search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14643: Merge dcerpc_errstr from Samba 4.
[Samba/nascimento.git] / source3 / rpc_parse / parse_prs.c
blobf2b002c48cf5f5cc4daa20c063c43a46688df0cf
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30 * Dump a prs to a file: from the current location through to the end.
31 **/
32 void prs_dump(char *name, int v, prs_struct *ps)
33 {
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37 /**
38 * Dump from the start of the prs to the current location.
39 **/
40 void prs_dump_before(char *name, int v, prs_struct *ps)
41 {
42 prs_dump_region(name, v, ps, 0, ps->data_offset);
43 }
44
45 /**
46 * Dump everything from the start of the prs up to the current location.
47 **/
48 void prs_dump_region(char *name, int v, prs_struct *ps,
49 int from_off, int to_off)
50 {
51 int fd, i;
52 pstring fname;
53 ssize_t sz;
54 if (DEBUGLEVEL < 50) return;
55 for (i=1;i<100;i++) {
56 if (v != -1) {
57 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
58 } else {
59 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
60 }
61 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
62 if (fd != -1 || errno != EEXIST) break;
63 }
64 if (fd != -1) {
65 sz = write(fd, ps->data_p + from_off, to_off - from_off);
66 i = close(fd);
67 if ( (sz != to_off-from_off) || (i != 0) ) {
68 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
69 } else {
70 DEBUG(0,("created %s\n", fname));
71 }
72 }
73 }
74
75 /*******************************************************************
76 Debug output for parsing info
77
78 XXXX side-effect of this function is to increase the debug depth XXXX.
79
80 ********************************************************************/
81
82 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
83 {
84 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
85 }
86
87 /**
88 * Initialise an expandable parse structure.
89 *
90 * @param size Initial buffer size. If >0, a new buffer will be
91 * created with malloc().
92 *
93 * @return False if allocation fails, otherwise True.
94 **/
95
96 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
97 {
98 ZERO_STRUCTP(ps);
99 ps->io = io;
100 ps->bigendian_data = RPC_LITTLE_ENDIAN;
101 ps->align = RPC_PARSE_ALIGN;
102 ps->is_dynamic = False;
103 ps->data_offset = 0;
104 ps->buffer_size = 0;
105 ps->data_p = NULL;
106 ps->mem_ctx = ctx;
107
108 if (size != 0) {
109 ps->buffer_size = size;
110 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
111 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
112 return False;
113 }
114 memset(ps->data_p, '\0', (size_t)size);
115 ps->is_dynamic = True; /* We own this memory. */
116 } else if (MARSHALLING(ps)) {
117 /* If size is zero and we're marshalling we should allocate memory on demand. */
118 ps->is_dynamic = True;
119 }
120
121 return True;
122 }
123
124 /*******************************************************************
125 Delete the memory in a parse structure - if we own it.
126 ********************************************************************/
127
128 void prs_mem_free(prs_struct *ps)
129 {
130 if(ps->is_dynamic)
131 SAFE_FREE(ps->data_p);
132 ps->is_dynamic = False;
133 ps->buffer_size = 0;
134 ps->data_offset = 0;
135 }
136
137 /*******************************************************************
138 Clear the memory in a parse structure.
139 ********************************************************************/
140
141 void prs_mem_clear(prs_struct *ps)
142 {
143 if (ps->buffer_size)
144 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
145 }
146
147 /*******************************************************************
148 Allocate memory when unmarshalling... Always zero clears.
149 ********************************************************************/
150
151 #if defined(PARANOID_MALLOC_CHECKER)
152 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
153 #else
154 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
155 #endif
156 {
157 char *ret = NULL;
158
159 if (size) {
160 /* We can't call the type-safe version here. */
161 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
162 }
163 return ret;
164 }
165
166 /*******************************************************************
167 Return the current talloc context we're using.
168 ********************************************************************/
169
170 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
171 {
172 return ps->mem_ctx;
173 }
174
175 /*******************************************************************
176 Hand some already allocated memory to a prs_struct.
177 ********************************************************************/
178
179 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
180 {
181 ps->is_dynamic = is_dynamic;
182 ps->data_p = buf;
183 ps->buffer_size = size;
184 }
185
186 /*******************************************************************
187 Take some memory back from a prs_struct.
188 ********************************************************************/
189
190 char *prs_take_memory(prs_struct *ps, uint32 *psize)
191 {
192 char *ret = ps->data_p;
193 if(psize)
194 *psize = ps->buffer_size;
195 ps->is_dynamic = False;
196 prs_mem_free(ps);
197 return ret;
198 }
199
200 /*******************************************************************
201 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
202 ********************************************************************/
203
204 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
205 {
206 if (newsize > ps->buffer_size)
207 return prs_force_grow(ps, newsize - ps->buffer_size);
208
209 if (newsize < ps->buffer_size) {
210 ps->buffer_size = newsize;
211
212 /* newsize == 0 acts as a free and set pointer to NULL */
213 if (newsize == 0) {
214 SAFE_FREE(ps->data_p);
215 } else {
216 ps->data_p = SMB_REALLOC(ps->data_p, newsize);
217
218 if (ps->data_p == NULL) {
219 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
220 (unsigned int)newsize));
221 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
222 return False;
223 }
224 }
225 }
226
227 return True;
228 }
229
230 /*******************************************************************
231 Attempt, if needed, to grow a data buffer.
232 Also depends on the data stream mode (io).
233 ********************************************************************/
234
235 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
236 {
237 uint32 new_size;
238
239 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
240
241 if(ps->data_offset + extra_space <= ps->buffer_size)
242 return True;
243
244 /*
245 * We cannot grow the buffer if we're not reading
246 * into the prs_struct, or if we don't own the memory.
