search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r13585: Sorry Gunther, had to revert this. It's got a buffer
[Samba/nascimento.git] / source / rpc_parse / parse_prs.c
blobc4f9f512ab72b6cce951f4ced13fbb176ca574fc
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30 * Dump a prs to a file: from the current location through to the end.
31 **/
32 void prs_dump(char *name, int v, prs_struct *ps)
33 {
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37 /**
38 * Dump from the start of the prs to the current location.
39 **/
40 void prs_dump_before(char *name, int v, prs_struct *ps)
41 {
42 prs_dump_region(name, v, ps, 0, ps->data_offset);
43 }
44
45 /**
46 * Dump everything from the start of the prs up to the current location.
47 **/
48 void prs_dump_region(char *name, int v, prs_struct *ps,
49 int from_off, int to_off)
50 {
51 int fd, i;
52 pstring fname;
53 ssize_t sz;
54 if (DEBUGLEVEL < 50) return;
55 for (i=1;i<100;i++) {
56 if (v != -1) {
57 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
58 } else {
59 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
60 }
61 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
62 if (fd != -1 || errno != EEXIST) break;
63 }
64 if (fd != -1) {
65 sz = write(fd, ps->data_p + from_off, to_off - from_off);
66 i = close(fd);
67 if ( (sz != to_off-from_off) || (i != 0) ) {
68 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
69 } else {
70 DEBUG(0,("created %s\n", fname));
71 }
72 }
73 }
74
75 /*******************************************************************
76 Debug output for parsing info
77
78 XXXX side-effect of this function is to increase the debug depth XXXX.
79
80 ********************************************************************/
81
82 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
83 {
84 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
85 }
86
87 /**
88 * Initialise an expandable parse structure.
89 *
90 * @param size Initial buffer size. If >0, a new buffer will be
91 * created with malloc().
92 *
93 * @return False if allocation fails, otherwise True.
94 **/
95
96 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
97 {
98 ZERO_STRUCTP(ps);
99 ps->io = io;
100 ps->bigendian_data = RPC_LITTLE_ENDIAN;
101 ps->align = RPC_PARSE_ALIGN;
102 ps->is_dynamic = False;
103 ps->data_offset = 0;
104 ps->buffer_size = 0;
105 ps->data_p = NULL;
106 ps->mem_ctx = ctx;
107
108 if (size != 0) {
109 ps->buffer_size = size;
110 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
111 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
112 return False;
113 }
114 memset(ps->data_p, '\0', (size_t)size);
115 ps->is_dynamic = True; /* We own this memory. */
116 } else if (MARSHALLING(ps)) {
117 /* If size is zero and we're marshalling we should allocate memory on demand. */
118 ps->is_dynamic = True;
119 }
120
121 return True;
122 }
123
124 /*******************************************************************
125 Delete the memory in a parse structure - if we own it.
126 ********************************************************************/
127
128 void prs_mem_free(prs_struct *ps)
129 {
130 if(ps->is_dynamic)
131 SAFE_FREE(ps->data_p);
132 ps->is_dynamic = False;
133 ps->buffer_size = 0;
134 ps->data_offset = 0;
135 }
136
137 /*******************************************************************
138 Clear the memory in a parse structure.
139 ********************************************************************/
140
141 void prs_mem_clear(prs_struct *ps)
142 {
143 if (ps->buffer_size)
144 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
145 }
146
147 /*******************************************************************
148 Allocate memory when unmarshalling... Always zero clears.
149 ********************************************************************/
150
151 #if defined(PARANOID_MALLOC_CHECKER)
152 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
153 #else
154 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
155 #endif
156 {
157 char *ret = NULL;
158
159 if (size) {
160 /* We can't call the type-safe version here. */
161 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
162 }
163 return ret;
164 }
165
166 /*******************************************************************
167 Return the current talloc context we're using.
168 ********************************************************************/
169
170 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
171 {
172 return ps->mem_ctx;
173 }
174
175 /*******************************************************************
176 Hand some already allocated memory to a prs_struct.
177 ********************************************************************/
178
179 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
180 {
181 ps->is_dynamic = is_dynamic;
182 ps->data_p = buf;
183 ps->buffer_size = size;
184 }
185
186 /*******************************************************************
187 Take some memory back from a prs_struct.
188 ********************************************************************/
189
190 char *prs_take_memory(prs_struct *ps, uint32 *psize)
191 {
192 char *ret = ps->data_p;
193 if(psize)
194 *psize = ps->buffer_size;
195 ps->is_dynamic = False;
196 prs_mem_free(ps);
197 return ret;
198 }
199
200 /*******************************************************************
201 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
202 ********************************************************************/
203
204 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
205 {
206 if (newsize > ps->buffer_size)
207 return prs_force_grow(ps, newsize - ps->buffer_size);
208
209 if (newsize < ps->buffer_size) {
210 char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
211 /* if newsize is zero, Realloc acts like free() & returns NULL*/
212 if (new_data_p == NULL && newsize != 0) {
213 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
214 (unsigned int)newsize));
215 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
216 return False;
217 }
218 ps->data_p = new_data_p;
219 ps->buffer_size = newsize;
220 }
221
222 return True;
223 }
224
225 /*******************************************************************
226 Attempt, if needed, to grow a data buffer.
227 Also depends on the data stream mode (io).
228 ********************************************************************/
229
230 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
231 {
232 uint32 new_size;
233 char *new_data;
234
235 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
236
237 if(ps->data_offset + extra_space <= ps->buffer_size)
238 return True;
239
240 /*
241 * We cannot grow the buffer if we're not reading
242 * into the prs_struct, or if we don't own the memory.
