search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge of some compiler warning fixes.
[Samba/gebeck_regimport.git] / source / rpc_parse / parse_prs.c
blob905634823911ef0390707adc8adbce2fd7169c81
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30 * Dump a prs to a file: from the current location through to the end.
31 **/
32 void prs_dump(char *name, int v, prs_struct *ps)
33 {
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37
38 /**
39 * Dump from the start of the prs to the current location.
40 **/
41 void prs_dump_before(char *name, int v, prs_struct *ps)
42 {
43 prs_dump_region(name, v, ps, 0, ps->data_offset);
44 }
45
46
47 /**
48 * Dump everything from the start of the prs up to the current location.
49 **/
50 void prs_dump_region(char *name, int v, prs_struct *ps,
51 int from_off, int to_off)
52 {
53 int fd, i;
54 pstring fname;
55 if (DEBUGLEVEL < 50) return;
56 for (i=1;i<100;i++) {
57 if (v != -1) {
58 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
59 } else {
60 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
61 }
62 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
63 if (fd != -1 || errno != EEXIST) break;
64 }
65 if (fd != -1) {
66 write(fd, ps->data_p + from_off, to_off - from_off);
67 close(fd);
68 DEBUG(0,("created %s\n", fname));
69 }
70 }
71
72
73
74 /*******************************************************************
75 debug output for parsing info.
76
77 XXXX side-effect of this function is to increase the debug depth XXXX
78
79 ********************************************************************/
80 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
81 {
82 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
83 }
84
85
86 /**
87 * Initialise an expandable parse structure.
88 *
89 * @param size Initial buffer size. If >0, a new buffer will be
90 * created with malloc().
91 *
92 * @return False if allocation fails, otherwise True.
93 **/
94 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
95 {
96 ZERO_STRUCTP(ps);
97 ps->io = io;
98 ps->bigendian_data = RPC_LITTLE_ENDIAN;
99 ps->align = RPC_PARSE_ALIGN;
100 ps->is_dynamic = False;
101 ps->data_offset = 0;
102 ps->buffer_size = 0;
103 ps->data_p = NULL;
104 ps->mem_ctx = ctx;
105
106 if (size != 0) {
107 ps->buffer_size = size;
108 if((ps->data_p = (char *)malloc((size_t)size)) == NULL) {
109 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
110 return False;
111 }
112 memset(ps->data_p, '\0', (size_t)size);
113 ps->is_dynamic = True; /* We own this memory. */
114 }
115
116 return True;
117 }
118
119 /*******************************************************************
120 Delete the memory in a parse structure - if we own it.
121 ********************************************************************/
122
123 void prs_mem_free(prs_struct *ps)
124 {
125 if(ps->is_dynamic)
126 SAFE_FREE(ps->data_p);
127 ps->is_dynamic = False;
128 ps->buffer_size = 0;
129 ps->data_offset = 0;
130 }
131
132 /*******************************************************************
133 Clear the memory in a parse structure.
134 ********************************************************************/
135
136 void prs_mem_clear(prs_struct *ps)
137 {
138 if (ps->buffer_size)
139 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
140 }
141
142 /*******************************************************************
143 Allocate memory when unmarshalling... Always zero clears.
144 ********************************************************************/
145
146 char *prs_alloc_mem(prs_struct *ps, size_t size)
147 {
148 char *ret = NULL;
149
150 if (size) {
151 ret = talloc(ps->mem_ctx, size);
152 if (ret)
153 memset(ret, '\0', size);
154 }
155 return ret;
156 }
157
158 /*******************************************************************
159 Return the current talloc context we're using.
160 ********************************************************************/
161
162 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
163 {
164 return ps->mem_ctx;
165 }
166
167 /*******************************************************************
168 Hand some already allocated memory to a prs_struct.
169 ********************************************************************/
170
171 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
172 {
173 ps->is_dynamic = is_dynamic;
174 ps->data_p = buf;
175 ps->buffer_size = size;
176 }
177
178 /*******************************************************************
179 Take some memory back from a prs_struct.
180 ********************************************************************/
181
182 char *prs_take_memory(prs_struct *ps, uint32 *psize)
183 {
184 char *ret = ps->data_p;
185 if(psize)
186 *psize = ps->buffer_size;
187 ps->is_dynamic = False;
188 prs_mem_free(ps);
189 return ret;
190 }
191
192 /*******************************************************************
193 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
194 ********************************************************************/
195
196 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
197 {
198 if (newsize > ps->buffer_size)
199 return prs_force_grow(ps, newsize - ps->buffer_size);
200
201 if (newsize < ps->buffer_size) {
202 char *new_data_p = Realloc(ps->data_p, newsize);
203 /* if newsize is zero, Realloc acts like free() & returns NULL*/
204 if (new_data_p == NULL && newsize != 0) {
205 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
206 (unsigned int)newsize));
207 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
208 return False;
209 }
210 ps->data_p = new_data_p;
211 ps->buffer_size = newsize;
212 }
213
214 return True;
215 }
216
217 /*******************************************************************
218 Attempt, if needed, to grow a data buffer.
219 Also depends on the data stream mode (io).
220 ********************************************************************/
221
222 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
223 {
224 uint32 new_size;
225 char *new_data;
226
227 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
228
229 if(ps->data_offset + extra_space <= ps->buffer_size)
230 return True;
231
232 /*
233 * We cannot grow the buffer if we're not reading
234 * into the prs_struct, or if we don't own the memory.
