2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_RPC_PARSE
29 * Dump a prs to a file: from the current location through to the end.
31 void prs_dump(const char *name
, int v
, prs_struct
*ps
)
33 prs_dump_region(name
, v
, ps
, ps
->data_offset
, ps
->buffer_size
);
37 * Dump from the start of the prs to the current location.
39 void prs_dump_before(const char *name
, int v
, prs_struct
*ps
)
41 prs_dump_region(name
, v
, ps
, 0, ps
->data_offset
);
45 * Dump everything from the start of the prs up to the current location.
47 void prs_dump_region(const char *name
, int v
, prs_struct
*ps
,
48 int from_off
, int to_off
)
53 if (DEBUGLEVEL
< 50) return;
56 if (asprintf(&fname
,"/tmp/%s_%d.%d.prs", name
, v
, i
) < 0) {
60 if (asprintf(&fname
,"/tmp/%s.%d.prs", name
, i
) < 0) {
64 fd
= open(fname
, O_WRONLY
|O_CREAT
|O_EXCL
, 0644);
65 if (fd
!= -1 || errno
!= EEXIST
) break;
68 sz
= write(fd
, ps
->data_p
+ from_off
, to_off
- from_off
);
70 if ( (sz
!= to_off
-from_off
) || (i
!= 0) ) {
71 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname
, (unsigned long)sz
, (unsigned long)to_off
-from_off
, i
));
73 DEBUG(0,("created %s\n", fname
));
79 /*******************************************************************
80 Debug output for parsing info
82 XXXX side-effect of this function is to increase the debug depth XXXX.
84 ********************************************************************/
86 void prs_debug(prs_struct
*ps
, int depth
, const char *desc
, const char *fn_name
)
88 DEBUG(5+depth
, ("%s%06x %s %s\n", tab_depth(5+depth
,depth
), ps
->data_offset
, fn_name
, desc
));
92 * Initialise an expandable parse structure.
94 * @param size Initial buffer size. If >0, a new buffer will be
95 * created with malloc().
97 * @return False if allocation fails, otherwise True.
100 bool prs_init(prs_struct
*ps
, uint32 size
, TALLOC_CTX
*ctx
, bool io
)
104 ps
->bigendian_data
= RPC_LITTLE_ENDIAN
;
105 ps
->align
= RPC_PARSE_ALIGN
;
106 ps
->is_dynamic
= False
;
113 ps
->buffer_size
= size
;
114 if((ps
->data_p
= (char *)SMB_MALLOC((size_t)size
)) == NULL
) {
115 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size
));
118 memset(ps
->data_p
, '\0', (size_t)size
);
119 ps
->is_dynamic
= True
; /* We own this memory. */
120 } else if (MARSHALLING(ps
)) {
121 /* If size is zero and we're marshalling we should allocate memory on demand. */
122 ps
->is_dynamic
= True
;
128 /*******************************************************************
129 Delete the memory in a parse structure - if we own it.
131 NOTE: Contrary to the somewhat confusing naming, this function is not
132 intended for freeing memory allocated by prs_alloc_mem(). That memory
133 is attached to the talloc context given by ps->mem_ctx.
134 ********************************************************************/
136 void prs_mem_free(prs_struct
*ps
)
139 SAFE_FREE(ps
->data_p
);
140 ps
->is_dynamic
= False
;
145 /*******************************************************************
146 Clear the memory in a parse structure.
147 ********************************************************************/
149 void prs_mem_clear(prs_struct
*ps
)
152 memset(ps
->data_p
, '\0', (size_t)ps
->buffer_size
);
155 /*******************************************************************
156 Allocate memory when unmarshalling... Always zero clears.
157 ********************************************************************/
159 #if defined(PARANOID_MALLOC_CHECKER)
160 char *prs_alloc_mem_(prs_struct
*ps
, size_t size
, unsigned int count
)
162 char *prs_alloc_mem(prs_struct
*ps
, size_t size
, unsigned int count
)
168 /* We can't call the type-safe version here. */
169 ret
= (char *)_talloc_zero_array(ps
->mem_ctx
, size
, count
,
175 /*******************************************************************
176 Return the current talloc context we're using.
177 ********************************************************************/
179 TALLOC_CTX
*prs_get_mem_context(prs_struct
*ps
)
184 /*******************************************************************
185 Hand some already allocated memory to a prs_struct.
186 ********************************************************************/
188 void prs_give_memory(prs_struct
*ps
, char *buf
, uint32 size
, bool is_dynamic
)
190 ps
->is_dynamic
= is_dynamic
;
192 ps
->buffer_size
= size
;
