2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
39 0x2b, 0x10, 0x48, 0x60 } \
43 #define SYNT_NETLOGON_V2 \
46 0x8a885d04, 0x1ceb, 0x11c9, \
49 0x2b, 0x10, 0x48, 0x60 } \
53 #define SYNT_WKSSVC_V1 \
56 0x6bffd098, 0xa112, 0x3610, \
59 0xf8, 0x7e, 0x34, 0x5a } \
63 #define SYNT_SRVSVC_V3 \
66 0x4b324fc8, 0x1670, 0x01d3, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
73 #define SYNT_LSARPC_V0 \
76 0x12345778, 0x1234, 0xabcd, \
79 0x45, 0x67, 0x89, 0xab } \
83 #define SYNT_LSARPC_V0_DS \
86 0x3919286a, 0xb10c, 0x11d0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
93 #define SYNT_SAMR_V1 \
96 0x12345778, 0x1234, 0xabcd, \
99 0x45, 0x67, 0x89, 0xac } \
103 #define SYNT_NETLOGON_V1 \
106 0x12345678, 0x1234, 0xabcd, \
109 0x45, 0x67, 0xcf, 0xfb } \
113 #define SYNT_WINREG_V1 \
116 0x338cd001, 0x2244, 0x31f1, \
119 0x38, 0x00, 0x10, 0x03 } \
123 #define SYNT_SPOOLSS_V1 \
126 0x12345678, 0x1234, 0xabcd, \
129 0x45, 0x67, 0x89, 0xab } \
133 #define SYNT_NONE_V0 \
139 0x00, 0x00, 0x00, 0x00 } \
143 #define SYNT_NETDFS_V3 \
146 0x4fc742e0, 0x4a10, 0x11cf, \
149 0x00, 0x4a, 0xe6, 0x73 } \
153 #define SYNT_ECHO_V1 \
156 0x60a15ec5, 0x4de8, 0x11d7, \
159 0x56, 0xa2, 0x01, 0x82 } \
163 #define SYNT_SHUTDOWN_V1 \
166 0x894de0c0, 0x0d55, 0x11d3, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
174 * IMPORTANT!! If you update this structure, make sure to
175 * update the index #defines in smb.h.