235 */
236
237 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
238 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
239 (unsigned int)extra_space));
240 return False;
241 }
242
243 /*
244 * Decide how much extra space we really need.
245 */
246
247 extra_space -= (ps->buffer_size - ps->data_offset);
248 if(ps->buffer_size == 0) {
249 /*
250 * Ensure we have at least a PDU's length, or extra_space, whichever
251 * is greater.
252 */
253
254 new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
255
256 if((new_data = malloc(new_size)) == NULL) {
257 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
258 return False;
259 }
260 memset(new_data, '\0', (size_t)new_size );
261 } else {
262 /*
263 * If the current buffer size is bigger than the space needed, just
264 * double it, else add extra_space.
265 */
266 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
267
268 if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
269 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
270 (unsigned int)new_size));
271 return False;
272 }
273
274 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
275 }
276 ps->buffer_size = new_size;
277 ps->data_p = new_data;
278
279 return True;
280 }
281
282 /*******************************************************************
283 Attempt to force a data buffer to grow by len bytes.
284 This is only used when appending more data onto a prs_struct
285 when reading an rpc reply, before unmarshalling it.
286 ********************************************************************/
287
288 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
289 {
290 uint32 new_size = ps->buffer_size + extra_space;
291 char *new_data;
292
293 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
294 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
295 (unsigned int)extra_space));
296 return False;
297 }
298
299 if((new_data = Realloc(ps->data_p, new_size)) == NULL) {
300 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
301 (unsigned int)new_size));
302 return False;
303 }
304
305 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
306
307 ps->buffer_size = new_size;
308 ps->data_p = new_data;
309
310 return True;
311 }
312
313 /*******************************************************************
314 Get the data pointer (external interface).
315 ********************************************************************/
316
317 char *prs_data_p(prs_struct *ps)
318 {
319 return ps->data_p;
320 }
321
322 /*******************************************************************
323 Get the current data size (external interface).
324 ********************************************************************/
325
326 uint32 prs_data_size(prs_struct *ps)
327 {
328 return ps->buffer_size;
329 }
330
331 /*******************************************************************
332 Fetch the current offset (external interface).
333 ********************************************************************/
334
335 uint32 prs_offset(prs_struct *ps)
336 {
337 return ps->data_offset;
338 }
339
340 /*******************************************************************
341 Set the current offset (external interface).
342 ********************************************************************/
343
344 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
345 {
346 if(offset <= ps->data_offset) {
347 ps->data_offset = offset;
348 return True;
349 }
350
351 if(!prs_grow(ps, offset - ps->data_offset))
352 return False;
353
354 ps->data_offset = offset;
355 return True;
356 }
357
358 /*******************************************************************
359 Append the data from one parse_struct into another.
360 ********************************************************************/
361
362 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
363 {
364 if (prs_offset(src) == 0)
365 return True;
366
367 if(!prs_grow(dst, prs_offset(src)))
368 return False;
369
370 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
371 dst->data_offset += prs_offset(src);
372
373 return True;
374 }
375
376 /*******************************************************************
377 Append some data from one parse_struct into another.
378 ********************************************************************/
379
380 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
381 {
382 if (len == 0)
383 return True;
384
385 if(!prs_grow(dst, len))
386 return False;
387
388 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
389 dst->data_offset += len;
390
391 return True;
392 }
393
394 /*******************************************************************
395 Append the data from a buffer into a parse_struct.
396 ********************************************************************/
397
398 BOOL prs_copy_data_in(prs_struct *dst, char *src, uint32 len)
399 {
400 if (len == 0)
401 return True;
402
403 if(!prs_grow(dst, len))
404 return False;
405
406 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
407 dst->data_offset += len;
408
409 return True;
410 }
411
412 /*******************************************************************
413 Copy some data from a parse_struct into a buffer.
414 ********************************************************************/
415
416 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
417 {
418 if (len == 0)
419 return True;
420
421 if(!prs_mem_get(src, len))
422 return False;
423
424 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
425 src->data_offset += len;
426
427 return True;
428 }
429
430 /*******************************************************************
431 Copy all the data from a parse_struct into a buffer.
432 ********************************************************************/
433
434 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
435 {
436 uint32 len = prs_offset(src);
437
438 if (!len)
439 return True;
440
441 prs_set_offset(src, 0);
442 return prs_copy_data_out(dst, src, len);
443 }
444
445 /*******************************************************************
446 Set the data as X-endian (external interface).
447 ********************************************************************/
448
449 void prs_set_endian_data(prs_struct *ps, BOOL endian)
450 {
451 ps->bigendian_data = endian;
452 }
453
454 /*******************************************************************
455 Align a the data_len to a multiple of align bytes - filling with
456 zeros.
