search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/docs: Fix typos.
[Samba/gebeck_regimport.git] / source3 / rpc_parse / parse_prs.c
blob621ccf4bc90cac7bb8390151f2e8c74da81020ca
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_RPC_PARSE
27
28 /**
29 * Dump a prs to a file: from the current location through to the end.
30 **/
31 void prs_dump(const char *name, int v, prs_struct *ps)
32 {
33 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
34 }
35
36 /**
37 * Dump from the start of the prs to the current location.
38 **/
39 void prs_dump_before(const char *name, int v, prs_struct *ps)
40 {
41 prs_dump_region(name, v, ps, 0, ps->data_offset);
42 }
43
44 /**
45 * Dump everything from the start of the prs up to the current location.
46 **/
47 void prs_dump_region(const char *name, int v, prs_struct *ps,
48 int from_off, int to_off)
49 {
50 int fd, i;
51 char *fname = NULL;
52 ssize_t sz;
53 if (DEBUGLEVEL < 50) return;
54 for (i=1;i<100;i++) {
55 if (v != -1) {
56 if (asprintf(&fname,"/tmp/%s_%d.%d.prs", name, v, i) < 0) {
57 return;
58 }
59 } else {
60 if (asprintf(&fname,"/tmp/%s.%d.prs", name, i) < 0) {
61 return;
62 }
63 }
64 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
65 if (fd != -1 || errno != EEXIST) break;
66 }
67 if (fd != -1) {
68 sz = write(fd, ps->data_p + from_off, to_off - from_off);
69 i = close(fd);
70 if ( (sz != to_off-from_off) || (i != 0) ) {
71 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
72 } else {
73 DEBUG(0,("created %s\n", fname));
74 }
75 }
76 SAFE_FREE(fname);
77 }
78
79 /*******************************************************************
80 Debug output for parsing info
81
82 XXXX side-effect of this function is to increase the debug depth XXXX.
83
84 ********************************************************************/
85
86 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
87 {
88 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(5+depth,depth), ps->data_offset, fn_name, desc));
89 }
90
91 /**
92 * Initialise an expandable parse structure.
93 *
94 * @param size Initial buffer size. If >0, a new buffer will be
95 * created with malloc().
96 *
97 * @return False if allocation fails, otherwise True.
98 **/
99
100 bool prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, bool io)
101 {
102 ZERO_STRUCTP(ps);
103 ps->io = io;
104 ps->bigendian_data = RPC_LITTLE_ENDIAN;
105 ps->align = RPC_PARSE_ALIGN;
106 ps->is_dynamic = False;
107 ps->data_offset = 0;
108 ps->buffer_size = 0;
109 ps->data_p = NULL;
110 ps->mem_ctx = ctx;
111
112 if (size != 0) {
113 ps->buffer_size = size;
114 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
115 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
116 return False;
117 }
118 memset(ps->data_p, '\0', (size_t)size);
119 ps->is_dynamic = True; /* We own this memory. */
120 } else if (MARSHALLING(ps)) {
121 /* If size is zero and we're marshalling we should allocate memory on demand. */
122 ps->is_dynamic = True;
123 }
124
125 return True;
126 }
127
128 /*******************************************************************
129 Delete the memory in a parse structure - if we own it.
130
131 NOTE: Contrary to the somewhat confusing naming, this function is not
132 intended for freeing memory allocated by prs_alloc_mem(). That memory
133 is attached to the talloc context given by ps->mem_ctx.
134 ********************************************************************/
135
136 void prs_mem_free(prs_struct *ps)
137 {
138 if(ps->is_dynamic)
139 SAFE_FREE(ps->data_p);
140 ps->is_dynamic = False;
141 ps->buffer_size = 0;
142 ps->data_offset = 0;
143 }
144
145 /*******************************************************************
146 Clear the memory in a parse structure.
147 ********************************************************************/
148
149 void prs_mem_clear(prs_struct *ps)
150 {
151 if (ps->buffer_size)
152 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
153 }
154
155 /*******************************************************************
156 Allocate memory when unmarshalling... Always zero clears.
157 ********************************************************************/
158
159 #if defined(PARANOID_MALLOC_CHECKER)
160 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
161 #else
162 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
163 #endif
164 {
165 char *ret = NULL;
166
167 if (size && count) {
168 /* We can't call the type-safe version here. */
169 ret = (char *)_talloc_zero_array(ps->mem_ctx, size, count,
170 "parse_prs");
171 }
172 return ret;
