search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r6284: Starting on 3.0.14:
[Samba/gbeck.git] / source / rpc_parse / parse_rpc.c
blobaa296eb70a160f068018cad749095706120e2067
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
32
33 #define TRANS_SYNT_V2 \
34 { \
35 { \
36 0x8a885d04, 0x1ceb, 0x11c9, \
37 { 0x9f, 0xe8 }, \
38 { 0x08, 0x00, \
39 0x2b, 0x10, 0x48, 0x60 } \
40 }, 0x02 \
41 }
42
43 #define SYNT_NETLOGON_V2 \
44 { \
45 { \
46 0x8a885d04, 0x1ceb, 0x11c9, \
47 { 0x9f, 0xe8 }, \
48 { 0x08, 0x00, \
49 0x2b, 0x10, 0x48, 0x60 } \
50 }, 0x02 \
51 }
52
53 #define SYNT_WKSSVC_V1 \
54 { \
55 { \
56 0x6bffd098, 0xa112, 0x3610, \
57 { 0x98, 0x33 }, \
58 { 0x46, 0xc3, \
59 0xf8, 0x7e, 0x34, 0x5a } \
60 }, 0x01 \
61 }
62
63 #define SYNT_SRVSVC_V3 \
64 { \
65 { \
66 0x4b324fc8, 0x1670, 0x01d3, \
67 { 0x12, 0x78 }, \
68 { 0x5a, 0x47, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
70 }, 0x03 \
71 }
72
73 #define SYNT_LSARPC_V0 \
74 { \
75 { \
76 0x12345778, 0x1234, 0xabcd, \
77 { 0xef, 0x00 }, \
78 { 0x01, 0x23, \
79 0x45, 0x67, 0x89, 0xab } \
80 }, 0x00 \
81 }
82
83 #define SYNT_LSARPC_V0_DS \
84 { \
85 { \
86 0x3919286a, 0xb10c, 0x11d0, \
87 { 0x9b, 0xa8 }, \
88 { 0x00, 0xc0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
90 }, 0x00 \
91 }
92
93 #define SYNT_SAMR_V1 \
94 { \
95 { \
96 0x12345778, 0x1234, 0xabcd, \
97 { 0xef, 0x00 }, \
98 { 0x01, 0x23, \
99 0x45, 0x67, 0x89, 0xac } \
100 }, 0x01 \
101 }
102
103 #define SYNT_NETLOGON_V1 \
104 { \
105 { \
106 0x12345678, 0x1234, 0xabcd, \
107 { 0xef, 0x00 }, \
108 { 0x01, 0x23, \
109 0x45, 0x67, 0xcf, 0xfb } \
110 }, 0x01 \
111 }
112
113 #define SYNT_WINREG_V1 \
114 { \
115 { \
116 0x338cd001, 0x2244, 0x31f1, \
117 { 0xaa, 0xaa }, \
118 { 0x90, 0x00, \
119 0x38, 0x00, 0x10, 0x03 } \
120 }, 0x01 \
121 }
122
123 #define SYNT_SPOOLSS_V1 \
124 { \
125 { \
126 0x12345678, 0x1234, 0xabcd, \
127 { 0xef, 0x00 }, \
128 { 0x01, 0x23, \
129 0x45, 0x67, 0x89, 0xab } \
130 }, 0x01 \
131 }
132
133 #define SYNT_NONE_V0 \
134 { \
135 { \
136 0x0, 0x0, 0x0, \
137 { 0x00, 0x00 }, \
138 { 0x00, 0x00, \
139 0x00, 0x00, 0x00, 0x00 } \
140 }, 0x00 \
141 }
142
143 #define SYNT_NETDFS_V3 \
144 { \
145 { \
146 0x4fc742e0, 0x4a10, 0x11cf, \
147 { 0x82, 0x73 }, \
148 { 0x00, 0xaa, \
149 0x00, 0x4a, 0xe6, 0x73 } \
150 }, 0x03 \
151 }
152
153 #define SYNT_ECHO_V1 \
154 { \
155 { \
156 0x60a15ec5, 0x4de8, 0x11d7, \
157 { 0xa6, 0x37 }, \
158 { 0x00, 0x50, \
159 0x56, 0xa2, 0x01, 0x82 } \
160 }, 0x01 \
161 }
162
163 #define SYNT_SHUTDOWN_V1 \
164 { \
165 { \
166 0x894de0c0, 0x0d55, 0x11d3, \
167 { 0xa3, 0x22 }, \
168 { 0x00, 0xc0, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
170 }, 0x01 \
171 }
172
173 /*
174 * IMPORTANT!! If you update this structure, make sure to
175 * update the index #defines in smb.h.