457 ********************************************************************/
458
459 BOOL prs_align(prs_struct *ps)
460 {
461 uint32 mod = ps->data_offset & (ps->align-1);
462
463 if (ps->align != 0 && mod != 0) {
464 uint32 extra_space = (ps->align - mod);
465 if(!prs_grow(ps, extra_space))
466 return False;
467 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
468 ps->data_offset += extra_space;
469 }
470
471 return True;
472 }
473
474 /******************************************************************
475 Align on a 2 byte boundary
476 *****************************************************************/
477
478 BOOL prs_align_uint16(prs_struct *ps)
479 {
480 BOOL ret;
481 uint8 old_align = ps->align;
482
483 ps->align = 2;
484 ret = prs_align(ps);
485 ps->align = old_align;
486
487 return ret;
488 }
489
490 /******************************************************************
491 Align on a 8 byte boundary
492 *****************************************************************/
493
494 BOOL prs_align_uint64(prs_struct *ps)
495 {
496 BOOL ret;
497 uint8 old_align = ps->align;
498
499 ps->align = 8;
500 ret = prs_align(ps);
501 ps->align = old_align;
502
503 return ret;
504 }
505
506 /*******************************************************************
507 Align only if required (for the unistr2 string mainly)
508 ********************************************************************/
509
510 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
511 {
512 if (needed==0)
513 return True;
514 else
515 return prs_align(ps);
516 }
517
518 /*******************************************************************
519 Ensure we can read/write to a given offset.
520 ********************************************************************/
521
522 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
523 {
524 if(UNMARSHALLING(ps)) {
525 /*
526 * If reading, ensure that we can read the requested size item.
527 */
528 if (ps->data_offset + extra_size > ps->buffer_size) {
529 DEBUG(0,("prs_mem_get: reading data of size %u would overrun buffer.\n",
530 (unsigned int)extra_size ));
531 return NULL;
532 }
533 } else {
534 /*
535 * Writing - grow the buffer if needed.
536 */
537 if(!prs_grow(ps, extra_size))
538 return NULL;
539 }
540 return &ps->data_p[ps->data_offset];
541 }
542
543 /*******************************************************************
544 Change the struct type.
545 ********************************************************************/
546
547 void prs_switch_type(prs_struct *ps, BOOL io)
548 {
549 if ((ps->io ^ io) == True)
550 ps->io=io;
551 }
552
553 /*******************************************************************
554 Force a prs_struct to be dynamic even when it's size is 0.
555 ********************************************************************/
556
557 void prs_force_dynamic(prs_struct *ps)
558 {
559 ps->is_dynamic=True;
560 }
561
562 /*******************************************************************
563 Stream a uint8.
564 ********************************************************************/
565
566 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
567 {
568 char *q = prs_mem_get(ps, 1);
569 if (q == NULL)
570 return False;
571
572 if (UNMARSHALLING(ps))
573 *data8 = CVAL(q,0);
574 else
575 SCVAL(q,0,*data8);
576
577 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
578
579 ps->data_offset += 1;
580
581 return True;
582 }
583
584 /*******************************************************************
585 Stream a uint16.
586 ********************************************************************/
587
588 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
589 {
590 char *q = prs_mem_get(ps, sizeof(uint16));
591 if (q == NULL)
592 return False;
593
594 if (UNMARSHALLING(ps)) {
595 if (ps->bigendian_data)
596 *data16 = RSVAL(q,0);
597 else
598 *data16 = SVAL(q,0);
599 } else {
600 if (ps->bigendian_data)
601 RSSVAL(q,0,*data16);
602 else
603 SSVAL(q,0,*data16);
604 }
605
606 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
607
608 ps->data_offset += sizeof(uint16);
609
610 return True;
611 }
612
613 /*******************************************************************
614 Stream a uint32.
615 ********************************************************************/
616
617 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
618 {
619 char *q = prs_mem_get(ps, sizeof(uint32));
620 if (q == NULL)
621 return False;
622
623 if (UNMARSHALLING(ps)) {
624 if (ps->bigendian_data)
625 *data32 = RIVAL(q,0);
626 else
627 *data32 = IVAL(q,0);
628 } else {
629 if (ps->bigendian_data)
630 RSIVAL(q,0,*data32);
631 else
632 SIVAL(q,0,*data32);
633 }
634
635 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
636
637 ps->data_offset += sizeof(uint32);
638
639 return True;
640 }
641
642 /*******************************************************************
643 Stream a NTSTATUS
644 ********************************************************************/
645
646 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
647 {
648 char *q = prs_mem_get(ps, sizeof(uint32));
649 if (q == NULL)
650 return False;
651
652 if (UNMARSHALLING(ps)) {
653 if (ps->bigendian_data)
654 *status = NT_STATUS(RIVAL(q,0));
655 else
656 *status = NT_STATUS(IVAL(q,0));
657 } else {
658 if (ps->bigendian_data)
659 RSIVAL(q,0,NT_STATUS_V(*status));
660 else
661 SIVAL(q,0,NT_STATUS_V(*status));
662 }
663
664 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
665 nt_errstr(*status)));
666
667 ps->data_offset += sizeof(uint32);
668
669 return True;
670 }
671
672 /*******************************************************************
673 Stream a WERROR
674 ********************************************************************/
675
676 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
677 {
678 char *q = prs_mem_get(ps, sizeof(uint32));
679 if (q == NULL)
680 return False;
681
682 if (UNMARSHALLING(ps)) {
683 if (ps->bigendian_data)
684 *status = W_ERROR(RIVAL(q,0));
685 else
686 *status = W_ERROR(IVAL(q,0));
687 } else {
688 if (ps->bigendian_data)
689 RSIVAL(q,0,W_ERROR_V(*status));
690 else
691 SIVAL(q,0,W_ERROR_V(*status));
692 }
693
694 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
695 dos_errstr(*status)));
696
697 ps->data_offset += sizeof(uint32);
698
699 return True;