173 }
174
175 /*******************************************************************
176 Return the current talloc context we're using.
177 ********************************************************************/
178
179 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
180 {
181 return ps->mem_ctx;
182 }
183
184 /*******************************************************************
185 Hand some already allocated memory to a prs_struct.
186 ********************************************************************/
187
188 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, bool is_dynamic)
189 {
190 ps->is_dynamic = is_dynamic;
191 ps->data_p = buf;
192 ps->buffer_size = size;
193 }
194
195 /*******************************************************************
196 Take some memory back from a prs_struct.
197 ********************************************************************/
198
199 char *prs_take_memory(prs_struct *ps, uint32 *psize)
200 {
201 char *ret = ps->data_p;
202 if(psize)
203 *psize = ps->buffer_size;
204 ps->is_dynamic = False;
205 prs_mem_free(ps);
206 return ret;
207 }
208
209 /*******************************************************************
210 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
211 ********************************************************************/
212
213 bool prs_set_buffer_size(prs_struct *ps, uint32 newsize)
214 {
215 if (newsize > ps->buffer_size)
216 return prs_force_grow(ps, newsize - ps->buffer_size);
217
218 if (newsize < ps->buffer_size) {
219 ps->buffer_size = newsize;
220
221 /* newsize == 0 acts as a free and set pointer to NULL */
222 if (newsize == 0) {
223 SAFE_FREE(ps->data_p);
224 } else {
225 ps->data_p = (char *)SMB_REALLOC(ps->data_p, newsize);
226
227 if (ps->data_p == NULL) {
228 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
229 (unsigned int)newsize));
230 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
231 return False;
232 }
233 }
234 }
235
236 return True;
237 }
238
239 /*******************************************************************
240 Attempt, if needed, to grow a data buffer.
241 Also depends on the data stream mode (io).
242 ********************************************************************/
243
244 bool prs_grow(prs_struct *ps, uint32 extra_space)
245 {
246 uint32 new_size;
247
248 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
249
250 if(ps->data_offset + extra_space <= ps->buffer_size)
251 return True;
252
253 /*
254 * We cannot grow the buffer if we're not reading
255 * into the prs_struct, or if we don't own the memory.
256 */
257
258 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
259 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
260 (unsigned int)extra_space));
261 return False;
262 }
263
264 /*
265 * Decide how much extra space we really need.
266 */
267
268 extra_space -= (ps->buffer_size - ps->data_offset);
269 if(ps->buffer_size == 0) {
270
271 /*
272 * Start with 128 bytes (arbitrary value), enough for small rpc
273 * requests
274 */
275 new_size = MAX(128, extra_space);
276
277 if((ps->data_p = (char *)SMB_MALLOC(new_size)) == NULL) {
278 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
279 return False;
280 }
281 memset(ps->data_p, '\0', (size_t)new_size );
282 } else {
283 /*
284 * If the current buffer size is bigger than the space needed,
285 * just double it, else add extra_space. Always keep 64 bytes
286 * more, so that after we added a large blob we don't have to
287 * realloc immediately again.
288 */
289 new_size = MAX(ps->buffer_size*2,
290 ps->buffer_size + extra_space + 64);
291
292 if ((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
293 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
294 (unsigned int)new_size));
295 return False;
296 }
297
298 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
299 }
300 ps->buffer_size = new_size;
301
302 return True;
303 }
304
305 /*******************************************************************
306 Attempt to force a data buffer to grow by len bytes.
307 This is only used when appending more data onto a prs_struct
308 when reading an rpc reply, before unmarshalling it.
309 ********************************************************************/
310
311 bool prs_force_grow(prs_struct *ps, uint32 extra_space)
312 {
313 uint32 new_size = ps->buffer_size + extra_space;
314
315 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
316 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
317 (unsigned int)extra_space));
318 return False;
319 }
320
321 if((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
322 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
323 (unsigned int)new_size));
324 return False;
325 }
326
327 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
328
329 ps->buffer_size = new_size;
330
331 return True;
332 }
333
334 /*******************************************************************
335 Get the data pointer (external interface).
336 ********************************************************************/
337
338 char *prs_data_p(prs_struct *ps)
339 {
340 return ps->data_p;
341 }
342
343 /*******************************************************************
344 Get the current data size (external interface).
345 ********************************************************************/
346
347 uint32 prs_data_size(prs_struct *ps)
348 {
349 return ps->buffer_size;
350 }
351
352 /*******************************************************************
353 Fetch the current offset (external interface).
354 ********************************************************************/
355
356 uint32 prs_offset(prs_struct *ps)
357 {
358 return ps->data_offset;