243 */
244
245 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
246 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
247 (unsigned int)extra_space));
248 return False;
249 }
250
251 /*
252 * Decide how much extra space we really need.
253 */
254
255 extra_space -= (ps->buffer_size - ps->data_offset);
256 if(ps->buffer_size == 0) {
257 /*
258 * Ensure we have at least a PDU's length, or extra_space, whichever
259 * is greater.
260 */
261
262 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
263
264 if((new_data = SMB_MALLOC(new_size)) == NULL) {
265 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
266 return False;
267 }
268 memset(new_data, '\0', (size_t)new_size );
269 } else {
270 /*
271 * If the current buffer size is bigger than the space needed, just
272 * double it, else add extra_space.
273 */
274 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
275
276 if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
277 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
278 (unsigned int)new_size));
279 return False;
280 }
281
282 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
283 }
284 ps->buffer_size = new_size;
285 ps->data_p = new_data;
286
287 return True;
288 }
289
290 /*******************************************************************
291 Attempt to force a data buffer to grow by len bytes.
292 This is only used when appending more data onto a prs_struct
293 when reading an rpc reply, before unmarshalling it.
294 ********************************************************************/
295
296 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
297 {
298 uint32 new_size = ps->buffer_size + extra_space;
299 char *new_data;
300
301 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
302 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
303 (unsigned int)extra_space));
304 return False;
305 }
306
307 if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
308 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
309 (unsigned int)new_size));
310 return False;
311 }
312
313 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
314
315 ps->buffer_size = new_size;
316 ps->data_p = new_data;
317
318 return True;
319 }
320
321 /*******************************************************************
322 Get the data pointer (external interface).
323 ********************************************************************/
324
325 char *prs_data_p(prs_struct *ps)
326 {
327 return ps->data_p;
328 }
329
330 /*******************************************************************
331 Get the current data size (external interface).
332 ********************************************************************/
333
334 uint32 prs_data_size(prs_struct *ps)
335 {
336 return ps->buffer_size;
337 }
338
339 /*******************************************************************
340 Fetch the current offset (external interface).
341 ********************************************************************/
342
343 uint32 prs_offset(prs_struct *ps)
344 {
345 return ps->data_offset;
346 }
347
348 /*******************************************************************
349 Set the current offset (external interface).
350 ********************************************************************/
351
352 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
353 {
354 if(offset <= ps->data_offset) {
355 ps->data_offset = offset;
356 return True;
357 }
358
359 if(!prs_grow(ps, offset - ps->data_offset))
360 return False;
361
362 ps->data_offset = offset;
363 return True;
364 }
365
366 /*******************************************************************
367 Append the data from one parse_struct into another.
368 ********************************************************************/
369
370 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
371 {
372 if (prs_offset(src) == 0)
373 return True;
374
375 if(!prs_grow(dst, prs_offset(src)))
376 return False;
377
378 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
379 dst->data_offset += prs_offset(src);
380
381 return True;
382 }
383
384 /*******************************************************************
385 Append some data from one parse_struct into another.
386 ********************************************************************/
387
388 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
389 {
390 if (len == 0)
391 return True;
392
393 if(!prs_grow(dst, len))
394 return False;
395
396 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
397 dst->data_offset += len;
398
399 return True;
400 }
401
402 /*******************************************************************
403 Append the data from a buffer into a parse_struct.
404 ********************************************************************/
405
406 BOOL prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
407 {
408 if (len == 0)
409 return True;
410
411 if(!prs_grow(dst, len))
412 return False;
413
414 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
415 dst->data_offset += len;
416
417 return True;
418 }
419
420 /*******************************************************************
421 Copy some data from a parse_struct into a buffer.
422 ********************************************************************/
423
424 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
425 {
426 if (len == 0)
427 return True;
428
429 if(!prs_mem_get(src, len))
430 return False;
431
432 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
433 src->data_offset += len;
434
435 return True;
436 }
437
438 /*******************************************************************
439 Copy all the data from a parse_struct into a buffer.
440 ********************************************************************/
441
442 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
443 {
444 uint32 len = prs_offset(src);
445
446 if (!len)
447 return True;
448
449 prs_set_offset(src, 0);
450 return prs_copy_data_out(dst, src, len);
451 }
452
453 /*******************************************************************
454 Set the data as X-endian (external interface).
455 ********************************************************************/
456
457 void prs_set_endian_data(prs_struct *ps, BOOL endian)
458 {
459 ps->bigendian_data = endian;
460 }
461
462 /*******************************************************************
463 Align a the data_len to a multiple of align bytes - filling with
464 zeros.