195 /*******************************************************************
196 Take some memory back from a prs_struct.
197 ********************************************************************/
199 char *prs_take_memory(prs_struct
*ps
, uint32
*psize
)
201 char *ret
= ps
->data_p
;
203 *psize
= ps
->buffer_size
;
204 ps
->is_dynamic
= False
;
209 /*******************************************************************
210 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
211 ********************************************************************/
213 bool prs_set_buffer_size(prs_struct
*ps
, uint32 newsize
)
215 if (newsize
> ps
->buffer_size
)
216 return prs_force_grow(ps
, newsize
- ps
->buffer_size
);
218 if (newsize
< ps
->buffer_size
) {
219 ps
->buffer_size
= newsize
;
221 /* newsize == 0 acts as a free and set pointer to NULL */
223 SAFE_FREE(ps
->data_p
);
225 ps
->data_p
= (char *)SMB_REALLOC(ps
->data_p
, newsize
);
227 if (ps
->data_p
== NULL
) {
228 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
229 (unsigned int)newsize
));
230 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno
)));
239 /*******************************************************************
240 Attempt, if needed, to grow a data buffer.
241 Also depends on the data stream mode (io).
242 ********************************************************************/
244 bool prs_grow(prs_struct
*ps
, uint32 extra_space
)
248 ps
->grow_size
= MAX(ps
->grow_size
, ps
->data_offset
+ extra_space
);
250 if(ps
->data_offset
+ extra_space
<= ps
->buffer_size
)
254 * We cannot grow the buffer if we're not reading
255 * into the prs_struct, or if we don't own the memory.
258 if(UNMARSHALLING(ps
) || !ps
->is_dynamic
) {
259 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
260 (unsigned int)extra_space
));
265 * Decide how much extra space we really need.
268 extra_space
-= (ps
->buffer_size
- ps
->data_offset
);
269 if(ps
->buffer_size
== 0) {
272 * Start with 128 bytes (arbitrary value), enough for small rpc
275 new_size
= MAX(128, extra_space
);
277 if((ps
->data_p
= (char *)SMB_MALLOC(new_size
)) == NULL
) {
278 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size
));
281 memset(ps
->data_p
, '\0', (size_t)new_size
);
284 * If the current buffer size is bigger than the space needed,
285 * just double it, else add extra_space. Always keep 64 bytes
286 * more, so that after we added a large blob we don't have to
287 * realloc immediately again.
289 new_size
= MAX(ps
->buffer_size
*2,
290 ps
->buffer_size
+ extra_space
+ 64);
292 if ((ps
->data_p
= (char *)SMB_REALLOC(ps
->data_p
, new_size
)) == NULL
) {
293 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
294 (unsigned int)new_size
));
298 memset(&ps
->data_p
[ps
->buffer_size
], '\0', (size_t)(new_size
- ps
->buffer_size
));
300 ps
->buffer_size
= new_size
;
305 /*******************************************************************
306 Attempt to force a data buffer to grow by len bytes.
307 This is only used when appending more data onto a prs_struct
308 when reading an rpc reply, before unmarshalling it.
309 ********************************************************************/
311 bool prs_force_grow(prs_struct
*ps
, uint32 extra_space
)
313 uint32 new_size
= ps
->buffer_size
+ extra_space
;
315 if(!UNMARSHALLING(ps
) || !ps
->is_dynamic
) {
316 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
317 (unsigned int)extra_space
));
321 if((ps
->data_p
= (char *)SMB_REALLOC(ps
->data_p
, new_size
)) == NULL
) {
322 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
323 (unsigned int)new_size
));
327 memset(&ps
->data_p
[ps
->buffer_size
], '\0', (size_t)(new_size
- ps
->buffer_size
));
329 ps
->buffer_size
= new_size
;
334 /*******************************************************************
335 Get the data pointer (external interface).
336 ********************************************************************/
338 char *prs_data_p(prs_struct
*ps
)
343 /*******************************************************************
344 Get the current data size (external interface).
345 ********************************************************************/
347 uint32
prs_data_size(prs_struct
*ps
)
349 return ps
->buffer_size
;
352 /*******************************************************************
353 Fetch the current offset (external interface).
354 ********************************************************************/
356 uint32
prs_offset(prs_struct
*ps
)
358 return ps
->data_offset
;
361 /*******************************************************************
362 Set the current offset (external interface).
363 ********************************************************************/
365 bool prs_set_offset(prs_struct
*ps
, uint32 offset
)
367 if ((offset
> ps
->data_offset
)
368 && !prs_grow(ps
, offset
- ps
->data_offset
)) {
372 ps
->data_offset
= offset
;
376 /*******************************************************************
377 Append the data from one parse_struct into another.
378 ********************************************************************/
380 bool prs_append_prs_data(prs_struct
*dst
, prs_struct
*src
)
382 if (prs_offset(src
) == 0)
385 if(!prs_grow(dst
, prs_offset(src
)))
388 memcpy(&dst
->data_p
[dst
->data_offset
], src
->data_p
, (size_t)prs_offset(src
));
389 dst
->data_offset
+= prs_offset(src
);