359 }
360
361 /*******************************************************************
362 Set the current offset (external interface).
363 ********************************************************************/
364
365 bool prs_set_offset(prs_struct *ps, uint32 offset)
366 {
367 if ((offset > ps->data_offset)
368 && !prs_grow(ps, offset - ps->data_offset)) {
369 return False;
370 }
371
372 ps->data_offset = offset;
373 return True;
374 }
375
376 /*******************************************************************
377 Append the data from one parse_struct into another.
378 ********************************************************************/
379
380 bool prs_append_prs_data(prs_struct *dst, prs_struct *src)
381 {
382 if (prs_offset(src) == 0)
383 return True;
384
385 if(!prs_grow(dst, prs_offset(src)))
386 return False;
387
388 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
389 dst->data_offset += prs_offset(src);
390
391 return True;
392 }
393
394 /*******************************************************************
395 Append some data from one parse_struct into another.
396 ********************************************************************/
397
398 bool prs_append_some_data(prs_struct *dst, void *src_base, uint32_t start,
399 uint32_t len)
400 {
401 if (len == 0) {
402 return true;
403 }
404
405 if(!prs_grow(dst, len)) {
406 return false;
407 }
408
409 memcpy(&dst->data_p[dst->data_offset], ((char *)src_base) + start, (size_t)len);
410 dst->data_offset += len;
411 return true;
412 }
413
414 bool prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start,
415 uint32 len)
416 {
417 return prs_append_some_data(dst, src->data_p, start, len);
418 }
419
420 /*******************************************************************
421 Append the data from a buffer into a parse_struct.
422 ********************************************************************/
423
424 bool prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
425 {
426 if (len == 0)
427 return True;
428
429 if(!prs_grow(dst, len))
430 return False;
431
432 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
433 dst->data_offset += len;
434
435 return True;
436 }
437
438 /*******************************************************************
439 Copy some data from a parse_struct into a buffer.
440 ********************************************************************/
441
442 bool prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
443 {
444 if (len == 0)
445 return True;
446
447 if(!prs_mem_get(src, len))
448 return False;
449
450 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
451 src->data_offset += len;
452
453 return True;
454 }
455
456 /*******************************************************************
457 Copy all the data from a parse_struct into a buffer.
458 ********************************************************************/
459
460 bool prs_copy_all_data_out(char *dst, prs_struct *src)
461 {
462 uint32 len = prs_offset(src);
463
464 if (!len)
465 return True;
466
467 prs_set_offset(src, 0);
468 return prs_copy_data_out(dst, src, len);
469 }
470
471 /*******************************************************************
472 Set the data as X-endian (external interface).
473 ********************************************************************/
474
475 void prs_set_endian_data(prs_struct *ps, bool endian)
476 {
477 ps->bigendian_data = endian;
478 }
479
480 /*******************************************************************
481 Align a the data_len to a multiple of align bytes - filling with
482 zeros.
483 ********************************************************************/
484
485 bool prs_align(prs_struct *ps)
486 {
487 uint32 mod = ps->data_offset & (ps->align-1);
488
489 if (ps->align != 0 && mod != 0) {
490 uint32 extra_space = (ps->align - mod);
491 if(!prs_grow(ps, extra_space))
492 return False;
493 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
494 ps->data_offset += extra_space;
495 }
496
497 return True;
498 }
499
500 /******************************************************************
501 Align on a 2 byte boundary
502 *****************************************************************/
503
504 bool prs_align_uint16(prs_struct *ps)
505 {
506 bool ret;
507 uint8 old_align = ps->align;
508
509 ps->align = 2;
510 ret = prs_align(ps);
511 ps->align = old_align;
512
513 return ret;
514 }
515
516 /******************************************************************
517 Align on a 8 byte boundary
518 *****************************************************************/
519
520 bool prs_align_uint64(prs_struct *ps)
521 {
522 bool ret;
523 uint8 old_align = ps->align;
524
525 ps->align = 8;
526 ret = prs_align(ps);
527 ps->align = old_align;
528
529 return ret;
530 }
531
532 /******************************************************************
533 Align on a specific byte boundary
534 *****************************************************************/
535
536 bool prs_align_custom(prs_struct *ps, uint8 boundary)
537 {
538 bool ret;
539 uint8 old_align = ps->align;
540
541 ps->align = boundary;
542 ret = prs_align(ps);
543 ps->align = old_align;
544
545 return ret;
546 }
547
548
549
550 /*******************************************************************
551 Align only if required (for the unistr2 string mainly)
552 ********************************************************************/
553
554 bool prs_align_needed(prs_struct *ps, uint32 needed)
555 {
556 if (needed==0)
557 return True;
558 else
559 return prs_align(ps);
560 }
561
562 /*******************************************************************
563 Ensure we can read/write to a given offset.
564 ********************************************************************/
565
566 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
567 {
568 if(UNMARSHALLING(ps)) {
569 /*
570 * If reading, ensure that we can read the requested size item.