178 const struct pipe_id_info pipe_names
[] =
180 /* client pipe , abstract syntax , server pipe , transfer syntax */
181 { PIPE_LSARPC
, SYNT_LSARPC_V0
, PIPE_LSASS
, TRANS_SYNT_V2
},
182 { PIPE_LSARPC
, SYNT_LSARPC_V0_DS
, PIPE_LSASS
, TRANS_SYNT_V2
},
183 { PIPE_SAMR
, SYNT_SAMR_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
184 { PIPE_NETLOGON
, SYNT_NETLOGON_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
185 { PIPE_SRVSVC
, SYNT_SRVSVC_V3
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
186 { PIPE_WKSSVC
, SYNT_WKSSVC_V1
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
187 { PIPE_WINREG
, SYNT_WINREG_V1
, PIPE_WINREG
, TRANS_SYNT_V2
},
188 { PIPE_SPOOLSS
, SYNT_SPOOLSS_V1
, PIPE_SPOOLSS
, TRANS_SYNT_V2
},
189 { PIPE_NETDFS
, SYNT_NETDFS_V3
, PIPE_NETDFS
, TRANS_SYNT_V2
},
190 { PIPE_ECHO
, SYNT_ECHO_V1
, PIPE_ECHO
, TRANS_SYNT_V2
},
191 { PIPE_SHUTDOWN
, SYNT_SHUTDOWN_V1
, PIPE_SHUTDOWN
, TRANS_SYNT_V2
},
192 { NULL
, SYNT_NONE_V0
, NULL
, SYNT_NONE_V0
}
195 /*******************************************************************
196 Inits an RPC_HDR structure.
197 ********************************************************************/
199 void init_rpc_hdr(RPC_HDR
*hdr
, enum RPC_PKT_TYPE pkt_type
, uint8 flags
,
200 uint32 call_id
, int data_len
, int auth_len
)
202 hdr
->major
= 5; /* RPC version 5 */
203 hdr
->minor
= 0; /* minor version 0 */
204 hdr
->pkt_type
= pkt_type
; /* RPC packet type */
205 hdr
->flags
= flags
; /* dce/rpc flags */
206 hdr
->pack_type
[0] = 0x10; /* little-endian data representation */
207 hdr
->pack_type
[1] = 0; /* packed data representation */
208 hdr
->pack_type
[2] = 0; /* packed data representation */
209 hdr
->pack_type
[3] = 0; /* packed data representation */
210 hdr
->frag_len
= data_len
; /* fragment length, fill in later */
211 hdr
->auth_len
= auth_len
; /* authentication length */
212 hdr
->call_id
= call_id
; /* call identifier - match incoming RPC */
215 /*******************************************************************
216 Reads or writes an RPC_HDR structure.
217 ********************************************************************/
219 BOOL
smb_io_rpc_hdr(const char *desc
, RPC_HDR
*rpc
, prs_struct
*ps
, int depth
)
224 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr");
227 if(!prs_uint8 ("major ", ps
, depth
, &rpc
->major
))
230 if(!prs_uint8 ("minor ", ps
, depth
, &rpc
->minor
))
232 if(!prs_uint8 ("pkt_type ", ps
, depth
, &rpc
->pkt_type
))
234 if(!prs_uint8 ("flags ", ps
, depth
, &rpc
->flags
))
237 /* We always marshall in little endian format. */
239 rpc
->pack_type
[0] = 0x10;
241 if(!prs_uint8("pack_type0", ps
, depth
, &rpc
->pack_type
[0]))
243 if(!prs_uint8("pack_type1", ps
, depth
, &rpc
->pack_type
[1]))
245 if(!prs_uint8("pack_type2", ps
, depth
, &rpc
->pack_type
[2]))
247 if(!prs_uint8("pack_type3", ps
, depth
, &rpc
->pack_type
[3]))
251 * If reading and pack_type[0] == 0 then the data is in big-endian
252 * format. Set the flag in the prs_struct to specify reverse-endainness.
255 if (UNMARSHALLING(ps
) && rpc
->pack_type
[0] == 0) {
256 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
257 prs_set_endian_data(ps
, RPC_BIG_ENDIAN
);
260 if(!prs_uint16("frag_len ", ps
, depth
, &rpc
->frag_len
))
262 if(!prs_uint16("auth_len ", ps
, depth
, &rpc
->auth_len
))
264 if(!prs_uint32("call_id ", ps
, depth
, &rpc
->call_id
))
269 /*******************************************************************
270 Reads or writes an RPC_IFACE structure.
271 ********************************************************************/
273 static BOOL
smb_io_rpc_iface(const char *desc
, RPC_IFACE
*ifc
, prs_struct
*ps
, int depth
)
278 prs_debug(ps
, depth
, desc
, "smb_io_rpc_iface");
284 if (!smb_io_uuid( "uuid", &ifc
->uuid
, ps
, depth
))
287 if(!prs_uint32 ("version", ps
, depth
, &ifc
->version
))
293 /*******************************************************************
294 Inits an RPC_ADDR_STR structure.
295 ********************************************************************/
297 static void init_rpc_addr_str(RPC_ADDR_STR
*str
, const char *name
)
299 str
->len
= strlen(name
) + 1;
300 fstrcpy(str
->str
, name
);
303 /*******************************************************************
304 Reads or writes an RPC_ADDR_STR structure.
305 ********************************************************************/
307 static BOOL
smb_io_rpc_addr_str(const char *desc
, RPC_ADDR_STR
*str
, prs_struct
*ps
, int depth
)
312 prs_debug(ps
, depth
, desc
, "smb_io_rpc_addr_str");
317 if(!prs_uint16 ( "len", ps
, depth
, &str
->len
))
319 if(!prs_uint8s (True
, "str", ps
, depth
, (uchar
*)str
->str
, MIN(str
->len
, sizeof(str
->str
)) ))
324 /*******************************************************************
325 Inits an RPC_HDR_BBA structure.
326 ********************************************************************/
328 static void init_rpc_hdr_bba(RPC_HDR_BBA
*bba
, uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
)