394 /*******************************************************************
395 Append some data from one parse_struct into another.
396 ********************************************************************/
398 bool prs_append_some_data(prs_struct
*dst
, void *src_base
, uint32_t start
,
405 if(!prs_grow(dst
, len
)) {
409 memcpy(&dst
->data_p
[dst
->data_offset
], ((char *)src_base
) + start
, (size_t)len
);
410 dst
->data_offset
+= len
;
414 bool prs_append_some_prs_data(prs_struct
*dst
, prs_struct
*src
, int32 start
,
417 return prs_append_some_data(dst
, src
->data_p
, start
, len
);
420 /*******************************************************************
421 Append the data from a buffer into a parse_struct.
422 ********************************************************************/
424 bool prs_copy_data_in(prs_struct
*dst
, const char *src
, uint32 len
)
429 if(!prs_grow(dst
, len
))
432 memcpy(&dst
->data_p
[dst
->data_offset
], src
, (size_t)len
);
433 dst
->data_offset
+= len
;
438 /*******************************************************************
439 Copy some data from a parse_struct into a buffer.
440 ********************************************************************/
442 bool prs_copy_data_out(char *dst
, prs_struct
*src
, uint32 len
)
447 if(!prs_mem_get(src
, len
))
450 memcpy(dst
, &src
->data_p
[src
->data_offset
], (size_t)len
);
451 src
->data_offset
+= len
;
456 /*******************************************************************
457 Copy all the data from a parse_struct into a buffer.
458 ********************************************************************/
460 bool prs_copy_all_data_out(char *dst
, prs_struct
*src
)
462 uint32 len
= prs_offset(src
);
467 prs_set_offset(src
, 0);
468 return prs_copy_data_out(dst
, src
, len
);
471 /*******************************************************************
472 Set the data as X-endian (external interface).
473 ********************************************************************/
475 void prs_set_endian_data(prs_struct
*ps
, bool endian
)
477 ps
->bigendian_data
= endian
;
480 /*******************************************************************
481 Align a the data_len to a multiple of align bytes - filling with
483 ********************************************************************/
485 bool prs_align(prs_struct
*ps
)
487 uint32 mod
= ps
->data_offset
& (ps
->align
-1);
489 if (ps
->align
!= 0 && mod
!= 0) {
490 uint32 extra_space
= (ps
->align
- mod
);
491 if(!prs_grow(ps
, extra_space
))
493 memset(&ps
->data_p
[ps
->data_offset
], '\0', (size_t)extra_space
);
494 ps
->data_offset
+= extra_space
;
500 /******************************************************************
501 Align on a 2 byte boundary
502 *****************************************************************/
504 bool prs_align_uint16(prs_struct
*ps
)
507 uint8 old_align
= ps
->align
;
511 ps
->align
= old_align
;
516 /******************************************************************
517 Align on a 8 byte boundary
518 *****************************************************************/
520 bool prs_align_uint64(prs_struct
*ps
)
523 uint8 old_align
= ps
->align
;
527 ps
->align
= old_align
;
532 /******************************************************************
533 Align on a specific byte boundary
534 *****************************************************************/
536 bool prs_align_custom(prs_struct
*ps
, uint8 boundary
)
539 uint8 old_align
= ps
->align
;
541 ps
->align
= boundary
;
543 ps
->align
= old_align
;
550 /*******************************************************************
551 Align only if required (for the unistr2 string mainly)
552 ********************************************************************/
554 bool prs_align_needed(prs_struct
*ps
, uint32 needed
)
559 return prs_align(ps
);
562 /*******************************************************************
563 Ensure we can read/write to a given offset.
564 ********************************************************************/
566 char *prs_mem_get(prs_struct
*ps
, uint32 extra_size
)
568 if(UNMARSHALLING(ps
)) {
570 * If reading, ensure that we can read the requested size item.
572 if (ps
->data_offset
+ extra_size
> ps
->buffer_size
) {
573 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
574 "buffer by %u bytes.\n",
575 (unsigned int)extra_size
,
576 (unsigned int)(ps
->data_offset
+ extra_size
- ps
->buffer_size
) ));
581 * Writing - grow the buffer if needed.