247 */
248
249 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
250 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
251 (unsigned int)extra_space));
252 return False;
253 }
254
255 /*
256 * Decide how much extra space we really need.
257 */
258
259 extra_space -= (ps->buffer_size - ps->data_offset);
260 if(ps->buffer_size == 0) {
261 /*
262 * Ensure we have at least a PDU's length, or extra_space, whichever
263 * is greater.
264 */
265
266 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
267
268 if((ps->data_p = SMB_MALLOC(new_size)) == NULL) {
269 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
270 return False;
271 }
272 memset(ps->data_p, '\0', (size_t)new_size );
273 } else {
274 /*
275 * If the current buffer size is bigger than the space needed, just
276 * double it, else add extra_space.
277 */
278 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
279
280 if ((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
281 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
282 (unsigned int)new_size));
283 return False;
284 }
285
286 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
287 }
288 ps->buffer_size = new_size;
289
290 return True;
291 }
292
293 /*******************************************************************
294 Attempt to force a data buffer to grow by len bytes.
295 This is only used when appending more data onto a prs_struct
296 when reading an rpc reply, before unmarshalling it.
297 ********************************************************************/
298
299 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
300 {
301 uint32 new_size = ps->buffer_size + extra_space;
302
303 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
304 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
305 (unsigned int)extra_space));
306 return False;
307 }
308
309 if((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
310 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
311 (unsigned int)new_size));
312 return False;
313 }
314
315 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
316
317 ps->buffer_size = new_size;
318
319 return True;
320 }
321
322 /*******************************************************************
323 Get the data pointer (external interface).
324 ********************************************************************/
325
326 char *prs_data_p(prs_struct *ps)
327 {
328 return ps->data_p;
329 }
330
331 /*******************************************************************
332 Get the current data size (external interface).
333 ********************************************************************/
334
335 uint32 prs_data_size(prs_struct *ps)
336 {
337 return ps->buffer_size;
338 }
339
340 /*******************************************************************
341 Fetch the current offset (external interface).
342 ********************************************************************/
343
344 uint32 prs_offset(prs_struct *ps)
345 {
346 return ps->data_offset;
347 }
348
349 /*******************************************************************
350 Set the current offset (external interface).
351 ********************************************************************/
352
353 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
354 {
355 if(offset <= ps->data_offset) {
356 ps->data_offset = offset;
357 return True;
358 }
359
360 if(!prs_grow(ps, offset - ps->data_offset))
361 return False;
362
363 ps->data_offset = offset;
364 return True;
365 }
366
367 /*******************************************************************
368 Append the data from one parse_struct into another.
369 ********************************************************************/
370
371 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
372 {
373 if (prs_offset(src) == 0)
374 return True;
375
376 if(!prs_grow(dst, prs_offset(src)))
377 return False;
378
379 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
380 dst->data_offset += prs_offset(src);
381
382 return True;
383 }
384
385 /*******************************************************************
386 Append some data from one parse_struct into another.
387 ********************************************************************/
388
389 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
390 {
391 if (len == 0)
392 return True;
393
394 if(!prs_grow(dst, len))
395 return False;
396
397 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
398 dst->data_offset += len;
399
400 return True;
401 }
402
403 /*******************************************************************
404 Append the data from a buffer into a parse_struct.
405 ********************************************************************/
406
407 BOOL prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
408 {
409 if (len == 0)
410 return True;
411
412 if(!prs_grow(dst, len))
413 return False;
414
415 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
416 dst->data_offset += len;
417
418 return True;
419 }
420
421 /*******************************************************************
422 Copy some data from a parse_struct into a buffer.
423 ********************************************************************/
424
425 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
426 {
427 if (len == 0)
428 return True;
429
430 if(!prs_mem_get(src, len))
431 return False;
432
433 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
434 src->data_offset += len;
435
436 return True;
437 }
438
439 /*******************************************************************
440 Copy all the data from a parse_struct into a buffer.
441 ********************************************************************/
442
443 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
444 {
445 uint32 len = prs_offset(src);
446
447 if (!len)
448 return True;
449
450 prs_set_offset(src, 0);
451 return prs_copy_data_out(dst, src, len);
452 }
453
454 /*******************************************************************
455 Set the data as X-endian (external interface).
456 ********************************************************************/
457
458 void prs_set_endian_data(prs_struct *ps, BOOL endian)
459 {
460 ps->bigendian_data = endian;
461 }
462
463 /*******************************************************************
464 Align a the data_len to a multiple of align bytes - filling with
465 zeros.