571 */
572 if (ps->data_offset + extra_size > ps->buffer_size) {
573 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
574 "buffer by %u bytes.\n",
575 (unsigned int)extra_size,
576 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
577 return NULL;
578 }
579 } else {
580 /*
581 * Writing - grow the buffer if needed.
582 */
583 if(!prs_grow(ps, extra_size))
584 return NULL;
585 }
586 return &ps->data_p[ps->data_offset];
587 }
588
589 /*******************************************************************
590 Change the struct type.
591 ********************************************************************/
592
593 void prs_switch_type(prs_struct *ps, bool io)
594 {
595 if ((ps->io ^ io) == True)
596 ps->io=io;
597 }
598
599 /*******************************************************************
600 Force a prs_struct to be dynamic even when it's size is 0.
601 ********************************************************************/
602
603 void prs_force_dynamic(prs_struct *ps)
604 {
605 ps->is_dynamic=True;
606 }
607
608 /*******************************************************************
609 Associate a session key with a parse struct.
610 ********************************************************************/
611
612 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
613 {
614 ps->sess_key = sess_key;
615 }
616
617 /*******************************************************************
618 Stream a uint8.
619 ********************************************************************/
620
621 bool prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
622 {
623 char *q = prs_mem_get(ps, 1);
624 if (q == NULL)
625 return False;
626
627 if (UNMARSHALLING(ps))
628 *data8 = CVAL(q,0);
629 else
630 SCVAL(q,0,*data8);
631
632 DEBUGADD(5,("%s%04x %s: %02x\n", tab_depth(5,depth), ps->data_offset, name, *data8));
633
634 ps->data_offset += 1;
635
636 return True;
637 }
638
639 /*******************************************************************
640 Stream a uint16.
641 ********************************************************************/
642
643 bool prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
644 {
645 char *q = prs_mem_get(ps, sizeof(uint16));
646 if (q == NULL)
647 return False;
648
649 if (UNMARSHALLING(ps)) {
650 if (ps->bigendian_data)
651 *data16 = RSVAL(q,0);
652 else
653 *data16 = SVAL(q,0);
654 } else {
655 if (ps->bigendian_data)
656 RSSVAL(q,0,*data16);
657 else
658 SSVAL(q,0,*data16);
659 }
660
661 DEBUGADD(5,("%s%04x %s: %04x\n", tab_depth(5,depth), ps->data_offset, name, *data16));
662
663 ps->data_offset += sizeof(uint16);
664
665 return True;
666 }
667
668 /*******************************************************************
669 Stream a uint32.
670 ********************************************************************/
671
672 bool prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
673 {
674 char *q = prs_mem_get(ps, sizeof(uint32));
675 if (q == NULL)
676 return False;
677
678 if (UNMARSHALLING(ps)) {
679 if (ps->bigendian_data)
680 *data32 = RIVAL(q,0);
681 else
682 *data32 = IVAL(q,0);
683 } else {
684 if (ps->bigendian_data)
685 RSIVAL(q,0,*data32);
686 else
687 SIVAL(q,0,*data32);
688 }
689
690 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
691
692 ps->data_offset += sizeof(uint32);
693
694 return True;
695 }
696
697 /*******************************************************************
698 Stream an int32.
699 ********************************************************************/
700
701 bool prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
702 {
703 char *q = prs_mem_get(ps, sizeof(int32));
704 if (q == NULL)
705 return False;
706
707 if (UNMARSHALLING(ps)) {
708 if (ps->bigendian_data)
709 *data32 = RIVALS(q,0);
710 else
711 *data32 = IVALS(q,0);
712 } else {
713 if (ps->bigendian_data)
714 RSIVALS(q,0,*data32);
715 else
716 SIVALS(q,0,*data32);
717 }
718
719 DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
720
721 ps->data_offset += sizeof(int32);
722
723 return True;
724 }
725
726 /*******************************************************************
727 Stream a uint64_struct
728 ********************************************************************/
729 bool prs_uint64(const char *name, prs_struct *ps, int depth, uint64 *data64)
730 {
731 if (UNMARSHALLING(ps)) {
732 uint32 high, low;
733
734 if (!prs_uint32(name, ps, depth+1, &low))
735 return False;
736
737 if (!prs_uint32(name, ps, depth+1, &high))
738 return False;
739
740 *data64 = ((uint64_t)high << 32) + low;
741
742 return True;
743 } else {
744 uint32 high = (*data64) >> 32, low = (*data64) & 0xFFFFFFFF;
745 return prs_uint32(name, ps, depth+1, &low) &&
746 prs_uint32(name, ps, depth+1, &high);
747 }
748 }
749
750 /*******************************************************************
751 Stream a DCE error code
752 ********************************************************************/
753
754 bool prs_dcerpc_status(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
755 {
756 char *q = prs_mem_get(ps, sizeof(uint32));
757 if (q == NULL)
758 return False;
759
760 if (UNMARSHALLING(ps)) {
761 if (ps->bigendian_data)
762 *status = NT_STATUS(RIVAL(q,0));
763 else
764 *status = NT_STATUS(IVAL(q,0));
765 } else {
766 if (ps->bigendian_data)
767 RSIVAL(q,0,NT_STATUS_V(*status));
768 else
769 SIVAL(q,0,NT_STATUS_V(*status));
770 }
771
772 DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name,
773 dcerpc_errstr(debug_ctx(), NT_STATUS_V(*status))));
774
775 ps->data_offset += sizeof(uint32);
776
777 return True;