583 if(!prs_grow(ps
, extra_size
))
586 return &ps
->data_p
[ps
->data_offset
];
589 /*******************************************************************
590 Change the struct type.
591 ********************************************************************/
593 void prs_switch_type(prs_struct
*ps
, bool io
)
595 if ((ps
->io
^ io
) == True
)
599 /*******************************************************************
600 Force a prs_struct to be dynamic even when it's size is 0.
601 ********************************************************************/
603 void prs_force_dynamic(prs_struct
*ps
)
608 /*******************************************************************
609 Associate a session key with a parse struct.
610 ********************************************************************/
612 void prs_set_session_key(prs_struct
*ps
, const char sess_key
[16])
614 ps
->sess_key
= sess_key
;
617 /*******************************************************************
619 ********************************************************************/
621 bool prs_uint8(const char *name
, prs_struct
*ps
, int depth
, uint8
*data8
)
623 char *q
= prs_mem_get(ps
, 1);
627 if (UNMARSHALLING(ps
))
632 DEBUGADD(5,("%s%04x %s: %02x\n", tab_depth(5,depth
), ps
->data_offset
, name
, *data8
));
634 ps
->data_offset
+= 1;
639 /*******************************************************************
641 ********************************************************************/
643 bool prs_uint16(const char *name
, prs_struct
*ps
, int depth
, uint16
*data16
)
645 char *q
= prs_mem_get(ps
, sizeof(uint16
));
649 if (UNMARSHALLING(ps
)) {
650 if (ps
->bigendian_data
)
651 *data16
= RSVAL(q
,0);
655 if (ps
->bigendian_data
)
661 DEBUGADD(5,("%s%04x %s: %04x\n", tab_depth(5,depth
), ps
->data_offset
, name
, *data16
));
663 ps
->data_offset
+= sizeof(uint16
);
668 /*******************************************************************
670 ********************************************************************/
672 bool prs_uint32(const char *name
, prs_struct
*ps
, int depth
, uint32
*data32
)
674 char *q
= prs_mem_get(ps
, sizeof(uint32
));
678 if (UNMARSHALLING(ps
)) {
679 if (ps
->bigendian_data
)
680 *data32
= RIVAL(q
,0);
684 if (ps
->bigendian_data
)
690 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth
), ps
->data_offset
, name
, *data32
));
692 ps
->data_offset
+= sizeof(uint32
);
697 /*******************************************************************
699 ********************************************************************/
701 bool prs_int32(const char *name
, prs_struct
*ps
, int depth
, int32
*data32
)
703 char *q
= prs_mem_get(ps
, sizeof(int32
));
707 if (UNMARSHALLING(ps
)) {
708 if (ps
->bigendian_data
)
709 *data32
= RIVALS(q
,0);
711 *data32
= IVALS(q
,0);
713 if (ps
->bigendian_data
)
714 RSIVALS(q
,0,*data32
);
719 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth
), ps
->data_offset
, name
, *data32
));
721 ps
->data_offset
+= sizeof(int32
);
726 /*******************************************************************
727 Stream a uint64_struct
728 ********************************************************************/
729 bool prs_uint64(const char *name
, prs_struct
*ps
, int depth
, uint64
*data64
)
731 if (UNMARSHALLING(ps
)) {
734 if (!prs_uint32(name
, ps
, depth
+1, &low
))
737 if (!prs_uint32(name
, ps
, depth
+1, &high
))
740 *data64
= ((uint64_t)high
<< 32) + low
;
744 uint32 high
= (*data64
) >> 32, low
= (*data64
) & 0xFFFFFFFF;
745 return prs_uint32(name
, ps
, depth
+1, &low
) &&
746 prs_uint32(name
, ps
, depth
+1, &high
);
750 /*******************************************************************
751 Stream a DCE error code
752 ********************************************************************/
754 bool prs_dcerpc_status(const char *name
, prs_struct
*ps
, int depth
, NTSTATUS
*status
)
756 char *q
= prs_mem_get(ps
, sizeof(uint32
));
760 if (UNMARSHALLING(ps
)) {
761 if (ps
->bigendian_data
)
762 *status
= NT_STATUS(RIVAL(q
,0));
764 *status
= NT_STATUS(IVAL(q
,0));
766 if (ps
->bigendian_data
)
767 RSIVAL(q
,0,NT_STATUS_V(*status
));
769 SIVAL(q
,0,NT_STATUS_V(*status
));
772 DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth
), ps
->data_offset
, name
,
773 dcerpc_errstr(debug_ctx(), NT_STATUS_V(*status
))));
775 ps
->data_offset
+= sizeof(uint32
);
780 /******************************************************************
781 Stream an array of uint8s. Length is number of uint8s.
782 ********************************************************************/
784 bool prs_uint8s(bool charmode
, const char *name
, prs_struct
*ps
, int depth
, uint8
*data8s
, int len
)
787 char *q
= prs_mem_get(ps
, len
);
791 if (UNMARSHALLING(ps
)) {
792 for (i
= 0; i
< len
; i
++)
793 data8s
[i
] = CVAL(q
,i
);
795 for (i
= 0; i
< len
; i
++)
796 SCVAL(q
, i
, data8s
[i
]);
799 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth
), ps
->data_offset
,name
));
801 print_asc(5, (unsigned char*)data8s
, len
);
803 for (i
= 0; i
< len
; i
++)
804 DEBUGADD(5,("%02x ", data8s
[i
]));
808 ps
->data_offset
+= len
;