465 ********************************************************************/
466
467 BOOL prs_align(prs_struct *ps)
468 {
469 uint32 mod = ps->data_offset & (ps->align-1);
470
471 if (ps->align != 0 && mod != 0) {
472 uint32 extra_space = (ps->align - mod);
473 if(!prs_grow(ps, extra_space))
474 return False;
475 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
476 ps->data_offset += extra_space;
477 }
478
479 return True;
480 }
481
482 /******************************************************************
483 Align on a 2 byte boundary
484 *****************************************************************/
485
486 BOOL prs_align_uint16(prs_struct *ps)
487 {
488 BOOL ret;
489 uint8 old_align = ps->align;
490
491 ps->align = 2;
492 ret = prs_align(ps);
493 ps->align = old_align;
494
495 return ret;
496 }
497
498 /******************************************************************
499 Align on a 8 byte boundary
500 *****************************************************************/
501
502 BOOL prs_align_uint64(prs_struct *ps)
503 {
504 BOOL ret;
505 uint8 old_align = ps->align;
506
507 ps->align = 8;
508 ret = prs_align(ps);
509 ps->align = old_align;
510
511 return ret;
512 }
513
514 /******************************************************************
515 Align on a specific byte boundary
516 *****************************************************************/
517
518 BOOL prs_align_custom(prs_struct *ps, uint8 boundary)
519 {
520 BOOL ret;
521 uint8 old_align = ps->align;
522
523 ps->align = boundary;
524 ret = prs_align(ps);
525 ps->align = old_align;
526
527 return ret;
528 }
529
530
531
532 /*******************************************************************
533 Align only if required (for the unistr2 string mainly)
534 ********************************************************************/
535
536 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
537 {
538 if (needed==0)
539 return True;
540 else
541 return prs_align(ps);
542 }
543
544 /*******************************************************************
545 Ensure we can read/write to a given offset.
546 ********************************************************************/
547
548 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
549 {
550 if(UNMARSHALLING(ps)) {
551 /*
552 * If reading, ensure that we can read the requested size item.
553 */
554 if (ps->data_offset + extra_size > ps->buffer_size) {
555 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
556 "buffer by %u bytes.\n",
557 (unsigned int)extra_size,
558 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
559 return NULL;
560 }
561 } else {
562 /*
563 * Writing - grow the buffer if needed.
564 */
565 if(!prs_grow(ps, extra_size))
566 return NULL;
567 }
568 return &ps->data_p[ps->data_offset];
569 }
570
571 /*******************************************************************
572 Change the struct type.
573 ********************************************************************/
574
575 void prs_switch_type(prs_struct *ps, BOOL io)
576 {
577 if ((ps->io ^ io) == True)
578 ps->io=io;
579 }
580
581 /*******************************************************************
582 Force a prs_struct to be dynamic even when it's size is 0.
583 ********************************************************************/
584
585 void prs_force_dynamic(prs_struct *ps)
586 {
587 ps->is_dynamic=True;
588 }
589
590 /*******************************************************************
591 Associate a session key with a parse struct.
592 ********************************************************************/
593
594 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
595 {
596 ps->sess_key = sess_key;
597 }
598
599 /*******************************************************************
600 Stream a uint8.
601 ********************************************************************/
602
603 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
604 {
605 char *q = prs_mem_get(ps, 1);
606 if (q == NULL)
607 return False;
608
609 if (UNMARSHALLING(ps))
610 *data8 = CVAL(q,0);
611 else
612 SCVAL(q,0,*data8);
613
614 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
615
616 ps->data_offset += 1;
617
618 return True;
619 }
620
621 /*******************************************************************
622 Stream a uint16* (allocate memory if unmarshalling)
623 ********************************************************************/
624
625 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
626 void **data, size_t data_size,
627 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
628 {
629 uint32 data_p;
630
631 /* output f000baaa to stream if the pointer is non-zero. */
632
633 data_p = *data ? 0xf000baaa : 0;
634
635 if ( !prs_uint32("ptr", ps, depth, &data_p ))
636 return False;
637
638 /* we're done if there is no data */
639
640 if ( !data_p )
641 return True;
642
643 if (UNMARSHALLING(ps)) {
644 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
645 return False;
646 }
647
648 return prs_fn(name, ps, depth, *data);
649 }
650
651
652 /*******************************************************************
653 Stream a uint16.
654 ********************************************************************/
655
656 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
657 {
658 char *q = prs_mem_get(ps, sizeof(uint16));
659 if (q == NULL)
660 return False;
661
662 if (UNMARSHALLING(ps)) {
663 if (ps->bigendian_data)
664 *data16 = RSVAL(q,0);
665 else
666 *data16 = SVAL(q,0);
667 } else {
668 if (ps->bigendian_data)
669 RSSVAL(q,0,*data16);
670 else
671 SSVAL(q,0,*data16);
672 }
673
674 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
675
676 ps->data_offset += sizeof(uint16);
677
678 return True;
679 }
680
681 /*******************************************************************
682 Stream a uint32.
683 ********************************************************************/
684
685 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
686 {
687 char *q = prs_mem_get(ps, sizeof(uint32));
688 if (q == NULL)
689 return False;
690
691 if (UNMARSHALLING(ps)) {
692 if (ps->bigendian_data)
693 *data32 = RIVAL(q,0);
694 else
695 *data32 = IVAL(q,0);
696 } else {
697 if (ps->bigendian_data)
698 RSIVAL(q,0,*data32);
699 else
700 SIVAL(q,0,*data32);
701 }
702
703 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
704
705 ps->data_offset += sizeof(uint32);
706
707 return True;