700 }
701
702
703 /******************************************************************
704 Stream an array of uint8s. Length is number of uint8s.
705 ********************************************************************/
706
707 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
708 {
709 int i;
710 char *q = prs_mem_get(ps, len);
711 if (q == NULL)
712 return False;
713
714 if (UNMARSHALLING(ps)) {
715 for (i = 0; i < len; i++)
716 data8s[i] = CVAL(q,i);
717 } else {
718 for (i = 0; i < len; i++)
719 SCVAL(q, i, data8s[i]);
720 }
721
722 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
723 if (charmode)
724 print_asc(5, (unsigned char*)data8s, len);
725 else {
726 for (i = 0; i < len; i++)
727 DEBUG(5,("%02x ", data8s[i]));
728 }
729 DEBUG(5,("\n"));
730
731 ps->data_offset += len;
732
733 return True;
734 }
735
736 /******************************************************************
737 Stream an array of uint16s. Length is number of uint16s.
738 ********************************************************************/
739
740 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
741 {
742 int i;
743 char *q = prs_mem_get(ps, len * sizeof(uint16));
744 if (q == NULL)
745 return False;
746
747 if (UNMARSHALLING(ps)) {
748 if (ps->bigendian_data) {
749 for (i = 0; i < len; i++)
750 data16s[i] = RSVAL(q, 2*i);
751 } else {
752 for (i = 0; i < len; i++)
753 data16s[i] = SVAL(q, 2*i);
754 }
755 } else {
756 if (ps->bigendian_data) {
757 for (i = 0; i < len; i++)
758 RSSVAL(q, 2*i, data16s[i]);
759 } else {
760 for (i = 0; i < len; i++)
761 SSVAL(q, 2*i, data16s[i]);
762 }
763 }
764
765 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
766 if (charmode)
767 print_asc(5, (unsigned char*)data16s, 2*len);
768 else {
769 for (i = 0; i < len; i++)
770 DEBUG(5,("%04x ", data16s[i]));
771 }
772 DEBUG(5,("\n"));
773
774 ps->data_offset += (len * sizeof(uint16));
775
776 return True;
777 }
778
779 /******************************************************************
780 Start using a function for streaming unicode chars. If unmarshalling,
781 output must be little-endian, if marshalling, input must be little-endian.
782 ********************************************************************/
783
784 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
785 char *in_buf, char *out_buf, int len)
786 {
787 int i;
788
789 if (UNMARSHALLING(ps)) {
790 if (ps->bigendian_data) {
791 for (i = 0; i < len; i++)
792 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
793 } else {
794 for (i = 0; i < len; i++)
795 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
796 }
797 } else {
798 if (ps->bigendian_data) {
799 for (i = 0; i < len; i++)
800 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
801 } else {
802 for (i = 0; i < len; i++)
803 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
804 }
805 }
806
807 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
808 if (charmode)
809 print_asc(5, (unsigned char*)out_buf, 2*len);
810 else {
811 for (i = 0; i < len; i++)
812 DEBUG(5,("%04x ", out_buf[i]));
813 }
814 DEBUG(5,("\n"));
815 }
816
817 /******************************************************************
818 Stream a unistr. Always little endian.
819 ********************************************************************/
820
821 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
822 {
823 char *q = prs_mem_get(ps, len * sizeof(uint16));
824 if (q == NULL)
825 return False;
826
827 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
828 ps->data_offset += (len * sizeof(uint16));
829
830 return True;
831 }
832
833 /******************************************************************
834 Stream an array of uint32s. Length is number of uint32s.
835 ********************************************************************/
836
837 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
838 {
839 int i;
840 char *q = prs_mem_get(ps, len * sizeof(uint32));
841 if (q == NULL)
842 return False;
843
844 if (UNMARSHALLING(ps)) {
845 if (ps->bigendian_data) {
846 for (i = 0; i < len; i++)
847 data32s[i] = RIVAL(q, 4*i);
848 } else {
849 for (i = 0; i < len; i++)
850 data32s[i] = IVAL(q, 4*i);
851 }
852 } else {
853 if (ps->bigendian_data) {
854 for (i = 0; i < len; i++)
855 RSIVAL(q, 4*i, data32s[i]);
856 } else {
857 for (i = 0; i < len; i++)
858 SIVAL(q, 4*i, data32s[i]);
859 }
860 }
861
862 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
863 if (charmode)
864 print_asc(5, (unsigned char*)data32s, 4*len);
865 else {
866 for (i = 0; i < len; i++)
867 DEBUG(5,("%08x ", data32s[i]));
868 }
869 DEBUG(5,("\n"));
870
871 ps->data_offset += (len * sizeof(uint32));
872
873 return True;
874 }
875
876 /******************************************************************
877 Stream an array of unicode string, length/buffer specified separately,
878 in uint16 chars. The unicode string is already in little-endian format.
879 ********************************************************************/
880
881 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
882 {
883 char *p;
884 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
885 if (q == NULL)
886 return False;
887
888 if (UNMARSHALLING(ps)) {
889 str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len * sizeof(uint16));
890 if (str->buffer == NULL)
891 return False;
892 }
893
894 /* If the string is empty, we don't have anything to stream */
895 if (str->buf_len==0)
896 return True;
897
898 p = (char *)str->buffer;
899
900 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
901
902 ps->data_offset += (str->buf_len * sizeof(uint16));
903
904 return True;
905 }
906
907 /******************************************************************
908 Stream a "not" unicode string, length/buffer specified separately,
909 in byte chars. String is in little-endian format.