330 bba
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
331 bba
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
332 bba
->assoc_gid
= assoc_gid
; /* associated group id (0x0) */
335 /*******************************************************************
336 Reads or writes an RPC_HDR_BBA structure.
337 ********************************************************************/
339 static BOOL
smb_io_rpc_hdr_bba(const char *desc
, RPC_HDR_BBA
*rpc
, prs_struct
*ps
, int depth
)
344 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_bba");
347 if(!prs_uint16("max_tsize", ps
, depth
, &rpc
->max_tsize
))
349 if(!prs_uint16("max_rsize", ps
, depth
, &rpc
->max_rsize
))
351 if(!prs_uint32("assoc_gid", ps
, depth
, &rpc
->assoc_gid
))
356 /*******************************************************************
357 Inits an RPC_HDR_RB structure.
358 ********************************************************************/
360 void init_rpc_hdr_rb(RPC_HDR_RB
*rpc
,
361 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
362 uint32 num_elements
, uint16 context_id
, uint8 num_syntaxes
,
363 RPC_IFACE
*abstract
, RPC_IFACE
*transfer
)
365 init_rpc_hdr_bba(&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
367 rpc
->num_elements
= num_elements
; /* the number of elements (0x1) */
368 rpc
->context_id
= context_id
; /* presentation context identifier (0x0) */
369 rpc
->num_syntaxes
= num_syntaxes
; /* the number of syntaxes (has always been 1?)(0x1) */
371 /* num and vers. of interface client is using */
372 rpc
->abstract
= *abstract
;
374 /* num and vers. of interface to use for replies */
375 rpc
->transfer
= *transfer
;
378 /*******************************************************************
379 Reads or writes an RPC_HDR_RB structure.
380 ********************************************************************/
382 BOOL
smb_io_rpc_hdr_rb(const char *desc
, RPC_HDR_RB
*rpc
, prs_struct
*ps
, int depth
)
390 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_rb");
393 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
396 if(!prs_uint32("num_elements", ps
, depth
, &rpc
->num_elements
))
398 if(!prs_uint16("context_id ", ps
, depth
, &rpc
->context_id
))
400 if(!prs_uint8 ("num_syntaxes", ps
, depth
, &rpc
->num_syntaxes
))
403 if(!smb_io_rpc_iface("", &rpc
->abstract
, ps
, depth
))
405 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
408 /* just chew through extra context id's for now */
410 for ( i
=1; i
<rpc
->num_elements
; i
++ ) {
411 if(!prs_uint16("context_id ", ps
, depth
, &rpc2
.context_id
))
413 if(!prs_uint8 ("num_syntaxes", ps
, depth
, &rpc2
.num_syntaxes
))
416 if(!smb_io_rpc_iface("", &rpc2
.abstract
, ps
, depth
))
418 if(!smb_io_rpc_iface("", &rpc2
.transfer
, ps
, depth
))
425 /*******************************************************************
426 Inits an RPC_RESULTS structure.
428 lkclXXXX only one reason at the moment!
429 ********************************************************************/
431 static void init_rpc_results(RPC_RESULTS
*res
,
432 uint8 num_results
, uint16 result
, uint16 reason
)
434 res
->num_results
= num_results
; /* the number of results (0x01) */
435 res
->result
= result
; /* result (0x00 = accept) */
436 res
->reason
= reason
; /* reason (0x00 = no reason specified) */
439 /*******************************************************************
440 Reads or writes an RPC_RESULTS structure.
442 lkclXXXX only one reason at the moment!
443 ********************************************************************/
445 static BOOL
smb_io_rpc_results(const char *desc
, RPC_RESULTS
*res
, prs_struct
*ps
, int depth
)
450 prs_debug(ps
, depth
, desc
, "smb_io_rpc_results");
456 if(!prs_uint8 ("num_results", ps
, depth
, &res
->num_results
))
462 if(!prs_uint16("result ", ps
, depth
, &res
->result
))
464 if(!prs_uint16("reason ", ps
, depth
, &res
->reason
))
469 /*******************************************************************
470 Init an RPC_HDR_BA structure.
472 lkclXXXX only one reason at the moment!
474 ********************************************************************/
476 void init_rpc_hdr_ba(RPC_HDR_BA
*rpc
,
477 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
478 const char *pipe_addr
,
479 uint8 num_results
, uint16 result
, uint16 reason
,
482 init_rpc_hdr_bba (&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
483 init_rpc_addr_str(&rpc
->addr
, pipe_addr
);
484 init_rpc_results (&rpc
->res
, num_results
, result
, reason
);
486 /* the transfer syntax from the request */
487 memcpy(&rpc
->transfer
, transfer
, sizeof(rpc
->transfer
));
