
78 {
79 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
80 }
81
82 /**
83 * Initialise an expandable parse structure.
84 *
85 * @param size Initial buffer size. If >0, a new buffer will be
86 * created with malloc().
87 *
88 * @return False if allocation fails, otherwise True.
89 **/
90
91 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
92 {
93 ZERO_STRUCTP(ps);
94 ps->io = io;
95 ps->bigendian_data = RPC_LITTLE_ENDIAN;
96 ps->align = RPC_PARSE_ALIGN;
97 ps->is_dynamic = False;
98 ps->data_offset = 0;
99 ps->buffer_size = 0;
100 ps->data_p = NULL;
101 ps->mem_ctx = ctx;
102
103 if (size != 0) {
104 ps->buffer_size = size;
105 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
106 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
107 return False;
108 }
109 memset(ps->data_p, '\0', (size_t)size);
110 ps->is_dynamic = True; /* We own this memory. */
111 } else if (MARSHALLING(ps)) {
112 /* If size is zero and we're marshalling we should allocate memory on demand. */
113 ps->is_dynamic = True;
114 }
115
116 return True;
117 }
118
119 /*******************************************************************
120 Delete the memory in a parse structure - if we own it.
121 ********************************************************************/
122
123 void prs_mem_free(prs_struct *ps)
124 {
125 if(ps->is_dynamic)
126 SAFE_FREE(ps->data_p);
127 ps->is_dynamic = False;
128 ps->buffer_size = 0;
129 ps->data_offset = 0;
130 }
131
132 /*******************************************************************
133 Clear the memory in a parse structure.
134 ********************************************************************/
135
136 void prs_mem_clear(prs_struct *ps)
137 {
138 if (ps->buffer_size)
139 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
140 }
141
142 /*******************************************************************
143 Allocate memory when unmarshalling... Always zero clears.
144 ********************************************************************/
145
146 #if defined(PARANOID_MALLOC_CHECKER)
147 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
148 #else
149 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
150 #endif
151 {
152 char *ret = NULL;
153
154 if (size) {
155 /* We can't call the type-safe version here. */
156 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
157 }
158 return ret;
159 }
160
161 /*******************************************************************
162 Return the current talloc context we're using.
163 ********************************************************************/
164
165 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
166 {
167 return ps->mem_ctx;
168 }
169
170 /*******************************************************************
171 Hand some already allocated memory to a prs_struct.
172 ********************************************************************/
173
174 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
175 {
176 ps->is_dynamic = is_dynamic;
177 ps->data_p = buf;
178 ps->buffer_size = size;
179 }
180
181 /*******************************************************************
182 Take some memory back from a prs_struct.
183 ********************************************************************/
184
185 char *prs_take_memory(prs_struct *ps, uint32 *psize)
186 {
187 char *ret = ps->data_p;
188 if(psize)
189 *psize = ps->buffer_size;
190 ps->is_dynamic = False;
191 prs_mem_free(ps);
192 return ret;
193 }
194
195 /*******************************************************************
196 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
197 ********************************************************************/
198
199 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
200 {
201 if (newsize > ps->buffer_size)
202 return prs_force_grow(ps, newsize - ps->buffer_size);
203
204 if (newsize < ps->buffer_size) {
205 char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
206 /* if newsize is zero, Realloc acts like free() & returns NULL*/
207 if (new_data_p == NULL && newsize != 0) {
208 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
209 (unsigned int)newsize));
210 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
211 return False;
212 }
213 ps->data_p = new_data_p;
214 ps->buffer_size = newsize;
215 }
216
217 return True;
218 }
219
220 /*******************************************************************
221 Attempt, if needed, to grow a data buffer.
222 Also depends on the data stream mode (io).
223 ********************************************************************/
224
225 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
226 {
227 uint32 new_size;
228 char *new_data;
229
230 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
231
232 if(ps->data_offset + extra_space <= ps->buffer_size)
233 return True;
234
235 /*
236 * We cannot grow the buffer if we're not reading
237 * into the prs_struct, or if we don't own the memory.
238 */
239
240 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
241 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
242 (unsigned int)extra_space));
243 return False;
244 }
245
246 /*
247 * Decide how much extra space we really need.
248 */
249
250 extra_space -= (ps->buffer_size - ps->data_offset);
251 if(ps->buffer_size == 0) {
252 /*
253 * Ensure we have at least a PDU's length, or extra_space, whichever
254 * is greater.
255 */
256
257 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
258
259 if((new_data = SMB_MALLOC(new_size)) == NULL) {
260 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
261 return False;
262 }
263 memset(new_data, '\0', (size_t)new_size );
264 } else {
265 /*
266 * If the current buffer size is bigger than the space needed, just
267 * double it, else add extra_space.
268 */
269 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
270
271 if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
272 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
273 (unsigned int)new_size));
274 return False;
275 }
276
277 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
278 }
279 ps->buffer_size = new_size;
280 ps->data_p = new_data;
281
282 return True;
283 }
284
285 /*******************************************************************
286 Attempt to force a data buffer to grow by len bytes.
287 This is only used when appending more data onto a prs_struct
288 when reading an rpc reply, before unmarshalling it.