176 */
177
178 const struct pipe_id_info pipe_names [] =
179 {
180 /* client pipe , abstract syntax , server pipe , transfer syntax */
181 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 },
182 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 },
183 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
184 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
185 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
186 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
187 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
188 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
189 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
190 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 },
191 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 },
192 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
193 };
194
195 /*******************************************************************
196 Inits an RPC_HDR structure.
197 ********************************************************************/
198
199 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
200 uint32 call_id, int data_len, int auth_len)
201 {
202 hdr->major = 5; /* RPC version 5 */
203 hdr->minor = 0; /* minor version 0 */
204 hdr->pkt_type = pkt_type; /* RPC packet type */
205 hdr->flags = flags; /* dce/rpc flags */
206 hdr->pack_type[0] = 0x10; /* little-endian data representation */
207 hdr->pack_type[1] = 0; /* packed data representation */
208 hdr->pack_type[2] = 0; /* packed data representation */
209 hdr->pack_type[3] = 0; /* packed data representation */
210 hdr->frag_len = data_len; /* fragment length, fill in later */
211 hdr->auth_len = auth_len; /* authentication length */
212 hdr->call_id = call_id; /* call identifier - match incoming RPC */
213 }
214
215 /*******************************************************************
216 Reads or writes an RPC_HDR structure.
217 ********************************************************************/
218
219 BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
220 {
221 if (rpc == NULL)
222 return False;
223
224 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
225 depth++;
226
227 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
228 return False;
229
230 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
231 return False;
232 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
233 return False;
234 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
235 return False;
236
237 /* We always marshall in little endian format. */
238 if (MARSHALLING(ps))
239 rpc->pack_type[0] = 0x10;
240
241 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
242 return False;
243 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
244 return False;
245 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
246 return False;
247 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
248 return False;
249
250 /*
251 * If reading and pack_type[0] == 0 then the data is in big-endian
252 * format. Set the flag in the prs_struct to specify reverse-endainness.
253 */
254
255 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
256 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
257 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
258 }
259
260 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
261 return False;
262 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
263 return False;
264 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
265 return False;
266 return True;
267 }
268
269 /*******************************************************************
270 Reads or writes an RPC_IFACE structure.
271 ********************************************************************/
272
273 static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
274 {
275 if (ifc == NULL)
276 return False;
277
278 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
279 depth++;
280
281 if (!prs_align(ps))
282 return False;
283
284 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
285 return False;
286
287 if(!prs_uint32 ("version", ps, depth, &ifc->version))
288 return False;
289
290 return True;
291 }
292
293 /*******************************************************************
294 Inits an RPC_ADDR_STR structure.
295 ********************************************************************/
296
297 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
298 {
299 str->len = strlen(name) + 1;
300 fstrcpy(str->str, name);
301 }
302
303 /*******************************************************************
304 Reads or writes an RPC_ADDR_STR structure.
305 ********************************************************************/
306
307 static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
308 {
309 if (str == NULL)
310 return False;
311
312 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
313 depth++;
314 if(!prs_align(ps))
315 return False;
316
317 if(!prs_uint16 ( "len", ps, depth, &str->len))
318 return False;
319 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
320 return False;
321 return True;