708 }
709
710 /*******************************************************************
711 Stream an int32.
712 ********************************************************************/
713
714 BOOL prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
715 {
716 char *q = prs_mem_get(ps, sizeof(int32));
717 if (q == NULL)
718 return False;
719
720 if (UNMARSHALLING(ps)) {
721 if (ps->bigendian_data)
722 *data32 = RIVALS(q,0);
723 else
724 *data32 = IVALS(q,0);
725 } else {
726 if (ps->bigendian_data)
727 RSIVALS(q,0,*data32);
728 else
729 SIVALS(q,0,*data32);
730 }
731
732 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
733
734 ps->data_offset += sizeof(int32);
735
736 return True;
737 }
738
739 /*******************************************************************
740 Stream a NTSTATUS
741 ********************************************************************/
742
743 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
744 {
745 char *q = prs_mem_get(ps, sizeof(uint32));
746 if (q == NULL)
747 return False;
748
749 if (UNMARSHALLING(ps)) {
750 if (ps->bigendian_data)
751 *status = NT_STATUS(RIVAL(q,0));
752 else
753 *status = NT_STATUS(IVAL(q,0));
754 } else {
755 if (ps->bigendian_data)
756 RSIVAL(q,0,NT_STATUS_V(*status));
757 else
758 SIVAL(q,0,NT_STATUS_V(*status));
759 }
760
761 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
762 nt_errstr(*status)));
763
764 ps->data_offset += sizeof(uint32);
765
766 return True;
767 }
768
769 /*******************************************************************
770 Stream a WERROR
771 ********************************************************************/
772
773 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
774 {
775 char *q = prs_mem_get(ps, sizeof(uint32));
776 if (q == NULL)
777 return False;
778
779 if (UNMARSHALLING(ps)) {
780 if (ps->bigendian_data)
781 *status = W_ERROR(RIVAL(q,0));
782 else
783 *status = W_ERROR(IVAL(q,0));
784 } else {
785 if (ps->bigendian_data)
786 RSIVAL(q,0,W_ERROR_V(*status));
787 else
788 SIVAL(q,0,W_ERROR_V(*status));
789 }
790
791 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
792 dos_errstr(*status)));
793
794 ps->data_offset += sizeof(uint32);
795
796 return True;
797 }
798
799
800 /******************************************************************
801 Stream an array of uint8s. Length is number of uint8s.
802 ********************************************************************/
803
804 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
805 {
806 int i;
807 char *q = prs_mem_get(ps, len);
808 if (q == NULL)
809 return False;
810
811 if (UNMARSHALLING(ps)) {
812 for (i = 0; i < len; i++)
813 data8s[i] = CVAL(q,i);
814 } else {
815 for (i = 0; i < len; i++)
816 SCVAL(q, i, data8s[i]);
817 }
818
819 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
820 if (charmode)
821 print_asc(5, (unsigned char*)data8s, len);
822 else {
823 for (i = 0; i < len; i++)
824 DEBUG(5,("%02x ", data8s[i]));
825 }
826 DEBUG(5,("\n"));
827
828 ps->data_offset += len;
829
830 return True;
831 }
832
833 /******************************************************************
834 Stream an array of uint16s. Length is number of uint16s.
835 ********************************************************************/
836
837 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
838 {
839 int i;
840 char *q = prs_mem_get(ps, len * sizeof(uint16));
841 if (q == NULL)
842 return False;
843
844 if (UNMARSHALLING(ps)) {
845 if (ps->bigendian_data) {
846 for (i = 0; i < len; i++)
847 data16s[i] = RSVAL(q, 2*i);
848 } else {
849 for (i = 0; i < len; i++)
850 data16s[i] = SVAL(q, 2*i);
851 }
852 } else {
853 if (ps->bigendian_data) {
854 for (i = 0; i < len; i++)
855 RSSVAL(q, 2*i, data16s[i]);
856 } else {
857 for (i = 0; i < len; i++)
858 SSVAL(q, 2*i, data16s[i]);
859 }
860 }
861
862 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
863 if (charmode)
864 print_asc(5, (unsigned char*)data16s, 2*len);
865 else {
866 for (i = 0; i < len; i++)
867 DEBUG(5,("%04x ", data16s[i]));
868 }
869 DEBUG(5,("\n"));
870
871 ps->data_offset += (len * sizeof(uint16));
872
873 return True;
874 }
875
876 /******************************************************************
877 Start using a function for streaming unicode chars. If unmarshalling,
878 output must be little-endian, if marshalling, input must be little-endian.
879 ********************************************************************/
880
881 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
882 char *in_buf, char *out_buf, int len)
883 {
884 int i;
885
886 if (UNMARSHALLING(ps)) {
887 if (ps->bigendian_data) {
888 for (i = 0; i < len; i++)
889 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
890 } else {
891 for (i = 0; i < len; i++)
892 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
893 }
894 } else {
895 if (ps->bigendian_data) {
896 for (i = 0; i < len; i++)
897 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
898 } else {
899 for (i = 0; i < len; i++)
900 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
901 }
902 }
903
904 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
905 if (charmode)
906 print_asc(5, (unsigned char*)out_buf, 2*len);
907 else {
908 for (i = 0; i < len; i++)
909 DEBUG(5,("%04x ", out_buf[i]));
910 }
911 DEBUG(5,("\n"));
912 }
913
914 /******************************************************************
915 Stream a unistr. Always little endian.
916 ********************************************************************/
917
918 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
919 {
920 char *q = prs_mem_get(ps, len * sizeof(uint16));
921 if (q == NULL)
922 return False;
923
924 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
925 ps->data_offset += (len * sizeof(uint16));
926
927 return True;
928 }
929
930 /******************************************************************
931 Stream an array of uint32s. Length is number of uint32s.
932 ********************************************************************/
933
934 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
935 {
936 int i;
937 char *q = prs_mem_get(ps, len * sizeof(uint32));
938 if (q == NULL)
939 return False;
940
941 if (UNMARSHALLING(ps)) {
942 if (ps->bigendian_data) {
943 for (i = 0; i < len; i++)
944 data32s[i] = RIVAL(q, 4*i);
945 } else {
946 for (i = 0; i < len; i++)
947 data32s[i] = IVAL(q, 4*i);
948 }
949 } else {
950 if (ps->bigendian_data) {
951 for (i = 0; i < len; i++)
952 RSIVAL(q, 4*i, data32s[i]);
953 } else {
954 for (i = 0; i < len; i++)
955 SIVAL(q, 4*i, data32s[i]);
956 }
957 }
958
959 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
960 if (charmode)
961 print_asc(5, (unsigned char*)data32s, 4*len);
962 else {
963 for (i = 0; i < len; i++)
964 DEBUG(5,("%08x ", data32s[i]));
965 }
966 DEBUG(5,("\n"));
967
968 ps->data_offset += (len * sizeof(uint32));
969
970 return True;
971 }
972
973 /******************************************************************
974 Stream an array of unicode string, length/buffer specified separately,
975 in uint16 chars. The unicode string is already in little-endian format.