289 ********************************************************************/
290
291 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
292 {
293 uint32 new_size = ps->buffer_size + extra_space;
294 char *new_data;
295
296 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
297 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
298 (unsigned int)extra_space));
299 return False;
300 }
301
302 if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
303 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
304 (unsigned int)new_size));
305 return False;
306 }
307
308 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
309
310 ps->buffer_size = new_size;
311 ps->data_p = new_data;
312
313 return True;
314 }
315
316 /*******************************************************************
317 Get the data pointer (external interface).
318 ********************************************************************/
319
320 char *prs_data_p(prs_struct *ps)
321 {
322 return ps->data_p;
323 }
324
325 /*******************************************************************
326 Get the current data size (external interface).
327 ********************************************************************/
328
329 uint32 prs_data_size(prs_struct *ps)
330 {
331 return ps->buffer_size;
332 }
333
334 /*******************************************************************
335 Fetch the current offset (external interface).
336 ********************************************************************/
337
338 uint32 prs_offset(prs_struct *ps)
339 {
340 return ps->data_offset;
341 }
342
343 /*******************************************************************
344 Set the current offset (external interface).
345 ********************************************************************/
346
347 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
348 {
349 if(offset <= ps->data_offset) {
350 ps->data_offset = offset;
351 return True;
352 }
353
354 if(!prs_grow(ps, offset - ps->data_offset))
355 return False;
356
357 ps->data_offset = offset;
358 return True;
359 }
360
361 /*******************************************************************
362 Append the data from one parse_struct into another.
363 ********************************************************************/
364
365 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
366 {
367 if (prs_offset(src) == 0)
368 return True;
369
370 if(!prs_grow(dst, prs_offset(src)))
371 return False;
372
373 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
374 dst->data_offset += prs_offset(src);
375
376 return True;
377 }
378
379 /*******************************************************************
380 Append some data from one parse_struct into another.
381 ********************************************************************/
382
383 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
384 {
385 if (len == 0)
386 return True;
387
388 if(!prs_grow(dst, len))
389 return False;
390
391 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
392 dst->data_offset += len;
393
394 return True;
395 }
396
397 /*******************************************************************
398 Append the data from a buffer into a parse_struct.
399 ********************************************************************/
400
401 BOOL prs_copy_data_in(prs_struct *dst, char *src, uint32 len)
402 {
403 if (len == 0)
404 return True;
405
406 if(!prs_grow(dst, len))
407 return False;
408
409 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
410 dst->data_offset += len;
411
412 return True;
413 }
414
415 /*******************************************************************
416 Copy some data from a parse_struct into a buffer.
417 ********************************************************************/
418
419 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
420 {
421 if (len == 0)
422 return True;
423
424 if(!prs_mem_get(src, len))
425 return False;
426
427 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
428 src->data_offset += len;
429
430 return True;
431 }
432
433 /*******************************************************************
434 Copy all the data from a parse_struct into a buffer.
435 ********************************************************************/
436
437 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
438 {
439 uint32 len = prs_offset(src);
440
441 if (!len)
442 return True;
443
444 prs_set_offset(src, 0);
445 return prs_copy_data_out(dst, src, len);
446 }
447
448 /*******************************************************************
449 Set the data as X-endian (external interface).
450 ********************************************************************/
451
452 void prs_set_endian_data(prs_struct *ps, BOOL endian)
453 {
454 ps->bigendian_data = endian;
455 }
456
457 /*******************************************************************
458 Align a the data_len to a multiple of align bytes - filling with
459 zeros.
460 ********************************************************************/
461
462 BOOL prs_align(prs_struct *ps)
463 {
464 uint32 mod = ps->data_offset & (ps->align-1);
465
466 if (ps->align != 0 && mod != 0) {
467 uint32 extra_space = (ps->align - mod);
468 if(!prs_grow(ps, extra_space))
469 return False;
470 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
471 ps->data_offset += extra_space;
472 }
473
474 return True;
475 }
476
477 /******************************************************************
478 Align on a 2 byte boundary
479 *****************************************************************/
480
481 BOOL prs_align_uint16(prs_struct *ps)
482 {
483 BOOL ret;
484 uint8 old_align = ps->align;
485
486 ps->align = 2;
487 ret = prs_align(ps);
488 ps->align = old_align;
489
490 return ret;
491 }
492
493 /******************************************************************
494 Align on a 8 byte boundary
495 *****************************************************************/
496
497 BOOL prs_align_uint64(prs_struct *ps)
498 {
499 BOOL ret;
500 uint8 old_align = ps->align;
501
502 ps->align = 8;
503 ret = prs_align(ps);
504 ps->align = old_align;
505
506 return ret;
507 }
508
509 /*******************************************************************
510 Align only if required (for the unistr2 string mainly)
511 ********************************************************************/
512
513 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
514 {
515 if (needed==0)
516 return True;
517 else
518 return prs_align(ps);
519 }
520
521 /*******************************************************************
522 Ensure we can read/write to a given offset.
523 ********************************************************************/
524
525 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
526 {
527 if(UNMARSHALLING(ps)) {
528 /*
529 * If reading, ensure that we can read the requested size item.