490 /*******************************************************************
491 Reads or writes an RPC_HDR_BA structure.
492 ********************************************************************/
494 BOOL
smb_io_rpc_hdr_ba(const char *desc
, RPC_HDR_BA
*rpc
, prs_struct
*ps
, int depth
)
499 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_ba");
502 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
504 if(!smb_io_rpc_addr_str("", &rpc
->addr
, ps
, depth
))
506 if(!smb_io_rpc_results("", &rpc
->res
, ps
, depth
))
508 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
513 /*******************************************************************
514 Init an RPC_HDR_REQ structure.
515 ********************************************************************/
517 void init_rpc_hdr_req(RPC_HDR_REQ
*hdr
, uint32 alloc_hint
, uint16 opnum
)
519 hdr
->alloc_hint
= alloc_hint
; /* allocation hint */
520 hdr
->context_id
= 0; /* presentation context identifier */
521 hdr
->opnum
= opnum
; /* opnum */
524 /*******************************************************************
525 Reads or writes an RPC_HDR_REQ structure.
526 ********************************************************************/
528 BOOL
smb_io_rpc_hdr_req(const char *desc
, RPC_HDR_REQ
*rpc
, prs_struct
*ps
, int depth
)
533 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_req");
536 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
538 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
540 if(!prs_uint16("opnum ", ps
, depth
, &rpc
->opnum
))
545 /*******************************************************************
546 Reads or writes an RPC_HDR_RESP structure.
547 ********************************************************************/
549 BOOL
smb_io_rpc_hdr_resp(const char *desc
, RPC_HDR_RESP
*rpc
, prs_struct
*ps
, int depth
)
554 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_resp");
557 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
559 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
561 if(!prs_uint8 ("cancel_ct ", ps
, depth
, &rpc
->cancel_count
))
563 if(!prs_uint8 ("reserved ", ps
, depth
, &rpc
->reserved
))
568 /*******************************************************************
569 Reads or writes an RPC_HDR_FAULT structure.
570 ********************************************************************/
572 BOOL
smb_io_rpc_hdr_fault(const char *desc
, RPC_HDR_FAULT
*rpc
, prs_struct
*ps
, int depth
)
577 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_fault");
580 if(!prs_ntstatus("status ", ps
, depth
, &rpc
->status
))
582 if(!prs_uint32("reserved", ps
, depth
, &rpc
->reserved
))
588 /*******************************************************************
589 Init an RPC_HDR_AUTHA structure.
590 ********************************************************************/
592 void init_rpc_hdr_autha(RPC_HDR_AUTHA
*rai
,
593 uint16 max_tsize
, uint16 max_rsize
,
594 uint8 auth_type
, uint8 auth_level
,
597 rai
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
598 rai
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
600 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
601 rai
->auth_level
= auth_level
; /* 0x06 */
602 rai
->stub_type_len
= stub_type_len
; /* 0x00 */
603 rai
->padding
= 0; /* padding 0x00 */
605 rai
->unknown
= 0x0014a0c0; /* non-zero pointer to something */
608 /*******************************************************************
609 Reads or writes an RPC_HDR_AUTHA structure.
610 ********************************************************************/
612 BOOL
smb_io_rpc_hdr_autha(const char *desc
, RPC_HDR_AUTHA
*rai
, prs_struct
*ps
, int depth
)
617 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_autha");
620 if(!prs_uint16("max_tsize ", ps
, depth
, &rai
->max_tsize
))
622 if(!prs_uint16("max_rsize ", ps
, depth
, &rai
->max_rsize
))
625 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
627 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
629 if(!prs_uint8 ("stub_type_len", ps
, depth
, &rai
->stub_type_len
))
631 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
634 if(!prs_uint32("unknown ", ps
, depth
, &rai
->unknown
)) /* 0x0014a0c0 */
640 /*******************************************************************
641 Inits an RPC_HDR_AUTH structure.
642 ********************************************************************/
644 void init_rpc_hdr_auth(RPC_HDR_AUTH
*rai
,
645 uint8 auth_type
, uint8 auth_level
,
649 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
650 rai
->auth_level
= auth_level
; /* 0x06 */
651 rai
->padding
= padding
;