976 ********************************************************************/
977
978 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
979 {
980 char *p;
981 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
982 if (q == NULL)
983 return False;
984
985 if (UNMARSHALLING(ps)) {
986 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
987 if (str->buffer == NULL)
988 return False;
989 }
990
991 /* If the string is empty, we don't have anything to stream */
992 if (str->buf_len==0)
993 return True;
994
995 p = (char *)str->buffer;
996
997 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
998
999 ps->data_offset += (str->buf_len * sizeof(uint16));
1000
1001 return True;
1002 }
1003
1004 /******************************************************************
1005 Stream a "not" unicode string, length/buffer specified separately,
1006 in byte chars. String is in little-endian format.
1007 ********************************************************************/
1008
1009 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
1010 {
1011 char *p;
1012 char *q = prs_mem_get(ps, buf->buf_len);
1013 if (q == NULL)
1014 return False;
1015
1016 if (UNMARSHALLING(ps)) {
1017 if (buf->buf_len > buf->buf_max_len) {
1018 return False;
1019 }
1020 if ( buf->buf_max_len ) {
1021 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
1022 if ( buf->buffer == NULL )
1023 return False;
1024 }
1025 }
1026
1027 p = (char *)buf->buffer;
1028
1029 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
1030 ps->data_offset += buf->buf_len;
1031
1032 return True;
1033 }
1034
1035 /******************************************************************
1036 Stream a string, length/buffer specified separately,
1037 in uint8 chars.
1038 ********************************************************************/
1039
1040 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
1041 {
1042 unsigned int i;
1043 char *q = prs_mem_get(ps, str->str_str_len);
1044 if (q == NULL)
1045 return False;
1046
1047 if (UNMARSHALLING(ps)) {
1048 if (str->str_str_len > str->str_max_len) {
1049 return False;
1050 }
1051 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1052 if (str->buffer == NULL)
1053 return False;
1054 }
1055
1056 if (UNMARSHALLING(ps)) {
1057 for (i = 0; i < str->str_str_len; i++)
1058 str->buffer[i] = CVAL(q,i);
1059 } else {
1060 for (i = 0; i < str->str_str_len; i++)
1061 SCVAL(q, i, str->buffer[i]);
1062 }
1063
1064 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1065 if (charmode)
1066 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1067 else {
1068 for (i = 0; i < str->str_str_len; i++)
1069 DEBUG(5,("%02x ", str->buffer[i]));
1070 }
1071 DEBUG(5,("\n"));
1072
1073 ps->data_offset += str->str_str_len;
1074
1075 return True;
1076 }
1077
1078 /******************************************************************
1079 Stream a unicode string, length/buffer specified separately,
1080 in uint16 chars. The unicode string is already in little-endian format.
1081 ********************************************************************/
1082
1083 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1084 {
1085 char *p;
1086 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1087 if (q == NULL)
1088 return False;
1089
1090 /* If the string is empty, we don't have anything to stream */
1091 if (str->uni_str_len==0)
1092 return True;
1093
1094 if (UNMARSHALLING(ps)) {
1095 if (str->uni_str_len > str->uni_max_len) {
1096 return False;
1097 }
1098 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1099 if (str->buffer == NULL)
1100 return False;
1101 }
1102
1103 p = (char *)str->buffer;
1104
1105 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1106
1107 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1108
1109 return True;
1110 }
1111
1112 /******************************************************************
1113 Stream a unicode string, length/buffer specified separately,
1114 in uint16 chars. The unicode string is already in little-endian format.
1115 ********************************************************************/
1116
1117 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1118 {
1119 char *p;
1120 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1121 if (q == NULL)
1122 return False;
1123
1124 if (UNMARSHALLING(ps)) {
1125 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1126 if (str->str.buffer == NULL)
1127 return False;
1128 }
1129
1130 p = (char *)str->str.buffer;
1131
1132 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1133 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1134
1135 return True;
1136 }
1137
1138 /*******************************************************************
1139 Stream a unicode null-terminated string. As the string is already
1140 in little-endian format then do it as a stream of bytes.
1141 ********************************************************************/
1142
1143 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1144 {
1145 unsigned int len = 0;
1146 unsigned char *p = (unsigned char *)str->buffer;
1147 uint8 *start;
1148 char *q;
1149 uint32 max_len;
1150 uint16* ptr;
1151
1152 if (MARSHALLING(ps)) {
1153
1154 for(len = 0; str->buffer[len] != 0; len++)
1155 ;
1156
1157 q = prs_mem_get(ps, (len+1)*2);
1158 if (q == NULL)
1159 return False;
1160
1161 start = (uint8*)q;
1162
1163 for(len = 0; str->buffer[len] != 0; len++) {
1164 if(ps->bigendian_data) {
1165 /* swap bytes - p is little endian, q is big endian. */
1166 q[0] = (char)p[1];
1167 q[1] = (char)p[0];
1168 p += 2;
1169 q += 2;
1170 }
1171 else
1172 {
1173 q[0] = (char)p[0];
1174 q[1] = (char)p[1];
1175 p += 2;
1176 q += 2;
1177 }
1178 }
1179
1180 /*
1181 * even if the string is 'empty' (only an \0 char)
1182 * at this point the leading \0 hasn't been parsed.