530 */
531 if (ps->data_offset + extra_size > ps->buffer_size) {
532 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
533 "buffer by %u bytes.\n",
534 (unsigned int)extra_size,
535 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
536 return NULL;
537 }
538 } else {
539 /*
540 * Writing - grow the buffer if needed.
541 */
542 if(!prs_grow(ps, extra_size))
543 return NULL;
544 }
545 return &ps->data_p[ps->data_offset];
546 }
547
548 /*******************************************************************
549 Change the struct type.
550 ********************************************************************/
551
552 void prs_switch_type(prs_struct *ps, BOOL io)
553 {
554 if ((ps->io ^ io) == True)
555 ps->io=io;
556 }
557
558 /*******************************************************************
559 Force a prs_struct to be dynamic even when it's size is 0.
560 ********************************************************************/
561
562 void prs_force_dynamic(prs_struct *ps)
563 {
564 ps->is_dynamic=True;
565 }
566
567 /*******************************************************************
568 Associate a session key with a parse struct.
569 ********************************************************************/
570
571 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
572 {
573 ps->sess_key = sess_key;
574 }
575
576 /*******************************************************************
577 Stream a uint8.
578 ********************************************************************/
579
580 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
581 {
582 char *q = prs_mem_get(ps, 1);
583 if (q == NULL)
584 return False;
585
586 if (UNMARSHALLING(ps))
587 *data8 = CVAL(q,0);
588 else
589 SCVAL(q,0,*data8);
590
591 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
592
593 ps->data_offset += 1;
594
595 return True;
596 }
597
598 /*******************************************************************
599 Stream a uint16* (allocate memory if unmarshalling)
600 ********************************************************************/
601
602 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
603 void **data, size_t data_size,
604 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
605 {
606 uint32 data_p;
607
608 /* output f000baaa to stream if the pointer is non-zero. */
609
610 data_p = *data ? 0xf000baaa : 0;
611
612 if ( !prs_uint32("ptr", ps, depth, &data_p ))
613 return False;
614
615 /* we're done if there is no data */
616
617 if ( !data_p )
618 return True;
619
620 if (UNMARSHALLING(ps)) {
621 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
622 return False;
623 }
624
625 return prs_fn(name, ps, depth, *data);
626 }
627
628
629 /*******************************************************************
630 Stream a uint16.
631 ********************************************************************/
632
633 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
634 {
635 char *q = prs_mem_get(ps, sizeof(uint16));
636 if (q == NULL)
637 return False;
638
639 if (UNMARSHALLING(ps)) {
640 if (ps->bigendian_data)
641 *data16 = RSVAL(q,0);
642 else
643 *data16 = SVAL(q,0);
644 } else {
645 if (ps->bigendian_data)
646 RSSVAL(q,0,*data16);
647 else
648 SSVAL(q,0,*data16);
649 }
650
651 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
652
653 ps->data_offset += sizeof(uint16);
654
655 return True;
656 }
657
658 /*******************************************************************
659 Stream a uint32.
660 ********************************************************************/
661
662 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
663 {
664 char *q = prs_mem_get(ps, sizeof(uint32));
665 if (q == NULL)
666 return False;
667
668 if (UNMARSHALLING(ps)) {
669 if (ps->bigendian_data)
670 *data32 = RIVAL(q,0);
671 else
672 *data32 = IVAL(q,0);
673 } else {
674 if (ps->bigendian_data)
675 RSIVAL(q,0,*data32);
676 else
677 SIVAL(q,0,*data32);
678 }
679
680 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
681
682 ps->data_offset += sizeof(uint32);
683
684 return True;
685 }
686
687 /*******************************************************************
688 Stream a NTSTATUS
689 ********************************************************************/
690
691 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
692 {
693 char *q = prs_mem_get(ps, sizeof(uint32));
694 if (q == NULL)
695 return False;
696
697 if (UNMARSHALLING(ps)) {
698 if (ps->bigendian_data)
699 *status = NT_STATUS(RIVAL(q,0));
700 else
701 *status = NT_STATUS(IVAL(q,0));
702 } else {
703 if (ps->bigendian_data)
704 RSIVAL(q,0,NT_STATUS_V(*status));
705 else
706 SIVAL(q,0,NT_STATUS_V(*status));
707 }
708
709 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
710 nt_errstr(*status)));
711
712 ps->data_offset += sizeof(uint32);
713
714 return True;
715 }
716
717 /*******************************************************************
718 Stream a WERROR
719 ********************************************************************/
720
721 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
722 {
723 char *q = prs_mem_get(ps, sizeof(uint32));
724 if (q == NULL)
725 return False;
726
727 if (UNMARSHALLING(ps)) {
728 if (ps->bigendian_data)
729 *status = W_ERROR(RIVAL(q,0));
730 else
731 *status = W_ERROR(IVAL(q,0));
732 } else {
733 if (ps->bigendian_data)
734 RSIVAL(q,0,W_ERROR_V(*status));
735 else
736 SIVAL(q,0,W_ERROR_V(*status));
737 }
738
739 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
740 dos_errstr(*status)));
741
742 ps->data_offset += sizeof(uint32);
743
744 return True;