910 ********************************************************************/
911
912 BOOL prs_buffer2(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER2 *str)
913 {
914 char *p;
915 char *q = prs_mem_get(ps, str->buf_len);
916 if (q == NULL)
917 return False;
918
919 if (UNMARSHALLING(ps)) {
920 if ( str->buf_len ) {
921 str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len);
922 if ( str->buffer == NULL )
923 return False;
924 }
925 }
926
927 p = (char *)str->buffer;
928
929 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len/2);
930 ps->data_offset += str->buf_len;
931
932 return True;
933 }
934
935 /******************************************************************
936 Stream a string, length/buffer specified separately,
937 in uint8 chars.
938 ********************************************************************/
939
940 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
941 {
942 unsigned int i;
943 char *q = prs_mem_get(ps, str->str_max_len);
944 if (q == NULL)
945 return False;
946
947 if (UNMARSHALLING(ps)) {
948 str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
949 if (str->buffer == NULL)
950 return False;
951 }
952
953 if (UNMARSHALLING(ps)) {
954 for (i = 0; i < str->str_str_len; i++)
955 str->buffer[i] = CVAL(q,i);
956 } else {
957 for (i = 0; i < str->str_str_len; i++)
958 SCVAL(q, i, str->buffer[i]);
959 }
960
961 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
962 if (charmode)
963 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
964 else {
965 for (i = 0; i < str->str_str_len; i++)
966 DEBUG(5,("%02x ", str->buffer[i]));
967 }
968 DEBUG(5,("\n"));
969
970 ps->data_offset += str->str_str_len;
971
972 return True;
973 }
974
975 /******************************************************************
976 Stream a unicode string, length/buffer specified separately,
977 in uint16 chars. The unicode string is already in little-endian format.
978 ********************************************************************/
979
980 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
981 {
982 char *p;
983 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
984 if (q == NULL)
985 return False;
986
987 /* If the string is empty, we don't have anything to stream */
988 if (str->uni_str_len==0)
989 return True;
990
991 if (UNMARSHALLING(ps)) {
992 str->buffer = (uint16 *)prs_alloc_mem(ps,str->uni_max_len * sizeof(uint16));
993 if (str->buffer == NULL)
994 return False;
995 }
996
997 p = (char *)str->buffer;
998
999 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1000
1001 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1002
1003 return True;
1004 }
1005
1006 /******************************************************************
1007 Stream a unicode string, length/buffer specified separately,
1008 in uint16 chars. The unicode string is already in little-endian format.
1009 ********************************************************************/
1010
1011 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1012 {
1013 char *p;
1014 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1015 if (q == NULL)
1016 return False;
1017
1018 if (UNMARSHALLING(ps)) {
1019 str->str.buffer = (uint16 *)prs_alloc_mem(ps,str->uni_str_len * sizeof(uint16));
1020 if (str->str.buffer == NULL)
1021 return False;
1022 }
1023
1024 p = (char *)str->str.buffer;
1025
1026 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1027 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1028
1029 return True;
1030 }
1031
1032 /*******************************************************************
1033 Stream a unicode null-terminated string. As the string is already
1034 in little-endian format then do it as a stream of bytes.
1035 ********************************************************************/
1036
1037 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1038 {
1039 unsigned int len = 0;
1040 unsigned char *p = (unsigned char *)str->buffer;
1041 uint8 *start;
1042 char *q;
1043 uint32 max_len;
1044 uint16* ptr;
1045
1046 if (MARSHALLING(ps)) {
1047
1048 for(len = 0; str->buffer[len] != 0; len++)
1049 ;
1050
1051 q = prs_mem_get(ps, (len+1)*2);
1052 if (q == NULL)
1053 return False;
1054
1055 start = (uint8*)q;
1056
1057 for(len = 0; str->buffer[len] != 0; len++)
1058 {
1059 if(ps->bigendian_data)
1060 {
1061 /* swap bytes - p is little endian, q is big endian. */
1062 q[0] = (char)p[1];
1063 q[1] = (char)p[0];
1064 p += 2;
1065 q += 2;
1066 }
1067 else
1068 {
1069 q[0] = (char)p[0];
1070 q[1] = (char)p[1];
1071 p += 2;
1072 q += 2;
1073 }
1074 }
1075
1076 /*
1077 * even if the string is 'empty' (only an \0 char)
1078 * at this point the leading \0 hasn't been parsed.
1079 * so parse it now
1080 */
1081
1082 q[0] = 0;
1083 q[1] = 0;
1084 q += 2;
1085
1086 len++;
1087
1088 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1089 print_asc(5, (unsigned char*)start, 2*len);
1090 DEBUG(5, ("\n"));
1091 }
1092 else { /* unmarshalling */
1093
1094 uint32 alloc_len = 0;
1095 q = ps->data_p + prs_offset(ps);
1096
1097 /*
1098 * Work out how much space we need and talloc it.