1183 * so parse it now
1184 */
1185
1186 q[0] = 0;
1187 q[1] = 0;
1188 q += 2;
1189
1190 len++;
1191
1192 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1193 print_asc(5, (unsigned char*)start, 2*len);
1194 DEBUG(5, ("\n"));
1195 }
1196 else { /* unmarshalling */
1197
1198 uint32 alloc_len = 0;
1199 q = ps->data_p + prs_offset(ps);
1200
1201 /*
1202 * Work out how much space we need and talloc it.
1203 */
1204 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1205
1206 /* the test of the value of *ptr helps to catch the circumstance
1207 where we have an emtpty (non-existent) string in the buffer */
1208 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1209 /* do nothing */
1210 ;
1211
1212 if (alloc_len < max_len)
1213 alloc_len += 1;
1214
1215 /* should we allocate anything at all? */
1216 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1217 if ((str->buffer == NULL) && (alloc_len > 0))
1218 return False;
1219
1220 p = (unsigned char *)str->buffer;
1221
1222 len = 0;
1223 /* the (len < alloc_len) test is to prevent us from overwriting
1224 memory that is not ours...if we get that far, we have a non-null
1225 terminated string in the buffer and have messed up somewhere */
1226 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1227 if(ps->bigendian_data)
1228 {
1229 /* swap bytes - q is big endian, p is little endian. */
1230 p[0] = (unsigned char)q[1];
1231 p[1] = (unsigned char)q[0];
1232 p += 2;
1233 q += 2;
1234 } else {
1235
1236 p[0] = (unsigned char)q[0];
1237 p[1] = (unsigned char)q[1];
1238 p += 2;
1239 q += 2;
1240 }
1241
1242 len++;
1243 }
1244 if (len < alloc_len) {
1245 /* NULL terminate the UNISTR */
1246 str->buffer[len++] = '\0';
1247 }
1248
1249 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1250 print_asc(5, (unsigned char*)str->buffer, 2*len);
1251 DEBUG(5, ("\n"));
1252 }
1253
1254 /* set the offset in the prs_struct; 'len' points to the
1255 terminiating NULL in the UNISTR so we need to go one more
1256 uint16 */
1257 ps->data_offset += (len)*2;
1258
1259 return True;
1260 }
1261
1262
1263 /*******************************************************************
1264 Stream a null-terminated string. len is strlen, and therefore does
1265 not include the null-termination character.
1266 ********************************************************************/
1267
1268 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1269 {
1270 char *q;
1271 int i;
1272 int len;
1273
1274 if (UNMARSHALLING(ps))
1275 len = strlen(&ps->data_p[ps->data_offset]);
1276 else
1277 len = strlen(str);
1278
1279 len = MIN(len, (max_buf_size-1));
1280
1281 q = prs_mem_get(ps, len+1);
1282 if (q == NULL)
1283 return False;
1284
1285 for(i = 0; i < len; i++) {
1286 if (UNMARSHALLING(ps))
1287 str[i] = q[i];
1288 else
1289 q[i] = str[i];
1290 }
1291
1292 /* The terminating null. */
1293 str[i] = '\0';
1294
1295 if (MARSHALLING(ps)) {
1296 q[i] = '\0';
1297 }
1298
1299 ps->data_offset += len+1;
1300
1301 dump_data(5+depth, q, len);
1302
1303 return True;
1304 }
1305
1306 BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **str)
1307 {
1308 size_t len;
1309 char *tmp_str;
1310
1311 if (UNMARSHALLING(ps)) {
1312 len = strlen(&ps->data_p[ps->data_offset]);
1313 } else {
1314 len = strlen(*str);
1315 }
1316
1317 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1318
1319 if (tmp_str == NULL) {
1320 return False;
1321 }
1322
1323 if (MARSHALLING(ps)) {
1324 strncpy(tmp_str, *str, len);
1325 }
1326
1327 if (!prs_string(name, ps, depth, tmp_str, len+1)) {
1328 return False;
1329 }
1330
1331 *str = tmp_str;
1332 return True;
1333 }
1334
1335 /*******************************************************************
1336 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1337 uint16 should be stored, or gets the size if reading.
1338 ********************************************************************/
1339
1340 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1341 {
1342 *offset = ps->data_offset;
1343 if (UNMARSHALLING(ps)) {
1344 /* reading. */
1345 return prs_uint16(name, ps, depth, data16);
1346 } else {
1347 char *q = prs_mem_get(ps, sizeof(uint16));
1348 if(q ==NULL)
1349 return False;
1350 ps->data_offset += sizeof(uint16);
1351 }
1352 return True;
1353 }
1354
1355 /*******************************************************************
1356 prs_uint16 wrapper. call this and it retrospectively stores the size.
1357 does nothing on reading, as that is already handled by ...._pre()
1358 ********************************************************************/
1359
1360 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1361 uint32 ptr_uint16, uint32 start_offset)
1362 {
1363 if (MARSHALLING(ps)) {
1364 /*
1365 * Writing - temporarily move the offset pointer.