745 }
746
747
748 /******************************************************************
749 Stream an array of uint8s. Length is number of uint8s.
750 ********************************************************************/
751
752 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
753 {
754 int i;
755 char *q = prs_mem_get(ps, len);
756 if (q == NULL)
757 return False;
758
759 if (UNMARSHALLING(ps)) {
760 for (i = 0; i < len; i++)
761 data8s[i] = CVAL(q,i);
762 } else {
763 for (i = 0; i < len; i++)
764 SCVAL(q, i, data8s[i]);
765 }
766
767 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
768 if (charmode)
769 print_asc(5, (unsigned char*)data8s, len);
770 else {
771 for (i = 0; i < len; i++)
772 DEBUG(5,("%02x ", data8s[i]));
773 }
774 DEBUG(5,("\n"));
775
776 ps->data_offset += len;
777
778 return True;
779 }
780
781 /******************************************************************
782 Stream an array of uint16s. Length is number of uint16s.
783 ********************************************************************/
784
785 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
786 {
787 int i;
788 char *q = prs_mem_get(ps, len * sizeof(uint16));
789 if (q == NULL)
790 return False;
791
792 if (UNMARSHALLING(ps)) {
793 if (ps->bigendian_data) {
794 for (i = 0; i < len; i++)
795 data16s[i] = RSVAL(q, 2*i);
796 } else {
797 for (i = 0; i < len; i++)
798 data16s[i] = SVAL(q, 2*i);
799 }
800 } else {
801 if (ps->bigendian_data) {
802 for (i = 0; i < len; i++)
803 RSSVAL(q, 2*i, data16s[i]);
804 } else {
805 for (i = 0; i < len; i++)
806 SSVAL(q, 2*i, data16s[i]);
807 }
808 }
809
810 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
811 if (charmode)
812 print_asc(5, (unsigned char*)data16s, 2*len);
813 else {
814 for (i = 0; i < len; i++)
815 DEBUG(5,("%04x ", data16s[i]));
816 }
817 DEBUG(5,("\n"));
818
819 ps->data_offset += (len * sizeof(uint16));
820
821 return True;
822 }
823
824 /******************************************************************
825 Start using a function for streaming unicode chars. If unmarshalling,
826 output must be little-endian, if marshalling, input must be little-endian.
827 ********************************************************************/
828
829 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
830 char *in_buf, char *out_buf, int len)
831 {
832 int i;
833
834 if (UNMARSHALLING(ps)) {
835 if (ps->bigendian_data) {
836 for (i = 0; i < len; i++)
837 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
838 } else {
839 for (i = 0; i < len; i++)
840 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
841 }
842 } else {
843 if (ps->bigendian_data) {
844 for (i = 0; i < len; i++)
845 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
846 } else {
847 for (i = 0; i < len; i++)
848 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
849 }
850 }
851
852 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
853 if (charmode)
854 print_asc(5, (unsigned char*)out_buf, 2*len);
855 else {
856 for (i = 0; i < len; i++)
857 DEBUG(5,("%04x ", out_buf[i]));
858 }
859 DEBUG(5,("\n"));
860 }
861
862 /******************************************************************
863 Stream a unistr. Always little endian.
864 ********************************************************************/
865
866 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
867 {
868 char *q = prs_mem_get(ps, len * sizeof(uint16));
869 if (q == NULL)
870 return False;
871
872 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
873 ps->data_offset += (len * sizeof(uint16));
874
875 return True;
876 }
877
878 /******************************************************************
879 Stream an array of uint32s. Length is number of uint32s.
880 ********************************************************************/
881
882 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
883 {
884 int i;
885 char *q = prs_mem_get(ps, len * sizeof(uint32));
886 if (q == NULL)
887 return False;
888
889 if (UNMARSHALLING(ps)) {
890 if (ps->bigendian_data) {
891 for (i = 0; i < len; i++)
892 data32s[i] = RIVAL(q, 4*i);
893 } else {
894 for (i = 0; i < len; i++)
895 data32s[i] = IVAL(q, 4*i);
896 }
897 } else {
898 if (ps->bigendian_data) {
899 for (i = 0; i < len; i++)
900 RSIVAL(q, 4*i, data32s[i]);
901 } else {
902 for (i = 0; i < len; i++)
903 SIVAL(q, 4*i, data32s[i]);
904 }
905 }
906
907 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
908 if (charmode)
909 print_asc(5, (unsigned char*)data32s, 4*len);
910 else {
911 for (i = 0; i < len; i++)
912 DEBUG(5,("%08x ", data32s[i]));
913 }
914 DEBUG(5,("\n"));
915
916 ps->data_offset += (len * sizeof(uint32));
917
918 return True;
919 }
920
921 /******************************************************************
922 Stream an array of unicode string, length/buffer specified separately,
923 in uint16 chars. The unicode string is already in little-endian format.
924 ********************************************************************/
925
926 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
927 {
928 char *p;
929 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
930 if (q == NULL)
931 return False;
932
933 if (UNMARSHALLING(ps)) {
934 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
935 if (str->buffer == NULL)
936 return False;
937 }
938
939 /* If the string is empty, we don't have anything to stream */
940 if (str->buf_len==0)
941 return True;
942
943 p = (char *)str->buffer;
944
945 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
946
947 ps->data_offset += (str->buf_len * sizeof(uint16));
948
949 return True;
950 }
951
952 /******************************************************************
953 Stream a "not" unicode string, length/buffer specified separately,
954 in byte chars. String is in little-endian format.