778 }
779
780 /******************************************************************
781 Stream an array of uint8s. Length is number of uint8s.
782 ********************************************************************/
783
784 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
785 {
786 int i;
787 char *q = prs_mem_get(ps, len);
788 if (q == NULL)
789 return False;
790
791 if (UNMARSHALLING(ps)) {
792 for (i = 0; i < len; i++)
793 data8s[i] = CVAL(q,i);
794 } else {
795 for (i = 0; i < len; i++)
796 SCVAL(q, i, data8s[i]);
797 }
798
799 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset ,name));
800 if (charmode)
801 print_asc(5, (unsigned char*)data8s, len);
802 else {
803 for (i = 0; i < len; i++)
804 DEBUGADD(5,("%02x ", data8s[i]));
805 }
806 DEBUGADD(5,("\n"));
807
808 ps->data_offset += len;
809
810 return True;
811 }
812
813 /******************************************************************
814 Stream an array of uint16s. Length is number of uint16s.
815 ********************************************************************/
816
817 bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
818 {
819 int i;
820 char *q = prs_mem_get(ps, len * sizeof(uint16));
821 if (q == NULL)
822 return False;
823
824 if (UNMARSHALLING(ps)) {
825 if (ps->bigendian_data) {
826 for (i = 0; i < len; i++)
827 data16s[i] = RSVAL(q, 2*i);
828 } else {
829 for (i = 0; i < len; i++)
830 data16s[i] = SVAL(q, 2*i);
831 }
832 } else {
833 if (ps->bigendian_data) {
834 for (i = 0; i < len; i++)
835 RSSVAL(q, 2*i, data16s[i]);
836 } else {
837 for (i = 0; i < len; i++)
838 SSVAL(q, 2*i, data16s[i]);
839 }
840 }
841
842 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
843 if (charmode)
844 print_asc(5, (unsigned char*)data16s, 2*len);
845 else {
846 for (i = 0; i < len; i++)
847 DEBUGADD(5,("%04x ", data16s[i]));
848 }
849 DEBUGADD(5,("\n"));
850
851 ps->data_offset += (len * sizeof(uint16));
852
853 return True;
854 }
855
856 /******************************************************************
857 Stream an array of uint32s. Length is number of uint32s.
858 ********************************************************************/
859
860 bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
861 {
862 int i;
863 char *q = prs_mem_get(ps, len * sizeof(uint32));
864 if (q == NULL)
865 return False;
866
867 if (UNMARSHALLING(ps)) {
868 if (ps->bigendian_data) {
869 for (i = 0; i < len; i++)
870 data32s[i] = RIVAL(q, 4*i);
871 } else {
872 for (i = 0; i < len; i++)
873 data32s[i] = IVAL(q, 4*i);
874 }
875 } else {
876 if (ps->bigendian_data) {
877 for (i = 0; i < len; i++)
878 RSIVAL(q, 4*i, data32s[i]);
879 } else {
880 for (i = 0; i < len; i++)
881 SIVAL(q, 4*i, data32s[i]);
882 }
883 }
884
885 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
886 if (charmode)
887 print_asc(5, (unsigned char*)data32s, 4*len);
888 else {
889 for (i = 0; i < len; i++)
890 DEBUGADD(5,("%08x ", data32s[i]));
891 }
892 DEBUGADD(5,("\n"));
893
894 ps->data_offset += (len * sizeof(uint32));
895
896 return True;
897 }
898
899 /*******************************************************************
900 Stream a unicode null-terminated string. As the string is already
901 in little-endian format then do it as a stream of bytes.