1366 */
1367 uint16 data_size = ps->data_offset - start_offset;
1368 uint32 old_offset = ps->data_offset;
1369
1370 ps->data_offset = ptr_uint16;
1371 if(!prs_uint16(name, ps, depth, &data_size)) {
1372 ps->data_offset = old_offset;
1373 return False;
1374 }
1375 ps->data_offset = old_offset;
1376 } else {
1377 ps->data_offset = start_offset + (uint32)(*data16);
1378 }
1379 return True;
1380 }
1381
1382 /*******************************************************************
1383 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1384 uint32 should be stored, or gets the size if reading.
1385 ********************************************************************/
1386
1387 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1388 {
1389 *offset = ps->data_offset;
1390 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1391 /* reading. */
1392 return prs_uint32(name, ps, depth, data32);
1393 } else {
1394 ps->data_offset += sizeof(uint32);
1395 }
1396 return True;
1397 }
1398
1399 /*******************************************************************
1400 prs_uint32 wrapper. call this and it retrospectively stores the size.
1401 does nothing on reading, as that is already handled by ...._pre()
1402 ********************************************************************/
1403
1404 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1405 uint32 ptr_uint32, uint32 data_size)
1406 {
1407 if (MARSHALLING(ps)) {
1408 /*
1409 * Writing - temporarily move the offset pointer.
1410 */
1411 uint32 old_offset = ps->data_offset;
1412 ps->data_offset = ptr_uint32;
1413 if(!prs_uint32(name, ps, depth, &data_size)) {
1414 ps->data_offset = old_offset;
1415 return False;
1416 }
1417 ps->data_offset = old_offset;
1418 }
1419 return True;
1420 }
1421
1422 /* useful function to store a structure in rpc wire format */
1423 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1424 {
1425 TDB_DATA kbuf, dbuf;
1426 kbuf.dptr = keystr;
1427 kbuf.dsize = strlen(keystr)+1;
1428 dbuf.dptr = ps->data_p;
1429 dbuf.dsize = prs_offset(ps);
1430 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1431 }
1432
1433 /* useful function to fetch a structure into rpc wire format */
1434 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1435 {
1436 TDB_DATA kbuf, dbuf;
1437 kbuf.dptr = keystr;
1438 kbuf.dsize = strlen(keystr)+1;
1439
1440 dbuf = tdb_fetch(tdb, kbuf);
1441 if (!dbuf.dptr)
1442 return -1;
1443
1444 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1445 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1446
1447 return 0;
1448 }
1449
1450 /*******************************************************************
1451 hash a stream.
1452 ********************************************************************/
1453
1454 BOOL prs_hash1(prs_struct *ps, uint32 offset, int len)
1455 {
1456 char *q;
1457
1458 q = ps->data_p;
1459 q = &q[offset];
1460
1461 #ifdef DEBUG_PASSWORD
1462 DEBUG(100, ("prs_hash1\n"));
1463 dump_data(100, ps->sess_key, 16);
1464 dump_data(100, q, len);
1465 #endif
1466 SamOEMhash((uchar *) q, (const unsigned char *)ps->sess_key, len);
1467
1468 #ifdef DEBUG_PASSWORD
1469 dump_data(100, q, len);
1470 #endif
1471
1472 return True;
1473 }
1474
1475 /*******************************************************************
1476 Create a digest over the entire packet (including the data), and
1477 MD5 it with the session key.
1478 ********************************************************************/
1479
1480 static void schannel_digest(struct schannel_auth_struct *a,
1481 enum pipe_auth_level auth_level,
1482 RPC_AUTH_SCHANNEL_CHK * verf,
1483 char *data, size_t data_len,
1484 uchar digest_final[16])
1485 {
1486 uchar whole_packet_digest[16];
1487 static uchar zeros[4];
1488 struct MD5Context ctx3;
1489
1490 /* verfiy the signature on the packet by MD5 over various bits */
1491 MD5Init(&ctx3);
1492 /* use our sequence number, which ensures the packet is not
1493 out of order */
1494 MD5Update(&ctx3, zeros, sizeof(zeros));
1495 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1496 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1497 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1498 }
1499 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1500 MD5Final(whole_packet_digest, &ctx3);
1501 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1502
1503 /* MD5 this result and the session key, to prove that
1504 only a valid client could had produced this */
1505 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1506 }
1507
1508 /*******************************************************************
1509 Calculate the key with which to encode the data payload
1510 ********************************************************************/
1511
1512 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1513 RPC_AUTH_SCHANNEL_CHK *verf,
1514 uchar sealing_key[16])
1515 {
1516 static uchar zeros[4];
1517 uchar digest2[16];
1518 uchar sess_kf0[16];
1519 int i;
1520
1521 for (i = 0; i < sizeof(sess_kf0); i++) {
1522 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1523 }
1524
1525 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1526
1527 /* MD5 of sess_kf0 and 4 zero bytes */
1528 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1529 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1530
1531 /* MD5 of the above result, plus 8 bytes of sequence number */
1532 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1533 dump_data_pw("sealing_key:\n", sealing_key, 16);
1534 }
1535
1536 /*******************************************************************
1537 Encode or Decode the sequence number (which is symmetric)
1538 ********************************************************************/
1539
1540 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1541 RPC_AUTH_SCHANNEL_CHK *verf)
1542 {
1543 static uchar zeros[4];
1544 uchar sequence_key[16];
1545 uchar digest1[16];
1546
1547 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1548 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1549
1550 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1551
1552 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1553
1554 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1555 SamOEMhash(verf->seq_num, sequence_key, 8);
1556 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1557 }
1558
1559 /*******************************************************************
1560 creates an RPC_AUTH_SCHANNEL_CHK structure.