955 ********************************************************************/
956
957 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
958 {
959 char *p;
960 char *q = prs_mem_get(ps, buf->buf_len);
961 if (q == NULL)
962 return False;
963
964 if (UNMARSHALLING(ps)) {
965 if (buf->buf_len > buf->buf_max_len) {
966 return False;
967 }
968 if ( buf->buf_max_len ) {
969 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
970 if ( buf->buffer == NULL )
971 return False;
972 }
973 }
974
975 p = (char *)buf->buffer;
976
977 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
978 ps->data_offset += buf->buf_len;
979
980 return True;
981 }
982
983 /******************************************************************
984 Stream a string, length/buffer specified separately,
985 in uint8 chars.
986 ********************************************************************/
987
988 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
989 {
990 unsigned int i;
991 char *q = prs_mem_get(ps, str->str_str_len);
992 if (q == NULL)
993 return False;
994
995 if (UNMARSHALLING(ps)) {
996 if (str->str_str_len > str->str_max_len) {
997 return False;
998 }
999 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1000 if (str->buffer == NULL)
1001 return False;
1002 }
1003
1004 if (UNMARSHALLING(ps)) {
1005 for (i = 0; i < str->str_str_len; i++)
1006 str->buffer[i] = CVAL(q,i);
1007 } else {
1008 for (i = 0; i < str->str_str_len; i++)
1009 SCVAL(q, i, str->buffer[i]);
1010 }
1011
1012 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1013 if (charmode)
1014 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1015 else {
1016 for (i = 0; i < str->str_str_len; i++)
1017 DEBUG(5,("%02x ", str->buffer[i]));
1018 }
1019 DEBUG(5,("\n"));
1020
1021 ps->data_offset += str->str_str_len;
1022
1023 return True;
1024 }
1025
1026 /******************************************************************
1027 Stream a unicode string, length/buffer specified separately,
1028 in uint16 chars. The unicode string is already in little-endian format.
1029 ********************************************************************/
1030
1031 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1032 {
1033 char *p;
1034 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1035 if (q == NULL)
1036 return False;
1037
1038 /* If the string is empty, we don't have anything to stream */
1039 if (str->uni_str_len==0)
1040 return True;
1041
1042 if (UNMARSHALLING(ps)) {
1043 if (str->uni_str_len > str->uni_max_len) {
1044 return False;
1045 }
1046 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1047 if (str->buffer == NULL)
1048 return False;
1049 }
1050
1051 p = (char *)str->buffer;
1052
1053 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1054
1055 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1056
1057 return True;
1058 }
1059
1060 /******************************************************************
1061 Stream a unicode string, length/buffer specified separately,
1062 in uint16 chars. The unicode string is already in little-endian format.
1063 ********************************************************************/
1064
1065 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1066 {
1067 char *p;
1068 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1069 if (q == NULL)
1070 return False;
1071
1072 if (UNMARSHALLING(ps)) {
1073 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1074 if (str->str.buffer == NULL)
1075 return False;
1076 }
1077
1078 p = (char *)str->str.buffer;
1079
1080 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1081 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1082
1083 return True;
1084 }
1085
1086 /*******************************************************************
1087 Stream a unicode null-terminated string. As the string is already
1088 in little-endian format then do it as a stream of bytes.
1089 ********************************************************************/
1090
1091 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1092 {
1093 unsigned int len = 0;
1094 unsigned char *p = (unsigned char *)str->buffer;
1095 uint8 *start;
1096 char *q;
1097 uint32 max_len;
1098 uint16* ptr;
1099
1100 if (MARSHALLING(ps)) {
1101
1102 for(len = 0; str->buffer[len] != 0; len++)
1103 ;
1104
1105 q = prs_mem_get(ps, (len+1)*2);
1106 if (q == NULL)
1107 return False;
1108
1109 start = (uint8*)q;
1110
1111 for(len = 0; str->buffer[len] != 0; len++) {
1112 if(ps->bigendian_data) {
1113 /* swap bytes - p is little endian, q is big endian. */
1114 q[0] = (char)p[1];
1115 q[1] = (char)p[0];
1116 p += 2;
1117 q += 2;
1118 }
1119 else
1120 {
1121 q[0] = (char)p[0];
1122 q[1] = (char)p[1];
1123 p += 2;
1124 q += 2;
1125 }
1126 }
1127
1128 /*
1129 * even if the string is 'empty' (only an \0 char)
1130 * at this point the leading \0 hasn't been parsed.
1131 * so parse it now
1132 */
1133
1134 q[0] = 0;
1135 q[1] = 0;
1136 q += 2;
1137
1138 len++;
1139
1140 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1141 print_asc(5, (unsigned char*)start, 2*len);
1142 DEBUG(5, ("\n"));
1143 }
1144 else { /* unmarshalling */
1145
1146 uint32 alloc_len = 0;
1147 q = ps->data_p + prs_offset(ps);
1148
1149 /*
1150 * Work out how much space we need and talloc it.