654 rai
->auth_context
= ptr
; /* non-zero pointer to something */
657 /*******************************************************************
658 Reads or writes an RPC_HDR_AUTH structure.
659 ********************************************************************/
661 BOOL
smb_io_rpc_hdr_auth(const char *desc
, RPC_HDR_AUTH
*rai
, prs_struct
*ps
, int depth
)
666 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_auth");
672 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
674 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
676 if(!prs_uint8 ("padding ", ps
, depth
, &rai
->padding
))
678 if(!prs_uint8 ("reserved ", ps
, depth
, &rai
->reserved
))
680 if(!prs_uint32("auth_context ", ps
, depth
, &rai
->auth_context
))
686 /*******************************************************************
687 Checks an RPC_AUTH_VERIFIER structure.
688 ********************************************************************/
690 BOOL
rpc_auth_verifier_chk(RPC_AUTH_VERIFIER
*rav
,
691 const char *signature
, uint32 msg_type
)
693 return (strequal(rav
->signature
, signature
) && rav
->msg_type
== msg_type
);
696 /*******************************************************************
697 Inits an RPC_AUTH_VERIFIER structure.
698 ********************************************************************/
700 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER
*rav
,
701 const char *signature
, uint32 msg_type
)
703 fstrcpy(rav
->signature
, signature
); /* "NTLMSSP" */
704 rav
->msg_type
= msg_type
; /* NTLMSSP_MESSAGE_TYPE */
707 /*******************************************************************
708 Reads or writes an RPC_AUTH_VERIFIER structure.
709 ********************************************************************/
711 BOOL
smb_io_rpc_auth_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
716 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
720 if(!prs_string("signature", ps
, depth
, rav
->signature
,
721 sizeof(rav
->signature
)))
723 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
)) /* NTLMSSP_MESSAGE_TYPE */
729 /*******************************************************************
730 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
731 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
732 I have to look at that later...
733 ********************************************************************/
735 BOOL
smb_io_rpc_netsec_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
740 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
743 if(!prs_string("signature", ps
, depth
, rav
->signature
, sizeof(rav
->signature
)))
745 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
))
751 /*******************************************************************
752 Inits an RPC_AUTH_NTLMSSP_NEG structure.
753 ********************************************************************/
755 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG
*neg
,
757 const char *myname
, const char *domain
)
759 int len_myname
= strlen(myname
);
760 int len_domain
= strlen(domain
);
762 neg
->neg_flgs
= neg_flgs
; /* 0x00b2b3 */
764 init_str_hdr(&neg
->hdr_domain
, len_domain
, len_domain
, 0x20 + len_myname
);
765 init_str_hdr(&neg
->hdr_myname
, len_myname
, len_myname
, 0x20);
767 fstrcpy(neg
->myname
, myname
);
768 fstrcpy(neg
->domain
, domain
);
771 /*******************************************************************
772 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
774 *** lkclXXXX HACK ALERT! ***
775 ********************************************************************/
777 BOOL
smb_io_rpc_auth_ntlmssp_neg(const char *desc
, RPC_AUTH_NTLMSSP_NEG
*neg
, prs_struct
*ps
, int depth
)
779 uint32 start_offset
= prs_offset(ps
);
783 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_neg");
786 if(!prs_uint32("neg_flgs ", ps
, depth
, &neg
->neg_flgs
))
791 uint32 old_neg_flags
= neg
->neg_flgs
;
797 neg
->neg_flgs
= old_neg_flags
;
799 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
801 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
804 old_offset
= prs_offset(ps
);
806 if(!prs_set_offset(ps
, neg
->hdr_myname
.buffer
+ start_offset
- 12))
809 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
810 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
813 old_offset
+= neg
->hdr_myname
.str_str_len
;
815 if(!prs_set_offset(ps
, neg
->hdr_domain
.buffer
+ start_offset
- 12))
818 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
819 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
822 old_offset
+= neg
->hdr_domain
.str_str_len
;
824 if(!prs_set_offset(ps
, old_offset
))
828 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
830 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
833 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
834 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
836 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
837 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
844 /*******************************************************************
845 creates an RPC_AUTH_NTLMSSP_CHAL structure.