1561 ********************************************************************/
1562
1563 static BOOL init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1564 const uchar sig[8],
1565 const uchar packet_digest[8],
1566 const uchar seq_num[8], const uchar confounder[8])
1567 {
1568 if (chk == NULL)
1569 return False;
1570
1571 memcpy(chk->sig, sig, sizeof(chk->sig));
1572 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1573 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1574 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1575
1576 return True;
1577 }
1578
1579 /*******************************************************************
1580 Encode a blob of data using the schannel alogrithm, also produceing
1581 a checksum over the original data. We currently only support
1582 signing and sealing togeather - the signing-only code is close, but not
1583 quite compatible with what MS does.
1584 ********************************************************************/
1585
1586 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1587 enum schannel_direction direction,
1588 RPC_AUTH_SCHANNEL_CHK * verf,
1589 char *data, size_t data_len)
1590 {
1591 uchar digest_final[16];
1592 uchar confounder[8];
1593 uchar seq_num[8];
1594 static const uchar nullbytes[8];
1595
1596 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1597 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1598 const uchar *schannel_sig = NULL;
1599
1600 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1601
1602 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1603 schannel_sig = schannel_seal_sig;
1604 } else {
1605 schannel_sig = schannel_sign_sig;
1606 }
1607
1608 /* fill the 'confounder' with random data */
1609 generate_random_buffer(confounder, sizeof(confounder));
1610
1611 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1612
1613 RSIVAL(seq_num, 0, a->seq_num);
1614
1615 switch (direction) {
1616 case SENDER_IS_INITIATOR:
1617 SIVAL(seq_num, 4, 0x80);
1618 break;
1619 case SENDER_IS_ACCEPTOR:
1620 SIVAL(seq_num, 4, 0x0);
1621 break;
1622 }
1623
1624 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1625
1626 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1627 seq_num, confounder);
1628
1629 /* produce a digest of the packet to prove it's legit (before we seal it) */
1630 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1631 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1632
1633 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1634 uchar sealing_key[16];
1635
1636 /* get the key to encode the data with */
1637 schannel_get_sealing_key(a, verf, sealing_key);
1638
1639 /* encode the verification data */
1640 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1641 SamOEMhash(verf->confounder, sealing_key, 8);
1642
1643 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1644
1645 /* encode the packet payload */
1646 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1647 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1648 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1649 }
1650
1651 /* encode the sequence number (key based on packet digest) */
1652 /* needs to be done after the sealing, as the original version
1653 is used in the sealing stuff... */
1654 schannel_deal_with_seq_num(a, verf);
1655
1656 return;
1657 }
1658
1659 /*******************************************************************
1660 Decode a blob of data using the schannel alogrithm, also verifiying
1661 a checksum over the original data. We currently can verify signed messages,
1662 as well as decode sealed messages
1663 ********************************************************************/
1664
1665 BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1666 enum schannel_direction direction,
1667 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1668 {
1669 uchar digest_final[16];
1670
1671 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1672 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1673 const uchar *schannel_sig = NULL;
1674
1675 uchar seq_num[8];
1676
1677 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1678
1679 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1680 schannel_sig = schannel_seal_sig;
1681 } else {
1682 schannel_sig = schannel_sign_sig;
1683 }
1684
1685 /* Create the expected sequence number for comparison */
1686 RSIVAL(seq_num, 0, a->seq_num);
1687
1688 switch (direction) {
1689 case SENDER_IS_INITIATOR:
1690 SIVAL(seq_num, 4, 0x80);
1691 break;
1692 case SENDER_IS_ACCEPTOR:
1693 SIVAL(seq_num, 4, 0x0);
1694 break;
1695 }
1696
1697 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1698 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1699
1700 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1701
1702 /* extract the sequence number (key based on supplied packet digest) */
1703 /* needs to be done before the sealing, as the original version
1704 is used in the sealing stuff... */
1705 schannel_deal_with_seq_num(a, verf);
1706
1707 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1708 /* don't even bother with the below if the sequence number is out */
1709 /* The sequence number is MD5'ed with a key based on the whole-packet
1710 digest, as supplied by the client. We check that it's a valid
1711 checksum after the decode, below
1712 */
1713 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1714 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1715 DEBUG(2, ("should be:\n"));
1716 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1717
1718 return False;
1719 }
1720
1721 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1722 /* Validate that the other end sent the expected header */
1723 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1724 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1725 DEBUG(2, ("should be:\n"));
1726 dump_data(2, (const char*)schannel_sig, sizeof(schannel_sig));
1727 return False;
1728 }
1729
1730 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1731 uchar sealing_key[16];
1732
1733 /* get the key to extract the data with */
1734 schannel_get_sealing_key(a, verf, sealing_key);
1735
1736 /* extract the verification data */
1737 dump_data_pw("verf->confounder:\n", verf->confounder,
1738 sizeof(verf->confounder));
1739 SamOEMhash(verf->confounder, sealing_key, 8);
1740
1741 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1742 sizeof(verf->confounder));
1743
1744 /* extract the packet payload */
1745 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1746 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1747 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1748 }
1749
1750 /* digest includes 'data' after unsealing */
1751 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1752
1753 dump_data_pw("Calculated digest:\n", digest_final,
1754 sizeof(digest_final));
1755 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1756 sizeof(verf->packet_digest));
1757
1758 /* compare - if the client got the same result as us, then
1759 it must know the session key */
1760 return (memcmp(digest_final, verf->packet_digest,
1761 sizeof(verf->packet_digest)) == 0);
1762 }