813 /******************************************************************
814 Stream an array of uint16s. Length is number of uint16s.
815 ********************************************************************/
817 bool prs_uint16s(bool charmode
, const char *name
, prs_struct
*ps
, int depth
, uint16
*data16s
, int len
)
820 char *q
= prs_mem_get(ps
, len
* sizeof(uint16
));
824 if (UNMARSHALLING(ps
)) {
825 if (ps
->bigendian_data
) {
826 for (i
= 0; i
< len
; i
++)
827 data16s
[i
] = RSVAL(q
, 2*i
);
829 for (i
= 0; i
< len
; i
++)
830 data16s
[i
] = SVAL(q
, 2*i
);
833 if (ps
->bigendian_data
) {
834 for (i
= 0; i
< len
; i
++)
835 RSSVAL(q
, 2*i
, data16s
[i
]);
837 for (i
= 0; i
< len
; i
++)
838 SSVAL(q
, 2*i
, data16s
[i
]);
842 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth
), ps
->data_offset
, name
));
844 print_asc(5, (unsigned char*)data16s
, 2*len
);
846 for (i
= 0; i
< len
; i
++)
847 DEBUGADD(5,("%04x ", data16s
[i
]));
851 ps
->data_offset
+= (len
* sizeof(uint16
));
856 /******************************************************************
857 Stream an array of uint32s. Length is number of uint32s.
858 ********************************************************************/
860 bool prs_uint32s(bool charmode
, const char *name
, prs_struct
*ps
, int depth
, uint32
*data32s
, int len
)
863 char *q
= prs_mem_get(ps
, len
* sizeof(uint32
));
867 if (UNMARSHALLING(ps
)) {
868 if (ps
->bigendian_data
) {
869 for (i
= 0; i
< len
; i
++)
870 data32s
[i
] = RIVAL(q
, 4*i
);
872 for (i
= 0; i
< len
; i
++)
873 data32s
[i
] = IVAL(q
, 4*i
);
876 if (ps
->bigendian_data
) {
877 for (i
= 0; i
< len
; i
++)
878 RSIVAL(q
, 4*i
, data32s
[i
]);
880 for (i
= 0; i
< len
; i
++)
881 SIVAL(q
, 4*i
, data32s
[i
]);
885 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth
), ps
->data_offset
, name
));
887 print_asc(5, (unsigned char*)data32s
, 4*len
);
889 for (i
= 0; i
< len
; i
++)
890 DEBUGADD(5,("%08x ", data32s
[i
]));
894 ps
->data_offset
+= (len
* sizeof(uint32
));
899 /*******************************************************************
900 Stream a unicode null-terminated string. As the string is already
901 in little-endian format then do it as a stream of bytes.
902 ********************************************************************/
904 bool prs_unistr(const char *name
, prs_struct
*ps
, int depth
, UNISTR
*str
)
906 unsigned int len
= 0;
907 unsigned char *p
= (unsigned char *)str
->buffer
;
913 if (MARSHALLING(ps
)) {
915 for(len
= 0; str
->buffer
[len
] != 0; len
++)
918 q
= prs_mem_get(ps
, (len
+1)*2);
924 for(len
= 0; str
->buffer
[len
] != 0; len
++) {
925 if(ps
->bigendian_data
) {
926 /* swap bytes - p is little endian, q is big endian. */
942 * even if the string is 'empty' (only an \0 char)
943 * at this point the leading \0 hasn't been parsed.
953 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth
), ps
->data_offset
, name
));
954 print_asc(5, (unsigned char*)start
, 2*len
);
957 else { /* unmarshalling */
959 uint32 alloc_len
= 0;
960 q
= ps
->data_p
+ prs_offset(ps
);
963 * Work out how much space we need and talloc it.