1151 */
1152 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1153
1154 /* the test of the value of *ptr helps to catch the circumstance
1155 where we have an emtpty (non-existent) string in the buffer */
1156 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1157 /* do nothing */
1158 ;
1159
1160 if (alloc_len < max_len)
1161 alloc_len += 1;
1162
1163 /* should we allocate anything at all? */
1164 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1165 if ((str->buffer == NULL) && (alloc_len > 0))
1166 return False;
1167
1168 p = (unsigned char *)str->buffer;
1169
1170 len = 0;
1171 /* the (len < alloc_len) test is to prevent us from overwriting
1172 memory that is not ours...if we get that far, we have a non-null
1173 terminated string in the buffer and have messed up somewhere */
1174 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1175 if(ps->bigendian_data)
1176 {
1177 /* swap bytes - q is big endian, p is little endian. */
1178 p[0] = (unsigned char)q[1];
1179 p[1] = (unsigned char)q[0];
1180 p += 2;
1181 q += 2;
1182 } else {
1183
1184 p[0] = (unsigned char)q[0];
1185 p[1] = (unsigned char)q[1];
1186 p += 2;
1187 q += 2;
1188 }
1189
1190 len++;
1191 }
1192 if (len < alloc_len) {
1193 /* NULL terminate the UNISTR */
1194 str->buffer[len++] = '\0';
1195 }
1196
1197 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1198 print_asc(5, (unsigned char*)str->buffer, 2*len);
1199 DEBUG(5, ("\n"));
1200 }
1201
1202 /* set the offset in the prs_struct; 'len' points to the
1203 terminiating NULL in the UNISTR so we need to go one more
1204 uint16 */
1205 ps->data_offset += (len)*2;
1206
1207 return True;
1208 }
1209
1210
1211 /*******************************************************************
1212 Stream a null-terminated string. len is strlen, and therefore does
1213 not include the null-termination character.
1214 ********************************************************************/
1215
1216 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1217 {
1218 char *q;
1219 int i;
1220 int len;
1221
1222 if (UNMARSHALLING(ps))
1223 len = strlen(&ps->data_p[ps->data_offset]);
1224 else
1225 len = strlen(str);
1226
1227 len = MIN(len, (max_buf_size-1));
1228
1229 q = prs_mem_get(ps, len+1);
1230 if (q == NULL)
1231 return False;
1232
1233 for(i = 0; i < len; i++) {
1234 if (UNMARSHALLING(ps))
1235 str[i] = q[i];
1236 else
1237 q[i] = str[i];
1238 }
1239
1240 /* The terminating null. */
1241 str[i] = '\0';
1242
1243 if (MARSHALLING(ps)) {
1244 q[i] = '\0';
1245 }
1246
1247 ps->data_offset += len+1;
1248
1249 dump_data(5+depth, q, len);
1250
1251 return True;
1252 }
1253
1254 BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth,
1255 const char **str)
1256 {
1257 size_t len;
1258 char *tmp_str;
1259
1260 if (UNMARSHALLING(ps))
1261 len = strlen(&ps->data_p[ps->data_offset]);
1262 else
1263 len = strlen(*str);
1264
1265 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1266
1267 if (tmp_str == NULL)
1268 return False;
1269
1270 if (MARSHALLING(ps))
1271 strncpy(tmp_str, *str, len);
1272
1273 if (!prs_string(name, ps, depth, tmp_str, len+1))
1274 return False;
1275
1276 *str = tmp_str;
1277 return True;
1278 }
1279
1280 /*******************************************************************
1281 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1282 uint16 should be stored, or gets the size if reading.
1283 ********************************************************************/
1284
1285 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1286 {
1287 *offset = ps->data_offset;
1288 if (UNMARSHALLING(ps)) {
1289 /* reading. */
1290 return prs_uint16(name, ps, depth, data16);
1291 } else {
1292 char *q = prs_mem_get(ps, sizeof(uint16));
1293 if(q ==NULL)
1294 return False;
1295 ps->data_offset += sizeof(uint16);
1296 }
1297 return True;
1298 }
1299
1300 /*******************************************************************
1301 prs_uint16 wrapper. call this and it retrospectively stores the size.
1302 does nothing on reading, as that is already handled by ...._pre()
1303 ********************************************************************/
1304
1305 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1306 uint32 ptr_uint16, uint32 start_offset)
1307 {
1308 if (MARSHALLING(ps)) {
1309 /*
1310 * Writing - temporarily move the offset pointer.
1311 */
1312 uint16 data_size = ps->data_offset - start_offset;
1313 uint32 old_offset = ps->data_offset;
1314
1315 ps->data_offset = ptr_uint16;
1316 if(!prs_uint16(name, ps, depth, &data_size)) {
1317 ps->data_offset = old_offset;
1318 return False;
1319 }
1320 ps->data_offset = old_offset;
1321 } else {
1322 ps->data_offset = start_offset + (uint32)(*data16);
1323 }
1324 return True;
1325 }
1326
1327 /*******************************************************************
1328 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1329 uint32 should be stored, or gets the size if reading.
1330 ********************************************************************/
1331
1332 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1333 {
1334 *offset = ps->data_offset;
1335 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1336 /* reading. */
1337 return prs_uint32(name, ps, depth, data32);
1338 } else {
1339 ps->data_offset += sizeof(uint32);
1340 }
1341 return True;
1342 }
1343
1344 /*******************************************************************
1345 prs_uint32 wrapper. call this and it retrospectively stores the size.