1099 */
1100 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1101
1102 /* the test of the value of *ptr helps to catch the circumstance
1103 where we have an emtpty (non-existent) string in the buffer */
1104 for ( ptr = (uint16 *)q; *ptr && (alloc_len <= max_len); alloc_len++)
1105 /* do nothing */
1106 ;
1107
1108 /* should we allocate anything at all? */
1109 str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16));
1110 if ((str->buffer == NULL) && (alloc_len > 0))
1111 return False;
1112
1113 p = (unsigned char *)str->buffer;
1114
1115 len = 0;
1116 /* the (len < alloc_len) test is to prevent us from overwriting
1117 memory that is not ours...if we get that far, we have a non-null
1118 terminated string in the buffer and have messed up somewhere */
1119 while ((len < alloc_len) && (*(uint16 *)q != 0))
1120 {
1121 if(ps->bigendian_data)
1122 {
1123 /* swap bytes - q is big endian, p is little endian. */
1124 p[0] = (unsigned char)q[1];
1125 p[1] = (unsigned char)q[0];
1126 p += 2;
1127 q += 2;
1128 } else {
1129
1130 p[0] = (unsigned char)q[0];
1131 p[1] = (unsigned char)q[1];
1132 p += 2;
1133 q += 2;
1134 }
1135
1136 len++;
1137 }
1138 if (len < alloc_len)
1139 {
1140 /* NULL terminate the UNISTR */
1141 str->buffer[len++] = '\0';
1142 }
1143
1144 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1145 print_asc(5, (unsigned char*)str->buffer, 2*len);
1146 DEBUG(5, ("\n"));
1147 }
1148
1149 /* set the offset in the prs_struct; 'len' points to the
1150 terminiating NULL in the UNISTR so we need to go one more
1151 uint16 */
1152 ps->data_offset += (len)*2;
1153
1154 return True;
1155 }
1156
1157
1158 /*******************************************************************
1159 Stream a null-terminated string. len is strlen, and therefore does
1160 not include the null-termination character.
1161 ********************************************************************/
1162
1163 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1164 {
1165 char *q;
1166 int i;
1167 int len;
1168
1169 if (UNMARSHALLING(ps))
1170 len = strlen(&ps->data_p[ps->data_offset]);
1171 else
1172 len = strlen(str);
1173
1174 len = MIN(len, (max_buf_size-1));
1175
1176 q = prs_mem_get(ps, len+1);
1177 if (q == NULL)
1178 return False;
1179
1180 for(i = 0; i < len; i++) {
1181 if (UNMARSHALLING(ps))
1182 str[i] = q[i];
1183 else
1184 q[i] = str[i];
1185 }
1186
1187 /* The terminating null. */
1188 str[i] = '\0';
1189
1190 if (MARSHALLING(ps)) {
1191 q[i] = '\0';
1192 }
1193
1194 ps->data_offset += len+1;
1195
1196 dump_data(5+depth, q, len);
1197
1198 return True;
1199 }
1200
1201 /*******************************************************************
1202 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1203 uint16 should be stored, or gets the size if reading.
1204 ********************************************************************/
1205
1206 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1207 {
1208 *offset = ps->data_offset;
1209 if (UNMARSHALLING(ps)) {
1210 /* reading. */
1211 return prs_uint16(name, ps, depth, data16);
1212 } else {
1213 char *q = prs_mem_get(ps, sizeof(uint16));
1214 if(q ==NULL)
1215 return False;
1216 ps->data_offset += sizeof(uint16);
1217 }
1218 return True;
1219 }
1220
1221 /*******************************************************************
1222 prs_uint16 wrapper. call this and it retrospectively stores the size.
1223 does nothing on reading, as that is already handled by ...._pre()
1224 ********************************************************************/
1225
1226 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1227 uint32 ptr_uint16, uint32 start_offset)
1228 {
1229 if (MARSHALLING(ps)) {
1230 /*
1231 * Writing - temporarily move the offset pointer.
1232 */
1233 uint16 data_size = ps->data_offset - start_offset;
1234 uint32 old_offset = ps->data_offset;
1235
1236 ps->data_offset = ptr_uint16;
1237 if(!prs_uint16(name, ps, depth, &data_size)) {
1238 ps->data_offset = old_offset;
1239 return False;
1240 }
1241 ps->data_offset = old_offset;
1242 } else {
1243 ps->data_offset = start_offset + (uint32)(*data16);
1244 }
1245 return True;
1246 }
1247
1248 /*******************************************************************
1249 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1250 uint32 should be stored, or gets the size if reading.
1251 ********************************************************************/
1252
1253 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1254 {
1255 *offset = ps->data_offset;
1256 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1257 /* reading. */
1258 return prs_uint32(name, ps, depth, data32);
1259 } else {
1260 ps->data_offset += sizeof(uint32);
1261 }
1262 return True;
1263 }
1264
1265 /*******************************************************************
1266 prs_uint32 wrapper. call this and it retrospectively stores the size.
1267 does nothing on reading, as that is already handled by ...._pre()
1268 ********************************************************************/
1269
1270 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1271 uint32 ptr_uint32, uint32 data_size)
1272 {
1273 if (MARSHALLING(ps)) {
1274 /*
1275 * Writing - temporarily move the offset pointer.