902 ********************************************************************/
903
904 bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
905 {
906 unsigned int len = 0;
907 unsigned char *p = (unsigned char *)str->buffer;
908 uint8 *start;
909 char *q;
910 uint32 max_len;
911 uint16* ptr;
912
913 if (MARSHALLING(ps)) {
914
915 for(len = 0; str->buffer[len] != 0; len++)
916 ;
917
918 q = prs_mem_get(ps, (len+1)*2);
919 if (q == NULL)
920 return False;
921
922 start = (uint8*)q;
923
924 for(len = 0; str->buffer[len] != 0; len++) {
925 if(ps->bigendian_data) {
926 /* swap bytes - p is little endian, q is big endian. */
927 q[0] = (char)p[1];
928 q[1] = (char)p[0];
929 p += 2;
930 q += 2;
931 }
932 else
933 {
934 q[0] = (char)p[0];
935 q[1] = (char)p[1];
936 p += 2;
937 q += 2;
938 }
939 }
940
941 /*
942 * even if the string is 'empty' (only an \0 char)
943 * at this point the leading \0 hasn't been parsed.
944 * so parse it now
945 */
946
947 q[0] = 0;
948 q[1] = 0;
949 q += 2;
950
951 len++;
952
953 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
954 print_asc(5, (unsigned char*)start, 2*len);
955 DEBUGADD(5, ("\n"));
956 }
957 else { /* unmarshalling */
958
959 uint32 alloc_len = 0;
960 q = ps->data_p + prs_offset(ps);
961
962 /*
963 * Work out how much space we need and talloc it.
964 */
965 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
966
967 /* the test of the value of *ptr helps to catch the circumstance
968 where we have an emtpty (non-existent) string in the buffer */
969 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
970 /* do nothing */
971 ;
972
973 if (alloc_len < max_len)
974 alloc_len += 1;
975
976 /* should we allocate anything at all? */
977 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
978 if ((str->buffer == NULL) && (alloc_len > 0))
979 return False;
980
981 p = (unsigned char *)str->buffer;
982
983 len = 0;
984 /* the (len < alloc_len) test is to prevent us from overwriting
985 memory that is not ours...if we get that far, we have a non-null
986 terminated string in the buffer and have messed up somewhere */
987 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
988 if(ps->bigendian_data)
989 {
990 /* swap bytes - q is big endian, p is little endian. */
991 p[0] = (unsigned char)q[1];
992 p[1] = (unsigned char)q[0];
993 p += 2;
994 q += 2;
995 } else {
996
997 p[0] = (unsigned char)q[0];
998 p[1] = (unsigned char)q[1];
999 p += 2;
1000 q += 2;
1001 }
1002
1003 len++;
1004 }
1005 if (len < alloc_len) {
1006 /* NULL terminate the UNISTR */
1007 str->buffer[len++] = '\0';
1008 }
1009
1010 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1011 print_asc(5, (unsigned char*)str->buffer, 2*len);
1012 DEBUGADD(5, ("\n"));
1013 }
1014
1015 /* set the offset in the prs_struct; 'len' points to the
1016 terminiating NULL in the UNISTR so we need to go one more
1017 uint16 */
1018 ps->data_offset += (len)*2;
1019
1020 return True;
1021 }
1022
1023
1024 /*******************************************************************
1025 Stream a null-terminated string. len is strlen, and therefore does
1026 not include the null-termination character.
1027 ********************************************************************/
1028
1029 bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1030 {
1031 char *q;
1032 int i;
1033 int len;
1034
1035 if (UNMARSHALLING(ps))
1036 len = strlen(&ps->data_p[ps->data_offset]);
1037 else
1038 len = strlen(str);
1039
1040 len = MIN(len, (max_buf_size-1));
1041
1042 q = prs_mem_get(ps, len+1);
1043 if (q == NULL)
1044 return False;
1045
1046 for(i = 0; i < len; i++) {
1047 if (UNMARSHALLING(ps))
1048 str[i] = q[i];
1049 else
1050 q[i] = str[i];
1051 }
1052
1053 /* The terminating null. */
1054 str[i] = '\0';
1055
1056 if (MARSHALLING(ps)) {
1057 q[i] = '\0';
1058 }
1059
1060 ps->data_offset += len+1;
1061
1062 dump_data(5+depth, (uint8 *)q, len);
1063
1064 return True;