965 max_len
= (ps
->buffer_size
- ps
->data_offset
)/sizeof(uint16
);
967 /* the test of the value of *ptr helps to catch the circumstance
968 where we have an emtpty (non-existent) string in the buffer */
969 for ( ptr
= (uint16
*)q
; *ptr
++ && (alloc_len
<= max_len
); alloc_len
++)
973 if (alloc_len
< max_len
)
976 /* should we allocate anything at all? */
977 str
->buffer
= PRS_ALLOC_MEM(ps
,uint16
,alloc_len
);
978 if ((str
->buffer
== NULL
) && (alloc_len
> 0))
981 p
= (unsigned char *)str
->buffer
;
984 /* the (len < alloc_len) test is to prevent us from overwriting
985 memory that is not ours...if we get that far, we have a non-null
986 terminated string in the buffer and have messed up somewhere */
987 while ((len
< alloc_len
) && (*(uint16
*)q
!= 0)) {
988 if(ps
->bigendian_data
)
990 /* swap bytes - q is big endian, p is little endian. */
991 p
[0] = (unsigned char)q
[1];
992 p
[1] = (unsigned char)q
[0];
997 p
[0] = (unsigned char)q
[0];
998 p
[1] = (unsigned char)q
[1];
1005 if (len
< alloc_len
) {
1006 /* NULL terminate the UNISTR */
1007 str
->buffer
[len
++] = '\0';
1010 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth
), ps
->data_offset
, name
));
1011 print_asc(5, (unsigned char*)str
->buffer
, 2*len
);
1012 DEBUGADD(5, ("\n"));
1015 /* set the offset in the prs_struct; 'len' points to the
1016 terminiating NULL in the UNISTR so we need to go one more
1018 ps
->data_offset
+= (len
)*2;
1024 /*******************************************************************
1025 Stream a null-terminated string. len is strlen, and therefore does
1026 not include the null-termination character.
1027 ********************************************************************/
1029 bool prs_string(const char *name
, prs_struct
*ps
, int depth
, char *str
, int max_buf_size
)
1035 if (UNMARSHALLING(ps
))
1036 len
= strlen(&ps
->data_p
[ps
->data_offset
]);
1040 len
= MIN(len
, (max_buf_size
-1));
1042 q
= prs_mem_get(ps
, len
+1);
1046 for(i
= 0; i
< len
; i
++) {
1047 if (UNMARSHALLING(ps
))
1053 /* The terminating null. */
1056 if (MARSHALLING(ps
)) {
1060 ps
->data_offset
+= len
+1;
1062 dump_data(5+depth
, (uint8
*)q
, len
);
1067 /*******************************************************************
1068 Create a digest over the entire packet (including the data), and
1069 MD5 it with the session key.
1070 ********************************************************************/
1072 static void schannel_digest(struct schannel_auth_struct
*a
,
1073 enum pipe_auth_level auth_level
,
1074 RPC_AUTH_SCHANNEL_CHK
* verf
,
1075 char *data
, size_t data_len
,
1076 uchar digest_final
[16])
1078 uchar whole_packet_digest
[16];
1080 struct MD5Context ctx3
;
1084 /* verfiy the signature on the packet by MD5 over various bits */
1086 /* use our sequence number, which ensures the packet is not
1088 MD5Update(&ctx3
, zeros
, sizeof(zeros
));
1089 MD5Update(&ctx3
, verf
->sig
, sizeof(verf
->sig
));
1090 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1091 MD5Update(&ctx3
, verf
->confounder
, sizeof(verf
->confounder
));
1093 MD5Update(&ctx3
, (const unsigned char *)data
, data_len
);
1094 MD5Final(whole_packet_digest
, &ctx3
);
1095 dump_data_pw("whole_packet_digest:\n", whole_packet_digest
, sizeof(whole_packet_digest
));
1097 /* MD5 this result and the session key, to prove that
1098 only a valid client could had produced this */
1099 hmac_md5(a
->sess_key
, whole_packet_digest
, sizeof(whole_packet_digest
), digest_final
);
1102 /*******************************************************************
1103 Calculate the key with which to encode the data payload
1104 ********************************************************************/
1106 static void schannel_get_sealing_key(struct schannel_auth_struct
*a
,
1107 RPC_AUTH_SCHANNEL_CHK
*verf
,
1108 uchar sealing_key
[16])
1117 for (i
= 0; i
< sizeof(sess_kf0
); i
++) {
1118 sess_kf0
[i
] = a
->sess_key
[i
] ^ 0xf0;
1121 dump_data_pw("sess_kf0:\n", sess_kf0
, sizeof(sess_kf0
));
1123 /* MD5 of sess_kf0 and 4 zero bytes */
1124 hmac_md5(sess_kf0
, zeros
, 0x4, digest2
);
1125 dump_data_pw("digest2:\n", digest2
, sizeof(digest2
));
1127 /* MD5 of the above result, plus 8 bytes of sequence number */
1128 hmac_md5(digest2
, verf
->seq_num
, sizeof(verf
->seq_num
), sealing_key
);
1129 dump_data_pw("sealing_key:\n", sealing_key
, 16);
1132 /*******************************************************************
1133 Encode or Decode the sequence number (which is symmetric)
1134 ********************************************************************/
1136 static void schannel_deal_with_seq_num(struct schannel_auth_struct
*a
,
1137 RPC_AUTH_SCHANNEL_CHK
*verf
)
1140 uchar sequence_key
[16];
1145 hmac_md5(a
->sess_key
, zeros
, sizeof(zeros
), digest1
);
1146 dump_data_pw("(sequence key) digest1:\n", digest1
, sizeof(digest1
));
1148 hmac_md5(digest1
, verf
->packet_digest
, 8, sequence_key
);
1150 dump_data_pw("sequence_key:\n", sequence_key
, sizeof(sequence_key
));
1152 dump_data_pw("seq_num (before):\n", verf
->seq_num
, sizeof(verf
->seq_num
));
1153 arcfour_crypt(verf
->seq_num
, sequence_key
, 8);
1154 dump_data_pw("seq_num (after):\n", verf
->seq_num
, sizeof(verf
->seq_num
));
1157 /*******************************************************************
1158 creates an RPC_AUTH_SCHANNEL_CHK structure.