1276 */
1277 uint32 old_offset = ps->data_offset;
1278 ps->data_offset = ptr_uint32;
1279 if(!prs_uint32(name, ps, depth, &data_size)) {
1280 ps->data_offset = old_offset;
1281 return False;
1282 }
1283 ps->data_offset = old_offset;
1284 }
1285 return True;
1286 }
1287
1288 /* useful function to store a structure in rpc wire format */
1289 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1290 {
1291 TDB_DATA kbuf, dbuf;
1292 kbuf.dptr = keystr;
1293 kbuf.dsize = strlen(keystr)+1;
1294 dbuf.dptr = ps->data_p;
1295 dbuf.dsize = prs_offset(ps);
1296 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1297 }
1298
1299 /* useful function to fetch a structure into rpc wire format */
1300 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1301 {
1302 TDB_DATA kbuf, dbuf;
1303 kbuf.dptr = keystr;
1304 kbuf.dsize = strlen(keystr)+1;
1305
1306 dbuf = tdb_fetch(tdb, kbuf);
1307 if (!dbuf.dptr)
1308 return -1;
1309
1310 ZERO_STRUCTP(ps);
1311 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1312 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1313
1314 return 0;
1315 }
1316
1317 /*******************************************************************
1318 hash a stream.
1319 ********************************************************************/
1320 BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
1321 {
1322 char *q;
1323
1324 q = ps->data_p;
1325 q = &q[offset];
1326
1327 #ifdef DEBUG_PASSWORD
1328 DEBUG(100, ("prs_hash1\n"));
1329 dump_data(100, sess_key, 16);
1330 dump_data(100, q, len);
1331 #endif
1332 SamOEMhash((uchar *) q, sess_key, len);
1333
1334 #ifdef DEBUG_PASSWORD
1335 dump_data(100, q, len);
1336 #endif
1337
1338 return True;
1339 }
1340
1341
1342 /*******************************************************************
1343 Create a digest over the entire packet (including the data), and
1344 MD5 it with the session key.
1345 ********************************************************************/
1346 static void netsec_digest(struct netsec_auth_struct *a,
1347 int auth_flags,
1348 RPC_AUTH_NETSEC_CHK * verf,
1349 char *data, size_t data_len,
1350 uchar digest_final[16])
1351 {
1352 uchar whole_packet_digest[16];
1353 static uchar zeros[4];
1354 struct MD5Context ctx3;
1355
1356 /* verfiy the signature on the packet by MD5 over various bits */
1357 MD5Init(&ctx3);
1358 /* use our sequence number, which ensures the packet is not
1359 out of order */
1360 MD5Update(&ctx3, zeros, sizeof(zeros));
1361 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1362 if (auth_flags & AUTH_PIPE_SEAL) {
1363 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1364 }
1365 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1366 MD5Final(whole_packet_digest, &ctx3);
1367 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1368
1369 /* MD5 this result and the session key, to prove that
1370 only a valid client could had produced this */
1371 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1372 }
1373
1374 /*******************************************************************
1375 Calculate the key with which to encode the data payload
1376 ********************************************************************/
1377 static void netsec_get_sealing_key(struct netsec_auth_struct *a,
1378 RPC_AUTH_NETSEC_CHK *verf,
1379 uchar sealing_key[16])
1380 {
1381 static uchar zeros[4];
1382 uchar digest2[16];
1383 uchar sess_kf0[16];
1384 int i;
1385
1386 for (i = 0; i < sizeof(sess_kf0); i++) {
1387 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1388 }
1389
1390 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1391
1392 /* MD5 of sess_kf0 and 4 zero bytes */
1393 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1394 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1395
1396 /* MD5 of the above result, plus 8 bytes of sequence number */
1397 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1398 dump_data_pw("sealing_key:\n", sealing_key, 16);
1399 }
1400
1401 /*******************************************************************
1402 Encode or Decode the sequence number (which is symmetric)
1403 ********************************************************************/
1404 static void netsec_deal_with_seq_num(struct netsec_auth_struct *a,
1405 RPC_AUTH_NETSEC_CHK *verf)
1406 {
1407 static uchar zeros[4];
1408 uchar sequence_key[16];
1409 uchar digest1[16];
1410
1411 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1412 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1413
1414 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1415
1416 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1417
1418 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1419 SamOEMhash(verf->seq_num, sequence_key, 8);
1420 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1421 }
1422
1423 /*******************************************************************
1424 creates an RPC_AUTH_NETSEC_CHK structure.
1425 ********************************************************************/
1426 static BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk,
1427 const uchar sig[8],
1428 const uchar packet_digest[8],
1429 const uchar seq_num[8], const uchar confounder[8])
1430 {
1431 if (chk == NULL)
1432 return False;
1433
1434 memcpy(chk->sig, sig, sizeof(chk->sig));
1435 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1436 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1437 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1438
1439 return True;
1440 }
1441
1442
1443 /*******************************************************************
1444 Encode a blob of data using the netsec (schannel) alogrithm, also produceing
1445 a checksum over the original data. We currently only support
1446 signing and sealing togeather - the signing-only code is close, but not
1447 quite compatible with what MS does.