1346 does nothing on reading, as that is already handled by ...._pre()
1347 ********************************************************************/
1348
1349 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1350 uint32 ptr_uint32, uint32 data_size)
1351 {
1352 if (MARSHALLING(ps)) {
1353 /*
1354 * Writing - temporarily move the offset pointer.
1355 */
1356 uint32 old_offset = ps->data_offset;
1357 ps->data_offset = ptr_uint32;
1358 if(!prs_uint32(name, ps, depth, &data_size)) {
1359 ps->data_offset = old_offset;
1360 return False;
1361 }
1362 ps->data_offset = old_offset;
1363 }
1364 return True;
1365 }
1366
1367 /* useful function to store a structure in rpc wire format */
1368 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1369 {
1370 TDB_DATA kbuf, dbuf;
1371 kbuf.dptr = keystr;
1372 kbuf.dsize = strlen(keystr)+1;
1373 dbuf.dptr = ps->data_p;
1374 dbuf.dsize = prs_offset(ps);
1375 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1376 }
1377
1378 /* useful function to fetch a structure into rpc wire format */
1379 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1380 {
1381 TDB_DATA kbuf, dbuf;
1382 kbuf.dptr = keystr;
1383 kbuf.dsize = strlen(keystr)+1;
1384
1385 dbuf = tdb_fetch(tdb, kbuf);
1386 if (!dbuf.dptr)
1387 return -1;
1388
1389 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1390 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1391
1392 return 0;
1393 }
1394
1395 /*******************************************************************
1396 hash a stream.
1397 ********************************************************************/
1398
1399 BOOL prs_hash1(prs_struct *ps, uint32 offset, int len)
1400 {
1401 char *q;
1402
1403 q = ps->data_p;
1404 q = &q[offset];
1405
1406 #ifdef DEBUG_PASSWORD
1407 DEBUG(100, ("prs_hash1\n"));
1408 dump_data(100, ps->sess_key, 16);
1409 dump_data(100, q, len);
1410 #endif
1411 SamOEMhash((uchar *) q, ps->sess_key, len);
1412
1413 #ifdef DEBUG_PASSWORD
1414 dump_data(100, q, len);
1415 #endif
1416
1417 return True;
1418 }
1419
1420 /*******************************************************************
1421 Create a digest over the entire packet (including the data), and
1422 MD5 it with the session key.
1423 ********************************************************************/
1424
1425 static void schannel_digest(struct schannel_auth_struct *a,
1426 enum pipe_auth_level auth_level,
1427 RPC_AUTH_SCHANNEL_CHK * verf,
1428 char *data, size_t data_len,
1429 uchar digest_final[16])
1430 {
1431 uchar whole_packet_digest[16];
1432 static uchar zeros[4];
1433 struct MD5Context ctx3;
1434
1435 /* verfiy the signature on the packet by MD5 over various bits */
1436 MD5Init(&ctx3);
1437 /* use our sequence number, which ensures the packet is not
1438 out of order */
1439 MD5Update(&ctx3, zeros, sizeof(zeros));
1440 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1441 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1442 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1443 }
1444 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1445 MD5Final(whole_packet_digest, &ctx3);
1446 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1447
1448 /* MD5 this result and the session key, to prove that
1449 only a valid client could had produced this */
1450 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1451 }
1452
1453 /*******************************************************************
1454 Calculate the key with which to encode the data payload
1455 ********************************************************************/
1456
1457 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1458 RPC_AUTH_SCHANNEL_CHK *verf,
1459 uchar sealing_key[16])
1460 {
1461 static uchar zeros[4];
1462 uchar digest2[16];
1463 uchar sess_kf0[16];
1464 int i;
1465
1466 for (i = 0; i < sizeof(sess_kf0); i++) {
1467 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1468 }
1469
1470 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1471
1472 /* MD5 of sess_kf0 and 4 zero bytes */
1473 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1474 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1475
1476 /* MD5 of the above result, plus 8 bytes of sequence number */
1477 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1478 dump_data_pw("sealing_key:\n", sealing_key, 16);
1479 }
1480
1481 /*******************************************************************
1482 Encode or Decode the sequence number (which is symmetric)
1483 ********************************************************************/
1484
1485 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1486 RPC_AUTH_SCHANNEL_CHK *verf)
1487 {
1488 static uchar zeros[4];
1489 uchar sequence_key[16];
1490 uchar digest1[16];
1491
1492 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1493 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1494
1495 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1496
1497 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1498
1499 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1500 SamOEMhash(verf->seq_num, sequence_key, 8);
1501 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1502 }
1503
1504 /*******************************************************************
1505 creates an RPC_AUTH_SCHANNEL_CHK structure.
1506 ********************************************************************/
1507
1508 static BOOL init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1509 const uchar sig[8],
1510 const uchar packet_digest[8],
1511 const uchar seq_num[8], const uchar confounder[8])
1512 {
1513 if (chk == NULL)
1514 return False;
1515
1516 memcpy(chk->sig, sig, sizeof(chk->sig));
1517 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1518 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1519 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1520
1521 return True;
1522 }
1523
1524 /*******************************************************************
1525 Encode a blob of data using the schannel alogrithm, also produceing
1526 a checksum over the original data. We currently only support
1527 signing and sealing togeather - the signing-only code is close, but not
1528 quite compatible with what MS does.