1159 ********************************************************************/
1161 static bool init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK
* chk
,
1163 const uchar packet_digest
[8],
1164 const uchar seq_num
[8], const uchar confounder
[8])
1169 memcpy(chk
->sig
, sig
, sizeof(chk
->sig
));
1170 memcpy(chk
->packet_digest
, packet_digest
, sizeof(chk
->packet_digest
));
1171 memcpy(chk
->seq_num
, seq_num
, sizeof(chk
->seq_num
));
1172 memcpy(chk
->confounder
, confounder
, sizeof(chk
->confounder
));
1177 /*******************************************************************
1178 Encode a blob of data using the schannel alogrithm, also produceing
1179 a checksum over the original data. We currently only support
1180 signing and sealing togeather - the signing-only code is close, but not
1181 quite compatible with what MS does.
1182 ********************************************************************/
1184 void schannel_encode(struct schannel_auth_struct
*a
, enum pipe_auth_level auth_level
,
1185 enum schannel_direction direction
,
1186 RPC_AUTH_SCHANNEL_CHK
* verf
,
1187 char *data
, size_t data_len
)
1189 uchar digest_final
[16];
1190 uchar confounder
[8];
1192 static const uchar nullbytes
[8] = { 0, };
1194 static const uchar schannel_seal_sig
[8] = SCHANNEL_SEAL_SIGNATURE
;
1195 static const uchar schannel_sign_sig
[8] = SCHANNEL_SIGN_SIGNATURE
;
1196 const uchar
*schannel_sig
= NULL
;
1198 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1200 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1201 schannel_sig
= schannel_seal_sig
;
1203 schannel_sig
= schannel_sign_sig
;
1206 /* fill the 'confounder' with random data */
1207 generate_random_buffer(confounder
, sizeof(confounder
));
1209 dump_data_pw("a->sess_key:\n", a
->sess_key
, sizeof(a
->sess_key
));
1211 RSIVAL(seq_num
, 0, a
->seq_num
);
1213 switch (direction
) {
1214 case SENDER_IS_INITIATOR
:
1215 SIVAL(seq_num
, 4, 0x80);
1217 case SENDER_IS_ACCEPTOR
:
1218 SIVAL(seq_num
, 4, 0x0);
1222 dump_data_pw("verf->seq_num:\n", seq_num
, sizeof(verf
->seq_num
));
1224 init_rpc_auth_schannel_chk(verf
, schannel_sig
, nullbytes
,
1225 seq_num
, confounder
);
1227 /* produce a digest of the packet to prove it's legit (before we seal it) */
1228 schannel_digest(a
, auth_level
, verf
, data
, data_len
, digest_final
);
1229 memcpy(verf
->packet_digest
, digest_final
, sizeof(verf
->packet_digest
));
1231 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1232 uchar sealing_key
[16];
1234 /* get the key to encode the data with */
1235 schannel_get_sealing_key(a
, verf
, sealing_key
);
1237 /* encode the verification data */
1238 dump_data_pw("verf->confounder:\n", verf
->confounder
, sizeof(verf
->confounder
));
1239 arcfour_crypt(verf
->confounder
, sealing_key
, 8);
1241 dump_data_pw("verf->confounder_enc:\n", verf
->confounder
, sizeof(verf
->confounder
));
1243 /* encode the packet payload */
1244 dump_data_pw("data:\n", (const unsigned char *)data
, data_len
);
1245 arcfour_crypt((unsigned char *)data
, sealing_key
, data_len
);
1246 dump_data_pw("data_enc:\n", (const unsigned char *)data
, data_len
);
1249 /* encode the sequence number (key based on packet digest) */
1250 /* needs to be done after the sealing, as the original version
1251 is used in the sealing stuff... */
1252 schannel_deal_with_seq_num(a
, verf
);
1257 /*******************************************************************
1258 Decode a blob of data using the schannel alogrithm, also verifiying
1259 a checksum over the original data. We currently can verify signed messages,
1260 as well as decode sealed messages
1261 ********************************************************************/
1263 bool schannel_decode(struct schannel_auth_struct
*a
, enum pipe_auth_level auth_level
,
1264 enum schannel_direction direction
,
1265 RPC_AUTH_SCHANNEL_CHK
* verf
, char *data
, size_t data_len
)
1267 uchar digest_final
[16];
1269 static const uchar schannel_seal_sig
[8] = SCHANNEL_SEAL_SIGNATURE
;
1270 static const uchar schannel_sign_sig