1448 ********************************************************************/
1449 void netsec_encode(struct netsec_auth_struct *a, int auth_flags,
1450 enum netsec_direction direction,
1451 RPC_AUTH_NETSEC_CHK * verf,
1452 char *data, size_t data_len)
1453 {
1454 uchar digest_final[16];
1455 uchar confounder[8];
1456 uchar seq_num[8];
1457 static const uchar nullbytes[8];
1458
1459 static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
1460 static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
1461 const uchar *netsec_sig = NULL;
1462
1463 DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1464
1465 if (auth_flags & AUTH_PIPE_SEAL) {
1466 netsec_sig = netsec_seal_sig;
1467 } else if (auth_flags & AUTH_PIPE_SIGN) {
1468 netsec_sig = netsec_sign_sig;
1469 }
1470
1471 /* fill the 'confounder' with random data */
1472 generate_random_buffer(confounder, sizeof(confounder), False);
1473
1474 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1475
1476 RSIVAL(seq_num, 0, a->seq_num);
1477
1478 switch (direction) {
1479 case SENDER_IS_INITIATOR:
1480 SIVAL(seq_num, 4, 0x80);
1481 break;
1482 case SENDER_IS_ACCEPTOR:
1483 SIVAL(seq_num, 4, 0x0);
1484 break;
1485 }
1486
1487 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1488
1489 init_rpc_auth_netsec_chk(verf, netsec_sig, nullbytes,
1490 seq_num, confounder);
1491
1492 /* produce a digest of the packet to prove it's legit (before we seal it) */
1493 netsec_digest(a, auth_flags, verf, data, data_len, digest_final);
1494 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1495
1496 if (auth_flags & AUTH_PIPE_SEAL) {
1497 uchar sealing_key[16];
1498
1499 /* get the key to encode the data with */
1500 netsec_get_sealing_key(a, verf, sealing_key);
1501
1502 /* encode the verification data */
1503 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1504 SamOEMhash(verf->confounder, sealing_key, 8);
1505
1506 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1507
1508 /* encode the packet payload */
1509 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1510 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1511 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1512 }
1513
1514 /* encode the sequence number (key based on packet digest) */
1515 /* needs to be done after the sealing, as the original version
1516 is used in the sealing stuff... */
1517 netsec_deal_with_seq_num(a, verf);
1518
1519 return;
1520 }
1521
1522 /*******************************************************************
1523 Decode a blob of data using the netsec (schannel) alogrithm, also verifiying
1524 a checksum over the original data. We currently can verify signed messages,
1525 as well as decode sealed messages
1526 ********************************************************************/
1527
1528 BOOL netsec_decode(struct netsec_auth_struct *a, int auth_flags,
1529 enum netsec_direction direction,
1530 RPC_AUTH_NETSEC_CHK * verf, char *data, size_t data_len)
1531 {
1532 uchar digest_final[16];
1533
1534 static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
1535 static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
1536 const uchar *netsec_sig = NULL;
1537
1538 uchar seq_num[8];
1539
1540 DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1541
1542 if (auth_flags & AUTH_PIPE_SEAL) {
1543 netsec_sig = netsec_seal_sig;
1544 } else if (auth_flags & AUTH_PIPE_SIGN) {
1545 netsec_sig = netsec_sign_sig;
1546 }
1547
1548 /* Create the expected sequence number for comparison */
1549 RSIVAL(seq_num, 0, a->seq_num);
1550
1551 switch (direction) {
1552 case SENDER_IS_INITIATOR:
1553 SIVAL(seq_num, 4, 0x80);
1554 break;
1555 case SENDER_IS_ACCEPTOR:
1556 SIVAL(seq_num, 4, 0x0);
1557 break;
1558 }
1559
1560 DEBUG(10,("SCHANNEL: netsec_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1561 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1562
1563 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1564
1565 /* extract the sequence number (key based on supplied packet digest) */
1566 /* needs to be done before the sealing, as the original version
1567 is used in the sealing stuff... */
1568 netsec_deal_with_seq_num(a, verf);
1569
1570 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1571 /* don't even bother with the below if the sequence number is out */
1572 /* The sequence number is MD5'ed with a key based on the whole-packet
1573 digest, as supplied by the client. We check that it's a valid
1574 checksum after the decode, below
1575 */
1576 DEBUG(2, ("netsec_decode: FAILED: packet sequence number:\n"));
1577 dump_data(2, verf->seq_num, sizeof(verf->seq_num));
1578 DEBUG(2, ("should be:\n"));
1579 dump_data(2, seq_num, sizeof(seq_num));
1580
1581 return False;
1582 }
1583
1584 if (memcmp(verf->sig, netsec_sig, sizeof(verf->sig))) {
1585 /* Validate that the other end sent the expected header */
1586 DEBUG(2, ("netsec_decode: FAILED: packet header:\n"));
1587 dump_data(2, verf->sig, sizeof(verf->sig));
1588 DEBUG(2, ("should be:\n"));
1589 dump_data(2, netsec_sig, sizeof(netsec_sig));
1590 return False;
1591 }
1592
1593 if (auth_flags & AUTH_PIPE_SEAL) {
1594 uchar sealing_key[16];
1595
1596 /* get the key to extract the data with */
1597 netsec_get_sealing_key(a, verf, sealing_key);
1598
1599 /* extract the verification data */
1600 dump_data_pw("verf->confounder:\n", verf->confounder,
1601 sizeof(verf->confounder));
1602 SamOEMhash(verf->confounder, sealing_key, 8);
1603
1604 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1605 sizeof(verf->confounder));
1606
1607 /* extract the packet payload */
1608 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1609 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1610 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1611 }
1612
1613 /* digest includes 'data' after unsealing */
1614 netsec_digest(a, auth_flags, verf, data, data_len, digest_final);
1615
1616 dump_data_pw("Calculated digest:\n", digest_final,
1617 sizeof(digest_final));
1618 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1619 sizeof(verf->packet_digest));
1620
1621 /* compare - if the client got the same result as us, then
1622 it must know the session key */
1623 return (memcmp(digest_final, verf->packet_digest,
1624 sizeof(verf->packet_digest)) == 0);
1625 }
reg import