322 }
323
324 /*******************************************************************
325 Inits an RPC_HDR_BBA structure.
326 ********************************************************************/
327
328 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
329 {
330 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
331 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
332 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
333 }
334
335 /*******************************************************************
336 Reads or writes an RPC_HDR_BBA structure.
337 ********************************************************************/
338
339 static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
340 {
341 if (rpc == NULL)
342 return False;
343
344 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
345 depth++;
346
347 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
348 return False;
349 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
350 return False;
351 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
352 return False;
353 return True;
354 }
355
356 /*******************************************************************
357 Inits an RPC_HDR_RB structure.
358 ********************************************************************/
359
360 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
361 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
362 uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
363 RPC_IFACE *abstract, RPC_IFACE *transfer)
364 {
365 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
366
367 rpc->num_elements = num_elements ; /* the number of elements (0x1) */
368 rpc->context_id = context_id ; /* presentation context identifier (0x0) */
369 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */
370
371 /* num and vers. of interface client is using */
372 rpc->abstract = *abstract;
373
374 /* num and vers. of interface to use for replies */
375 rpc->transfer = *transfer;
376 }
377
378 /*******************************************************************
379 Reads or writes an RPC_HDR_RB structure.
380 ********************************************************************/
381
382 BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
383 {
384 RPC_HDR_RB rpc2;
385 int i;
386
387 if (rpc == NULL)
388 return False;
389
390 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
391 depth++;
392
393 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
394 return False;
395
396 if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements))
397 return False;
398 if(!prs_uint16("context_id ", ps, depth, &rpc->context_id ))
399 return False;
400 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes))
401 return False;
402
403 if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth))
404 return False;
405 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
406 return False;
407
408 /* just chew through extra context id's for now */
409
410 for ( i=1; i<rpc->num_elements; i++ ) {
411 if(!prs_uint16("context_id ", ps, depth, &rpc2.context_id ))
412 return False;
413 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc2.num_syntaxes))
414 return False;
415
416 if(!smb_io_rpc_iface("", &rpc2.abstract, ps, depth))
417 return False;
418 if(!smb_io_rpc_iface("", &rpc2.transfer, ps, depth))
419 return False;
420 }
421
422 return True;
423 }
424
425 /*******************************************************************
426 Inits an RPC_RESULTS structure.
427
428 lkclXXXX only one reason at the moment!
429 ********************************************************************/
430
431 static void init_rpc_results(RPC_RESULTS *res,
432 uint8 num_results, uint16 result, uint16 reason)
433 {
434 res->num_results = num_results; /* the number of results (0x01) */
435 res->result = result ; /* result (0x00 = accept) */
436 res->reason = reason ; /* reason (0x00 = no reason specified) */
437 }
438
439 /*******************************************************************
440 Reads or writes an RPC_RESULTS structure.
441
442 lkclXXXX only one reason at the moment!
443 ********************************************************************/
444
445 static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
446 {
447 if (res == NULL)
448 return False;
449
450 prs_debug(ps, depth, desc, "smb_io_rpc_results");
451 depth++;
452
453 if(!prs_align(ps))
454 return False;
455
456 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
457 return False;
458
459 if(!prs_align(ps))
460 return False;
461
462 if(!prs_uint16("result ", ps, depth, &res->result))
463 return False;
464 if(!prs_uint16("reason ", ps, depth, &res->reason))
465 return False;
466 return True;
467 }
468
469 /*******************************************************************
470 Init an RPC_HDR_BA structure.
471
472 lkclXXXX only one reason at the moment!