846 ********************************************************************/
848 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL
*chl
,
852 chl
->unknown_1
= 0x0;
853 chl
->unknown_2
= 0x00000028;
854 chl
->neg_flags
= neg_flags
; /* 0x0082b1 */
856 memcpy(chl
->challenge
, challenge
, sizeof(chl
->challenge
));
857 memset((char *)chl
->reserved
, '\0', sizeof(chl
->reserved
));
860 /*******************************************************************
861 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
862 ********************************************************************/
864 BOOL
smb_io_rpc_auth_ntlmssp_chal(const char *desc
, RPC_AUTH_NTLMSSP_CHAL
*chl
, prs_struct
*ps
, int depth
)
869 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chal");
872 if(!prs_uint32("unknown_1", ps
, depth
, &chl
->unknown_1
)) /* 0x0000 0000 */
874 if(!prs_uint32("unknown_2", ps
, depth
, &chl
->unknown_2
)) /* 0x0000 b2b3 */
876 if(!prs_uint32("neg_flags", ps
, depth
, &chl
->neg_flags
)) /* 0x0000 82b1 */
879 if(!prs_uint8s (False
, "challenge", ps
, depth
, chl
->challenge
, sizeof(chl
->challenge
)))
881 if(!prs_uint8s (False
, "reserved ", ps
, depth
, chl
->reserved
, sizeof(chl
->reserved
)))
887 /*******************************************************************
888 Inits an RPC_AUTH_NTLMSSP_RESP structure.
890 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
891 *** lkclXXXX the actual offset is at the start of the auth verifier ***
892 ********************************************************************/
894 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP
*rsp
,
895 uchar lm_resp
[24], uchar nt_resp
[24],
896 const char *domain
, const char *user
, const char *wks
,
900 int dom_len
= strlen(domain
);
901 int wks_len
= strlen(wks
);
902 int usr_len
= strlen(user
);
903 int lm_len
= (lm_resp
!= NULL
) ? 24 : 0;
904 int nt_len
= (nt_resp
!= NULL
) ? 24 : 0;
906 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
908 #ifdef DEBUG_PASSWORD
909 DEBUG(100,("lm_resp\n"));
910 dump_data(100, (char *)lm_resp
, 24);
911 DEBUG(100,("nt_resp\n"));
912 dump_data(100, (char *)nt_resp
, 24);
915 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
916 domain
, user
, wks
, neg_flags
));
920 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
926 init_str_hdr(&rsp
->hdr_domain
, dom_len
, dom_len
, offset
);
929 init_str_hdr(&rsp
->hdr_usr
, usr_len
, usr_len
, offset
);
932 init_str_hdr(&rsp
->hdr_wks
, wks_len
, wks_len
, offset
);
935 init_str_hdr(&rsp
->hdr_lm_resp
, lm_len
, lm_len
, offset
);
938 init_str_hdr(&rsp
->hdr_nt_resp
, nt_len
, nt_len
, offset
);
941 init_str_hdr(&rsp
->hdr_sess_key
, 0, 0, offset
);
943 rsp
->neg_flags
= neg_flags
;
945 memcpy(rsp
->lm_resp
, lm_resp
, 24);
946 memcpy(rsp
->nt_resp
, nt_resp
, 24);
948 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
949 rpcstr_push(rsp
->domain
, domain
, sizeof(rsp
->domain
), 0);
950 rpcstr_push(rsp
->user
, user
, sizeof(rsp
->user
), 0);
951 rpcstr_push(rsp
->wks
, wks
, sizeof(rsp
->wks
), 0);
953 fstrcpy(rsp
->domain
, domain
);
954 fstrcpy(rsp
->user
, user
);
955 fstrcpy(rsp
->wks
, wks
);
958 rsp
->sess_key
[0] = 0;
961 /*******************************************************************
962 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
964 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
965 *** lkclXXXX the actual offset is at the start of the auth verifier ***
966 ********************************************************************/
968 BOOL
smb_io_rpc_auth_ntlmssp_resp(const char *desc
, RPC_AUTH_NTLMSSP_RESP
*rsp
, prs_struct
*ps
, int depth
)
973 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_resp");
983 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
985 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
987 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
989 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
991 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
993 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
996 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
999 old_offset
= prs_offset(ps
);
1001 if(!prs_set_offset(ps
, rsp
->hdr_domain
.buffer
+ 0xc))
1004 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1005 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1008 old_offset
+= rsp
->hdr_domain
.str_str_len
;
1010 if(!prs_set_offset(ps
, rsp
->hdr_usr
.buffer
+ 0xc))
1013 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1014 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1017 old_offset
+= rsp
->hdr_usr
.str_str_len
;
1019 if(!prs_set_offset(ps
, rsp
->hdr_wks
.buffer
+ 0xc))
1022 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1023 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1026 old_offset
+= rsp
->hdr_wks
.str_str_len
;
1028 if(!prs_set_offset(ps
, rsp
->hdr_lm_resp
.buffer
+ 0xc))
1031 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1032 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1035 old_offset
+= rsp
->hdr_lm_resp
.str_str_len
;
1037 if(!prs_set_offset(ps
, rsp
->hdr_nt_resp
.buffer
+ 0xc))