1065 }
1066
1067 /*******************************************************************
1068 Create a digest over the entire packet (including the data), and
1069 MD5 it with the session key.
1070 ********************************************************************/
1071
1072 static void schannel_digest(struct schannel_auth_struct *a,
1073 enum pipe_auth_level auth_level,
1074 RPC_AUTH_SCHANNEL_CHK * verf,
1075 char *data, size_t data_len,
1076 uchar digest_final[16])
1077 {
1078 uchar whole_packet_digest[16];
1079 uchar zeros[4];
1080 struct MD5Context ctx3;
1081
1082 ZERO_STRUCT(zeros);
1083
1084 /* verfiy the signature on the packet by MD5 over various bits */
1085 MD5Init(&ctx3);
1086 /* use our sequence number, which ensures the packet is not
1087 out of order */
1088 MD5Update(&ctx3, zeros, sizeof(zeros));
1089 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1090 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1091 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1092 }
1093 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1094 MD5Final(whole_packet_digest, &ctx3);
1095 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1096
1097 /* MD5 this result and the session key, to prove that
1098 only a valid client could had produced this */
1099 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1100 }
1101
1102 /*******************************************************************
1103 Calculate the key with which to encode the data payload
1104 ********************************************************************/
1105
1106 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1107 RPC_AUTH_SCHANNEL_CHK *verf,
1108 uchar sealing_key[16])
1109 {
1110 uchar zeros[4];
1111 uchar digest2[16];
1112 uchar sess_kf0[16];
1113 int i;
1114
1115 ZERO_STRUCT(zeros);
1116
1117 for (i = 0; i < sizeof(sess_kf0); i++) {
1118 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1119 }
1120
1121 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1122
1123 /* MD5 of sess_kf0 and 4 zero bytes */
1124 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1125 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1126
1127 /* MD5 of the above result, plus 8 bytes of sequence number */
1128 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1129 dump_data_pw("sealing_key:\n", sealing_key, 16);
1130 }
1131
1132 /*******************************************************************
1133 Encode or Decode the sequence number (which is symmetric)
1134 ********************************************************************/
1135
1136 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1137 RPC_AUTH_SCHANNEL_CHK *verf)
1138 {
1139 uchar zeros[4];
1140 uchar sequence_key[16];
1141 uchar digest1[16];
1142
1143 ZERO_STRUCT(zeros);
1144
1145 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1146 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1147
1148 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1149
1150 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1151
1152 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1153 arcfour_crypt(verf->seq_num, sequence_key, 8);
1154 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1155 }
1156
1157 /*******************************************************************
1158 creates an RPC_AUTH_SCHANNEL_CHK structure.
1159 ********************************************************************/
1160
1161 static bool init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1162 const uchar sig[8],
1163 const uchar packet_digest[8],
1164 const uchar seq_num[8], const uchar confounder[8])
1165 {
1166 if (chk == NULL)
1167 return False;
1168
1169 memcpy(chk->sig, sig, sizeof(chk->sig));
1170 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1171 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1172 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1173
1174 return True;
1175 }
1176
1177 /*******************************************************************
1178 Encode a blob of data using the schannel alogrithm, also produceing
1179 a checksum over the original data. We currently only support
1180 signing and sealing togeather - the signing-only code is close, but not
1181 quite compatible with what MS does.
1182 ********************************************************************/
1183
1184 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1185 enum schannel_direction direction,
1186 RPC_AUTH_SCHANNEL_CHK * verf,
1187 char *data, size_t data_len)
1188 {
1189 uchar digest_final[16];
1190 uchar confounder[8];
1191 uchar seq_num[8];
1192 static const uchar nullbytes[8] = { 0, };
1193
1194 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1195 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1196 const uchar *schannel_sig = NULL;
1197
1198 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1199
1200 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1201 schannel_sig = schannel_seal_sig;
1202 } else {
1203 schannel_sig = schannel_sign_sig;
1204 }
1205
1206 /* fill the 'confounder' with random data */
1207 generate_random_buffer(confounder, sizeof(confounder));
1208
1209 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1210
1211 RSIVAL(seq_num, 0, a->seq_num);
1212
1213 switch (direction) {
1214 case SENDER_IS_INITIATOR:
1215 SIVAL(seq_num, 4, 0x80);
1216 break;
1217 case SENDER_IS_ACCEPTOR:
1218 SIVAL(seq_num, 4, 0x0);
1219 break;
1220 }
1221
1222 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1223
1224 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1225 seq_num, confounder);
1226
1227 /* produce a digest of the packet to prove it's legit (before we seal it) */
1228 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1229 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1230