473
474 ********************************************************************/
475
476 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
477 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
478 const char *pipe_addr,
479 uint8 num_results, uint16 result, uint16 reason,
480 RPC_IFACE *transfer)
481 {
482 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
483 init_rpc_addr_str(&rpc->addr, pipe_addr);
484 init_rpc_results (&rpc->res, num_results, result, reason);
485
486 /* the transfer syntax from the request */
487 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
488 }
489
490 /*******************************************************************
491 Reads or writes an RPC_HDR_BA structure.
492 ********************************************************************/
493
494 BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
495 {
496 if (rpc == NULL)
497 return False;
498
499 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
500 depth++;
501
502 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
503 return False;
504 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
505 return False;
506 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
507 return False;
508 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
509 return False;
510 return True;
511 }
512
513 /*******************************************************************
514 Init an RPC_HDR_REQ structure.
515 ********************************************************************/
516
517 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
518 {
519 hdr->alloc_hint = alloc_hint; /* allocation hint */
520 hdr->context_id = 0; /* presentation context identifier */
521 hdr->opnum = opnum; /* opnum */
522 }
523
524 /*******************************************************************
525 Reads or writes an RPC_HDR_REQ structure.
526 ********************************************************************/
527
528 BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
529 {
530 if (rpc == NULL)
531 return False;
532
533 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
534 depth++;
535
536 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
537 return False;
538 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
539 return False;
540 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
541 return False;
542 return True;
543 }
544
545 /*******************************************************************
546 Reads or writes an RPC_HDR_RESP structure.
547 ********************************************************************/
548
549 BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
550 {
551 if (rpc == NULL)
552 return False;
553
554 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
555 depth++;
556
557 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
558 return False;
559 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
560 return False;
561 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
562 return False;
563 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
564 return False;
565 return True;
566 }
567
568 /*******************************************************************
569 Reads or writes an RPC_HDR_FAULT structure.
570 ********************************************************************/
571
572 BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
573 {
574 if (rpc == NULL)
575 return False;
576
577 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
578 depth++;
579
580 if(!prs_ntstatus("status ", ps, depth, &rpc->status))
581 return False;
582 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
583 return False;
584
585 return True;
586 }
587
588 /*******************************************************************
589 Init an RPC_HDR_AUTHA structure.
590 ********************************************************************/
591
592 void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
593 uint16 max_tsize, uint16 max_rsize,
594 uint8 auth_type, uint8 auth_level,
595 uint8 stub_type_len)
596 {
597 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
598 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
599
600 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
601 rai->auth_level = auth_level; /* 0x06 */
602 rai->stub_type_len = stub_type_len; /* 0x00 */
603 rai->padding = 0; /* padding 0x00 */
604
605 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
606 }
607
608 /*******************************************************************
609 Reads or writes an RPC_HDR_AUTHA structure.
610 ********************************************************************/
611
612 BOOL smb_io_rpc_hdr_autha(const char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth)
613 {
614 if (rai == NULL)
615 return False;
616
617 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha");
618 depth++;
619
620 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize))
621 return False;
622 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize))
623 return False;
624
625 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
626 return False;
627 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
628 return False;
629 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len))
630 return False;
631 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
632 return False;
633
634 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */
635 return False;
636
637 return True;
638 }
639
640 /*******************************************************************
641 Inits an RPC_HDR_AUTH structure.
642 ********************************************************************/
643
644 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
645 uint8 auth_type, uint8 auth_level,
646 uint8 padding,
647 uint32 ptr)
648 {
649 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
650 rai->auth_level = auth_level; /* 0x06 */
651 rai->padding = padding;
652 rai->reserved = 0;
653
654 rai->auth_context = ptr; /* non-zero pointer to something */
655 }
656
657 /*******************************************************************
658 Reads or writes an RPC_HDR_AUTH structure.
659 ********************************************************************/
660
661 BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
662 {
663 if (rai == NULL)
664 return False;
665
666 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
667 depth++;
668
669 if(!prs_align(ps))
670 return False;
671
672 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
673 return False;
674 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
675 return False;
676 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
677 return False;
678 if(!prs_uint8 ("reserved ", ps, depth, &rai->reserved))
679 return False;
680 if(!prs_uint32("auth_context ", ps, depth, &rai->auth_context))
681 return False;
682
683 return True;