[8] = SCHANNEL_SIGN_SIGNATURE
;
1271 const uchar
*schannel_sig
= NULL
;
1275 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1277 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1278 schannel_sig
= schannel_seal_sig
;
1280 schannel_sig
= schannel_sign_sig
;
1283 /* Create the expected sequence number for comparison */
1284 RSIVAL(seq_num
, 0, a
->seq_num
);
1286 switch (direction
) {
1287 case SENDER_IS_INITIATOR
:
1288 SIVAL(seq_num
, 4, 0x80);
1290 case SENDER_IS_ACCEPTOR
:
1291 SIVAL(seq_num
, 4, 0x0);
1295 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1296 dump_data_pw("a->sess_key:\n", a
->sess_key
, sizeof(a
->sess_key
));
1298 dump_data_pw("seq_num:\n", seq_num
, sizeof(seq_num
));
1300 /* extract the sequence number (key based on supplied packet digest) */
1301 /* needs to be done before the sealing, as the original version
1302 is used in the sealing stuff... */
1303 schannel_deal_with_seq_num(a
, verf
);
1305 if (memcmp(verf
->seq_num
, seq_num
, sizeof(seq_num
))) {
1306 /* don't even bother with the below if the sequence number is out */
1307 /* The sequence number is MD5'ed with a key based on the whole-packet
1308 digest, as supplied by the client. We check that it's a valid
1309 checksum after the decode, below
1311 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1312 dump_data(2, verf
->seq_num
, sizeof(verf
->seq_num
));
1313 DEBUG(2, ("should be:\n"));
1314 dump_data(2, seq_num
, sizeof(seq_num
));
1319 if (memcmp(verf
->sig
, schannel_sig
, sizeof(verf
->sig
))) {
1320 /* Validate that the other end sent the expected header */
1321 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1322 dump_data(2, verf
->sig
, sizeof(verf
->sig
));
1323 DEBUG(2, ("should be:\n"));
1324 dump_data(2, schannel_sig
, sizeof(schannel_sig
));
1328 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1329 uchar sealing_key
[16];
1331 /* get the key to extract the data with */
1332 schannel_get_sealing_key(a
, verf
, sealing_key
);
1334 /* extract the verification data */
1335 dump_data_pw("verf->confounder:\n", verf
->confounder
,
1336 sizeof(verf
->confounder
));
1337 arcfour_crypt(verf
->confounder
, sealing_key
, 8);
1339 dump_data_pw("verf->confounder_dec:\n", verf
->confounder
,
1340 sizeof(verf
->confounder
));
1342 /* extract the packet payload */
1343 dump_data_pw("data :\n", (const unsigned char *)data
, data_len
);
1344 arcfour_crypt((unsigned char *)data
, sealing_key
, data_len
);
1345 dump_data_pw("datadec:\n", (const unsigned char *)data
, data_len
);
1348 /* digest includes 'data' after unsealing */
1349 schannel_digest(a
, auth_level
, verf
, data
, data_len
, digest_final
);
1351 dump_data_pw("Calculated digest:\n", digest_final
,
1352 sizeof(digest_final
));
1353 dump_data_pw("verf->packet_digest:\n", verf
->packet_digest
,
1354 sizeof(verf
->packet_digest
));
1356 /* compare - if the client got the same result as us, then
1357 it must know the session key */
1358 return (memcmp(digest_final
, verf
->packet_digest
,
1359 sizeof(verf
->packet_digest
)) == 0);
1362 /*******************************************************************
1363 creates a new prs_struct containing a DATA_BLOB
1364 ********************************************************************/
1365 bool prs_init_data_blob(prs_struct
*prs
, DATA_BLOB
*blob
, TALLOC_CTX
*mem_ctx
)
1367 if (!prs_init( prs
, RPC_MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
))
1371 if (!prs_copy_data_in(prs
, (char *)blob
->data
, blob
->length
))
1377 /*******************************************************************
1378 return the contents of a prs_struct in a DATA_BLOB
1379 ********************************************************************/
1380 bool prs_data_blob(prs_struct
*prs
, DATA_BLOB
*blob
, TALLOC_CTX
*mem_ctx
)
1382 blob
->length
= prs_data_size(prs
);
1383 blob
->data
= (uint8
*)TALLOC_ZERO_SIZE(mem_ctx
, blob
->length
);
1385 /* set the pointer at the end of the buffer */
1386 prs_set_offset( prs
, prs_data_size(prs
) );
1388 if (!prs_copy_all_data_out((char *)blob
->data
, prs
))