1040 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1041 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1044 old_offset
+= rsp
->hdr_nt_resp
.str_str_len
;
1046 if (rsp
->hdr_sess_key
.str_str_len
!= 0) {
1048 if(!prs_set_offset(ps
, rsp
->hdr_sess_key
.buffer
+ 0x10))
1051 old_offset
+= rsp
->hdr_sess_key
.str_str_len
;
1053 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1054 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1058 if(!prs_set_offset(ps
, old_offset
))
1062 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
1064 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
1066 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
1068 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
1070 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1072 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1075 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1078 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1079 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1082 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1083 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1086 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1087 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1089 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1090 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1092 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1093 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1095 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1096 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1103 /*******************************************************************
1104 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1105 ********************************************************************/
1107 BOOL
rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
, uint32 crc32
, uint32 seq_num
)
1112 if (chk
->crc32
!= crc32
||
1113 chk
->ver
!= NTLMSSP_SIGN_VERSION
||
1114 chk
->seq_num
!= seq_num
)
1116 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1117 chk
->crc32
, chk
->ver
, chk
->seq_num
));
1119 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1120 crc32
, NTLMSSP_SIGN_VERSION
, seq_num
));
1126 /*******************************************************************
1127 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1128 ********************************************************************/
1130 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
,
1131 uint32 ver
, uint32 crc32
, uint32 seq_num
)
1134 chk
->reserved
= 0x0;
1136 chk
->seq_num
= seq_num
;
1139 /*******************************************************************
1140 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1141 ********************************************************************/
1143 BOOL
smb_io_rpc_auth_ntlmssp_chk(const char *desc
, RPC_AUTH_NTLMSSP_CHK
*chk
, prs_struct
*ps
, int depth
)
1148 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chk");
1154 if(!prs_uint32("ver ", ps
, depth
, &chk
->ver
))
1156 if(!prs_uint32("reserved", ps
, depth
, &chk
->reserved
))
1158 if(!prs_uint32("crc32 ", ps
, depth
, &chk
->crc32
))
1160 if(!prs_uint32("seq_num ", ps
, depth
, &chk
->seq_num
))
1166 /*******************************************************************
1167 creates an RPC_AUTH_NETSEC_NEG structure.
1168 ********************************************************************/
1169 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG
*neg
,
1170 const char *domain
, const char *myname
)
1174 fstrcpy(neg
->domain
, domain
);
1175 fstrcpy(neg
->myname
, myname
);
1178 /*******************************************************************
1179 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1180 ********************************************************************/
1182 BOOL
smb_io_rpc_auth_netsec_neg(const char *desc
, RPC_AUTH_NETSEC_NEG
*neg
,
1183 prs_struct
*ps
, int depth
)
1188 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_neg");
1194 if(!prs_uint32("type1", ps
, depth
, &neg
->type1
))
1196 if(!prs_uint32("type2", ps
, depth
, &neg
->type2
))
1198 if(!prs_string("domain ", ps
, depth
, neg
->domain
, sizeof(neg
->domain
)))
1200 if(!prs_string("myname ", ps
, depth
, neg
->myname
, sizeof(neg
->myname
)))
1206 /*******************************************************************
1207 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1208 ********************************************************************/
1209 BOOL
smb_io_rpc_auth_netsec_chk(const char *desc
, int auth_len
,
1210 RPC_AUTH_NETSEC_CHK
* chk
,
1211 prs_struct
*ps
, int depth
)
1216 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_chk");
1219 if ( !prs_uint8s(False
, "sig ", ps
, depth
, chk
->sig
, sizeof(chk
->sig
)) )
1222 if ( !prs_uint8s(False
, "seq_num", ps
, depth
, chk
->seq_num
, sizeof(chk
->seq_num
)) )
1225 if ( !prs_uint8s(False
, "packet_digest", ps
, depth
, chk
->packet_digest
, sizeof(chk
->packet_digest
)) )
1228 if ( auth_len
== RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN
) {
1229 if ( !prs_uint8s(False
, "confounder", ps
, depth
, chk
->confounder
, sizeof(chk
->confounder
)) )