684 }
685
686 /*******************************************************************
687 Checks an RPC_AUTH_VERIFIER structure.
688 ********************************************************************/
689
690 BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
691 const char *signature, uint32 msg_type)
692 {
693 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
694 }
695
696 /*******************************************************************
697 Inits an RPC_AUTH_VERIFIER structure.
698 ********************************************************************/
699
700 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
701 const char *signature, uint32 msg_type)
702 {
703 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
704 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
705 }
706
707 /*******************************************************************
708 Reads or writes an RPC_AUTH_VERIFIER structure.
709 ********************************************************************/
710
711 BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
712 {
713 if (rav == NULL)
714 return False;
715
716 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
717 depth++;
718
719 /* "NTLMSSP" */
720 if(!prs_string("signature", ps, depth, rav->signature,
721 sizeof(rav->signature)))
722 return False;
723 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
724 return False;
725
726 return True;
727 }
728
729 /*******************************************************************
730 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
731 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
732 I have to look at that later...
733 ********************************************************************/
734
735 BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
736 {
737 if (rav == NULL)
738 return False;
739
740 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
741 depth++;
742
743 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
744 return False;
745 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
746 return False;
747
748 return True;
749 }
750
751 /*******************************************************************
752 Inits an RPC_AUTH_NTLMSSP_NEG structure.
753 ********************************************************************/
754
755 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
756 uint32 neg_flgs,
757 const char *myname, const char *domain)
758 {
759 int len_myname = strlen(myname);
760 int len_domain = strlen(domain);
761
762 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
763
764 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
765 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
766
767 fstrcpy(neg->myname, myname);
768 fstrcpy(neg->domain, domain);
769 }
770
771 /*******************************************************************
772 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
773
774 *** lkclXXXX HACK ALERT! ***
775 ********************************************************************/
776
777 BOOL smb_io_rpc_auth_ntlmssp_neg(const char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
778 {
779 uint32 start_offset = prs_offset(ps);
780 if (neg == NULL)
781 return False;
782
783 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg");
784 depth++;
785
786 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs))
787 return False;
788
789 if (ps->io) {
790 uint32 old_offset;
791 uint32 old_neg_flags = neg->neg_flgs;
792
793 /* reading */
794
795 ZERO_STRUCTP(neg);
796
797 neg->neg_flgs = old_neg_flags;
798
799 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
800 return False;
801 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
802 return False;
803
804 old_offset = prs_offset(ps);
805
806 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12))
807 return False;
808
809 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
810 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
811 return False;
812
813 old_offset += neg->hdr_myname.str_str_len;
814
815 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12))
816 return False;
817
818 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
819 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
820 return False;
821
822 old_offset += neg->hdr_domain .str_str_len;
823
824 if(!prs_set_offset(ps, old_offset))
825 return False;
826 } else {
827 /* writing */
828 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
829 return False;
830 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
831 return False;
832
833 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
834 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
835 return False;
836 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
837 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
838 return False;
839 }
840
841 return True;
842 }
843
844 /*******************************************************************
845 creates an RPC_AUTH_NTLMSSP_CHAL structure.
846 ********************************************************************/
847
848 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
849 uint32 neg_flags,
850 uint8 challenge[8])
851 {
852 chl->unknown_1 = 0x0;
853 chl->unknown_2 = 0x00000028;
854 chl->neg_flags = neg_flags; /* 0x0082b1 */
855
856 memcpy(chl->challenge, challenge, sizeof(chl->challenge));
857 memset((char *)chl->reserved , '\0', sizeof(chl->reserved));
858 }
859
860 /*******************************************************************
861 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
862 ********************************************************************/
863
864 BOOL smb_io_rpc_auth_ntlmssp_chal(const char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth)
865 {
866 if (chl == NULL)
867 return False;
868
869 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal");
870 depth++;
871
872 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */
873 return False;
874 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */
875 return False;
876 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */
877 return False;
878
879 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge)))
880 return False;
881 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved )))
882 return False;
883
884 return True;