1231 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1232 uchar sealing_key[16];
1233
1234 /* get the key to encode the data with */
1235 schannel_get_sealing_key(a, verf, sealing_key);
1236
1237 /* encode the verification data */
1238 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1239 arcfour_crypt(verf->confounder, sealing_key, 8);
1240
1241 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1242
1243 /* encode the packet payload */
1244 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1245 arcfour_crypt((unsigned char *)data, sealing_key, data_len);
1246 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1247 }
1248
1249 /* encode the sequence number (key based on packet digest) */
1250 /* needs to be done after the sealing, as the original version
1251 is used in the sealing stuff... */
1252 schannel_deal_with_seq_num(a, verf);
1253
1254 return;
1255 }
1256
1257 /*******************************************************************
1258 Decode a blob of data using the schannel alogrithm, also verifiying
1259 a checksum over the original data. We currently can verify signed messages,
1260 as well as decode sealed messages
1261 ********************************************************************/
1262
1263 bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1264 enum schannel_direction direction,
1265 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1266 {
1267 uchar digest_final[16];
1268
1269 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1270 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1271 const uchar *schannel_sig = NULL;
1272
1273 uchar seq_num[8];
1274
1275 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1276
1277 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1278 schannel_sig = schannel_seal_sig;
1279 } else {
1280 schannel_sig = schannel_sign_sig;
1281 }
1282
1283 /* Create the expected sequence number for comparison */
1284 RSIVAL(seq_num, 0, a->seq_num);
1285
1286 switch (direction) {
1287 case SENDER_IS_INITIATOR:
1288 SIVAL(seq_num, 4, 0x80);
1289 break;
1290 case SENDER_IS_ACCEPTOR:
1291 SIVAL(seq_num, 4, 0x0);
1292 break;
1293 }
1294
1295 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1296 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1297
1298 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1299
1300 /* extract the sequence number (key based on supplied packet digest) */
1301 /* needs to be done before the sealing, as the original version
1302 is used in the sealing stuff... */
1303 schannel_deal_with_seq_num(a, verf);
1304
1305 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1306 /* don't even bother with the below if the sequence number is out */
1307 /* The sequence number is MD5'ed with a key based on the whole-packet
1308 digest, as supplied by the client. We check that it's a valid
1309 checksum after the decode, below
1310 */
1311 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1312 dump_data(2, verf->seq_num, sizeof(verf->seq_num));
1313 DEBUG(2, ("should be:\n"));
1314 dump_data(2, seq_num, sizeof(seq_num));
1315
1316 return False;
1317 }
1318
1319 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1320 /* Validate that the other end sent the expected header */
1321 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1322 dump_data(2, verf->sig, sizeof(verf->sig));
1323 DEBUG(2, ("should be:\n"));
1324 dump_data(2, schannel_sig, sizeof(schannel_sig));
1325 return False;
1326 }
1327
1328 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1329 uchar sealing_key[16];
1330
1331 /* get the key to extract the data with */
1332 schannel_get_sealing_key(a, verf, sealing_key);
1333
1334 /* extract the verification data */
1335 dump_data_pw("verf->confounder:\n", verf->confounder,
1336 sizeof(verf->confounder));
1337 arcfour_crypt(verf->confounder, sealing_key, 8);
1338
1339 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1340 sizeof(verf->confounder));
1341
1342 /* extract the packet payload */
1343 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1344 arcfour_crypt((unsigned char *)data, sealing_key, data_len);
1345 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1346 }
1347
1348 /* digest includes 'data' after unsealing */
1349 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1350
1351 dump_data_pw("Calculated digest:\n", digest_final,
1352 sizeof(digest_final));
1353 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1354 sizeof(verf->packet_digest));
1355
1356 /* compare - if the client got the same result as us, then
1357 it must know the session key */
1358 return (memcmp(digest_final, verf->packet_digest,
1359 sizeof(verf->packet_digest)) == 0);
1360 }
1361
1362 /*******************************************************************
1363 creates a new prs_struct containing a DATA_BLOB
1364 ********************************************************************/
1365 bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1366 {
1367 if (!prs_init( prs, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL ))
1368 return False;
1369
1370
1371 if (!prs_copy_data_in(prs, (char *)blob->data, blob->length))
1372 return False;
1373
1374 return True;
1375 }
1376
1377 /*******************************************************************
1378 return the contents of a prs_struct in a DATA_BLOB
1379 ********************************************************************/
1380 bool prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1381 {
1382 blob->length = prs_data_size(prs);
1383 blob->data = (uint8 *)TALLOC_ZERO_SIZE(mem_ctx, blob->length);
1384
1385 /* set the pointer at the end of the buffer */
1386 prs_set_offset( prs, prs_data_size(prs) );
1387
1388 if (!prs_copy_all_data_out((char *)blob->data, prs))
1389 return False;
1390
1391 return True;
1392 }
reg import