1529 ********************************************************************/
1530
1531 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1532 enum schannel_direction direction,
1533 RPC_AUTH_SCHANNEL_CHK * verf,
1534 char *data, size_t data_len)
1535 {
1536 uchar digest_final[16];
1537 uchar confounder[8];
1538 uchar seq_num[8];
1539 static const uchar nullbytes[8];
1540
1541 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1542 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1543 const uchar *schannel_sig = NULL;
1544
1545 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1546
1547 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1548 schannel_sig = schannel_seal_sig;
1549 } else {
1550 schannel_sig = schannel_sign_sig;
1551 }
1552
1553 /* fill the 'confounder' with random data */
1554 generate_random_buffer(confounder, sizeof(confounder));
1555
1556 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1557
1558 RSIVAL(seq_num, 0, a->seq_num);
1559
1560 switch (direction) {
1561 case SENDER_IS_INITIATOR:
1562 SIVAL(seq_num, 4, 0x80);
1563 break;
1564 case SENDER_IS_ACCEPTOR:
1565 SIVAL(seq_num, 4, 0x0);
1566 break;
1567 }
1568
1569 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1570
1571 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1572 seq_num, confounder);
1573
1574 /* produce a digest of the packet to prove it's legit (before we seal it) */
1575 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1576 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1577
1578 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1579 uchar sealing_key[16];
1580
1581 /* get the key to encode the data with */
1582 schannel_get_sealing_key(a, verf, sealing_key);
1583
1584 /* encode the verification data */
1585 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1586 SamOEMhash(verf->confounder, sealing_key, 8);
1587
1588 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1589
1590 /* encode the packet payload */
1591 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1592 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1593 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1594 }
1595
1596 /* encode the sequence number (key based on packet digest) */
1597 /* needs to be done after the sealing, as the original version
1598 is used in the sealing stuff... */
1599 schannel_deal_with_seq_num(a, verf);
1600
1601 return;
1602 }
1603
1604 /*******************************************************************
1605 Decode a blob of data using the schannel alogrithm, also verifiying
1606 a checksum over the original data. We currently can verify signed messages,
1607 as well as decode sealed messages
1608 ********************************************************************/
1609
1610 BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1611 enum schannel_direction direction,
1612 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1613 {
1614 uchar digest_final[16];
1615
1616 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1617 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1618 const uchar *schannel_sig = NULL;
1619
1620 uchar seq_num[8];
1621
1622 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1623
1624 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1625 schannel_sig = schannel_seal_sig;
1626 } else {
1627 schannel_sig = schannel_sign_sig;
1628 }
1629
1630 /* Create the expected sequence number for comparison */
1631 RSIVAL(seq_num, 0, a->seq_num);
1632
1633 switch (direction) {
1634 case SENDER_IS_INITIATOR:
1635 SIVAL(seq_num, 4, 0x80);
1636 break;
1637 case SENDER_IS_ACCEPTOR:
1638 SIVAL(seq_num, 4, 0x0);
1639 break;
1640 }
1641
1642 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1643 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1644
1645 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1646
1647 /* extract the sequence number (key based on supplied packet digest) */
1648 /* needs to be done before the sealing, as the original version
1649 is used in the sealing stuff... */
1650 schannel_deal_with_seq_num(a, verf);
1651
1652 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1653 /* don't even bother with the below if the sequence number is out */
1654 /* The sequence number is MD5'ed with a key based on the whole-packet
1655 digest, as supplied by the client. We check that it's a valid
1656 checksum after the decode, below
1657 */
1658 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1659 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1660 DEBUG(2, ("should be:\n"));
1661 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1662
1663 return False;
1664 }
1665
1666 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1667 /* Validate that the other end sent the expected header */
1668 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1669 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1670 DEBUG(2, ("should be:\n"));
1671 dump_data(2, (const char*)schannel_sig, sizeof(schannel_sig));
1672 return False;
1673 }
1674
1675 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1676 uchar sealing_key[16];
1677
1678 /* get the key to extract the data with */
1679 schannel_get_sealing_key(a, verf, sealing_key);
1680
1681 /* extract the verification data */
1682 dump_data_pw("verf->confounder:\n", verf->confounder,
1683 sizeof(verf->confounder));
1684 SamOEMhash(verf->confounder, sealing_key, 8);
1685
1686 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1687 sizeof(verf->confounder));
1688
1689 /* extract the packet payload */
1690 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1691 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1692 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1693 }
1694
1695 /* digest includes 'data' after unsealing */
1696 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1697
1698 dump_data_pw("Calculated digest:\n", digest_final,
1699 sizeof(digest_final));
1700 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1701 sizeof(verf->packet_digest));
1702
1703 /* compare - if the client got the same result as us, then
1704 it must know the session key */
1705 return (memcmp(digest_final, verf->packet_digest,
1706 sizeof(verf->packet_digest)) == 0);
1707 }
Samba GIT mirror