885 }
886
887 /*******************************************************************
888 Inits an RPC_AUTH_NTLMSSP_RESP structure.
889
890 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
891 *** lkclXXXX the actual offset is at the start of the auth verifier ***
892 ********************************************************************/
893
894 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
895 uchar lm_resp[24], uchar nt_resp[24],
896 const char *domain, const char *user, const char *wks,
897 uint32 neg_flags)
898 {
899 uint32 offset;
900 int dom_len = strlen(domain);
901 int wks_len = strlen(wks);
902 int usr_len = strlen(user);
903 int lm_len = (lm_resp != NULL) ? 24 : 0;
904 int nt_len = (nt_resp != NULL) ? 24 : 0;
905
906 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
907
908 #ifdef DEBUG_PASSWORD
909 DEBUG(100,("lm_resp\n"));
910 dump_data(100, (char *)lm_resp, 24);
911 DEBUG(100,("nt_resp\n"));
912 dump_data(100, (char *)nt_resp, 24);
913 #endif
914
915 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
916 domain, user, wks, neg_flags));
917
918 offset = 0x40;
919
920 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
921 dom_len *= 2;
922 wks_len *= 2;
923 usr_len *= 2;
924 }
925
926 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset);
927 offset += dom_len;
928
929 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset);
930 offset += usr_len;
931
932 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset);
933 offset += wks_len;
934
935 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
936 offset += lm_len;
937
938 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
939 offset += nt_len;
940
941 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
942
943 rsp->neg_flags = neg_flags;
944
945 memcpy(rsp->lm_resp, lm_resp, 24);
946 memcpy(rsp->nt_resp, nt_resp, 24);
947
948 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
949 rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0);
950 rpcstr_push(rsp->user, user, sizeof(rsp->user), 0);
951 rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0);
952 } else {
953 fstrcpy(rsp->domain, domain);
954 fstrcpy(rsp->user, user);
955 fstrcpy(rsp->wks, wks);
956 }
957
958 rsp->sess_key[0] = 0;
959 }
960
961 /*******************************************************************
962 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
963
964 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
965 *** lkclXXXX the actual offset is at the start of the auth verifier ***
966 ********************************************************************/
967
968 BOOL smb_io_rpc_auth_ntlmssp_resp(const char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth)
969 {
970 if (rsp == NULL)
971 return False;
972
973 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
974 depth++;
975
976 if (ps->io) {
977 uint32 old_offset;
978
979 /* reading */
980
981 ZERO_STRUCTP(rsp);
982
983 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
984 return False;
985 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
986 return False;
987 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
988 return False;
989 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
990 return False;
991 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
992 return False;
993 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
994 return False;
995
996 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
997 return False;
998
999 old_offset = prs_offset(ps);
1000
1001 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc))
1002 return False;
1003
1004 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1005 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1006 return False;
1007
1008 old_offset += rsp->hdr_domain.str_str_len;
1009
1010 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc))
1011 return False;
1012
1013 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1014 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1015 return False;
1016
1017 old_offset += rsp->hdr_usr.str_str_len;
1018
1019 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc))
1020 return False;
1021
1022 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks,
1023 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1024 return False;
1025
1026 old_offset += rsp->hdr_wks.str_str_len;
1027
1028 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc))
1029 return False;
1030
1031 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1032 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp ))))
1033 return False;
1034
1035 old_offset += rsp->hdr_lm_resp.str_str_len;
1036
1037 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc))
1038 return False;
1039
1040 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1041 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp ))))
1042 return False;
1043
1044 old_offset += rsp->hdr_nt_resp.str_str_len;
1045
1046 if (rsp->hdr_sess_key.str_str_len != 0) {
1047
1048 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10))
1049 return False;
1050
1051 old_offset += rsp->hdr_sess_key.str_str_len;
1052
1053 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1054 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1055 return False;
1056 }
1057
1058 if(!prs_set_offset(ps, old_offset))
1059 return False;
1060 } else {
1061 /* writing */
1062 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
1063 return False;
1064 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
1065 return False;
1066 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
1067 return False;
1068 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
1069 return False;
1070 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
1071 return False;
1072 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
1073 return False;
1074
1075 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
1076 return False;
1077
1078 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1079 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1080 return False;
1081
1082 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1083 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1084 return False;
1085
1086 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks,
1087 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1088 return False;
1089 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1090 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp))))
1091 return False;
1092 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1093 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))))
1094 return False;
1095 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1096 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1097 return False;
1098 }
1099
1100 return True;
1101 }
1102
1103 /*******************************************************************
1104 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1105 ********************************************************************/
1106
1107 BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
1108 {
1109 if (chk == NULL)
1110 return False;
1111
1112 if (chk->crc32 != crc32 ||
1113 chk->ver != NTLMSSP_SIGN_VERSION ||
1114 chk->seq_num != seq_num)
1115 {
1116 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1117 chk->crc32, chk->ver, chk->seq_num));
1118
1119 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1120 crc32, NTLMSSP_SIGN_VERSION, seq_num));
1121 return False;
1122 }
1123 return True;
1124 }
1125
1126 /*******************************************************************
1127 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1128 ********************************************************************/
1129
1130 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
1131 uint32 ver, uint32 crc32, uint32 seq_num)
1132 {
1133 chk->ver = ver;
1134 chk->reserved = 0x0;
1135 chk->crc32 = crc32;
1136 chk->seq_num = seq_num;
1137 }
1138
1139 /*******************************************************************
1140 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1141 ********************************************************************/
1142
1143 BOOL smb_io_rpc_auth_ntlmssp_chk(const char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
1144 {
1145 if (chk == NULL)
1146 return False;
1147
1148 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
1149 depth++;
1150
1151 if(!prs_align(ps))
1152 return False;
1153
1154 if(!prs_uint32("ver ", ps, depth, &chk->ver))
1155 return False;
1156 if(!prs_uint32("reserved", ps, depth, &chk->reserved))
1157 return False;
1158 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32))
1159 return False;
1160 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num))
1161 return False;
1162
1163 return True;
1164 }
1165
1166 /*******************************************************************
1167 creates an RPC_AUTH_NETSEC_NEG structure.
1168 ********************************************************************/
1169 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg,
1170 const char *domain, const char *myname)
1171 {
1172 neg->type1 = 0;
1173 neg->type2 = 0x3;
1174 fstrcpy(neg->domain, domain);
1175 fstrcpy(neg->myname, myname);
1176 }
1177
1178 /*******************************************************************
1179 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1180 ********************************************************************/
1181
1182 BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
1183 prs_struct *ps, int depth)
1184 {
1185 if (neg == NULL)
1186 return False;
1187
1188 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg");
1189 depth++;
1190
1191 if(!prs_align(ps))
1192 return False;
1193
1194 if(!prs_uint32("type1", ps, depth, &neg->type1))
1195 return False;
1196 if(!prs_uint32("type2", ps, depth, &neg->type2))
1197 return False;
1198 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
1199 return False;
1200 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
1201 return False;
1202
1203 return True;
1204 }
1205
1206 /*******************************************************************
1207 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1208 ********************************************************************/
1209 BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len,
1210 RPC_AUTH_NETSEC_CHK * chk,
1211 prs_struct *ps, int depth)
1212 {
1213 if (chk == NULL)
1214 return False;
1215
1216 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
1217 depth++;
1218
1219 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
1220 return False;
1221
1222 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
1223 return False;
1224
1225 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
1226 return False;
1227
1228 if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) {
1229 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )
1230 return False;
1231 }
1232
1233 return True;
1234 }
1235
WIP