466 ********************************************************************/
467
468 BOOL prs_align(prs_struct *ps)
469 {
470 uint32 mod = ps->data_offset & (ps->align-1);
471
472 if (ps->align != 0 && mod != 0) {
473 uint32 extra_space = (ps->align - mod);
474 if(!prs_grow(ps, extra_space))
475 return False;
476 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
477 ps->data_offset += extra_space;
478 }
479
480 return True;
481 }
482
483 /******************************************************************
484 Align on a 2 byte boundary
485 *****************************************************************/
486
487 BOOL prs_align_uint16(prs_struct *ps)
488 {
489 BOOL ret;
490 uint8 old_align = ps->align;
491
492 ps->align = 2;
493 ret = prs_align(ps);
494 ps->align = old_align;
495
496 return ret;
497 }
498
499 /******************************************************************
500 Align on a 8 byte boundary
501 *****************************************************************/
502
503 BOOL prs_align_uint64(prs_struct *ps)
504 {
505 BOOL ret;
506 uint8 old_align = ps->align;
507
508 ps->align = 8;
509 ret = prs_align(ps);
510 ps->align = old_align;
511
512 return ret;
513 }
514
515 /******************************************************************
516 Align on a specific byte boundary
517 *****************************************************************/
518
519 BOOL prs_align_custom(prs_struct *ps, uint8 boundary)
520 {
521 BOOL ret;
522 uint8 old_align = ps->align;
523
524 ps->align = boundary;
525 ret = prs_align(ps);
526 ps->align = old_align;
527
528 return ret;
529 }
530
531
532
533 /*******************************************************************
534 Align only if required (for the unistr2 string mainly)
535 ********************************************************************/
536
537 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
538 {
539 if (needed==0)
540 return True;
541 else
542 return prs_align(ps);
543 }
544
545 /*******************************************************************
546 Ensure we can read/write to a given offset.
547 ********************************************************************/
548
549 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
550 {
551 if(UNMARSHALLING(ps)) {
552 /*
553 * If reading, ensure that we can read the requested size item.
554 */
555 if (ps->data_offset + extra_size > ps->buffer_size) {
556 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
557 "buffer by %u bytes.\n",
558 (unsigned int)extra_size,
559 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
560 return NULL;
561 }
562 } else {
563 /*
564 * Writing - grow the buffer if needed.
565 */
566 if(!prs_grow(ps, extra_size))
567 return NULL;
568 }
569 return &ps->data_p[ps->data_offset];
570 }
571
572 /*******************************************************************
573 Change the struct type.
574 ********************************************************************/
575
576 void prs_switch_type(prs_struct *ps, BOOL io)
577 {
578 if ((ps->io ^ io) == True)
579 ps->io=io;
580 }
581
582 /*******************************************************************
583 Force a prs_struct to be dynamic even when it's size is 0.
584 ********************************************************************/
585
586 void prs_force_dynamic(prs_struct *ps)
587 {
588 ps->is_dynamic=True;
589 }
590
591 /*******************************************************************
592 Associate a session key with a parse struct.
593 ********************************************************************/
594
595 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
596 {
597 ps->sess_key = sess_key;
598 }
599
600 /*******************************************************************
601 Stream a uint8.
602 ********************************************************************/
603
604 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
605 {
606 char *q = prs_mem_get(ps, 1);
607 if (q == NULL)
608 return False;
609
610 if (UNMARSHALLING(ps))
611 *data8 = CVAL(q,0);
612 else
613 SCVAL(q,0,*data8);
614
615 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
616
617 ps->data_offset += 1;
618
619 return True;
620 }
621
622 /*******************************************************************
623 Stream a uint16* (allocate memory if unmarshalling)
624 ********************************************************************/
625
626 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
627 void **data, size_t data_size,
628 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
629 {
630 uint32 data_p;
631
632 /* output f000baaa to stream if the pointer is non-zero. */
633
634 data_p = *data ? 0xf000baaa : 0;
635
636 if ( !prs_uint32("ptr", ps, depth, &data_p ))
637 return False;
638
639 /* we're done if there is no data */
640
641 if ( !data_p )
642 return True;
643
644 if (UNMARSHALLING(ps)) {
645 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
646 return False;
647 }
648
649 return prs_fn(name, ps, depth, *data);
650 }
651
652
653 /*******************************************************************
654 Stream a uint16.
655 ********************************************************************/
656
657 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
658 {
659 char *q = prs_mem_get(ps, sizeof(uint16));
660 if (q == NULL)
661 return False;
662
663 if (UNMARSHALLING(ps)) {
664 if (ps->bigendian_data)
665 *data16 = RSVAL(q,0);
666 else
667 *data16 = SVAL(q,0);
668 } else {
669 if (ps->bigendian_data)
670 RSSVAL(q,0,*data16);
671 else
672 SSVAL(q,0,*data16);
673 }
674
675 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
676
677 ps->data_offset += sizeof(uint16);
678
679 return True;
680 }
681
682 /*******************************************************************
683 Stream a uint32.
684 ********************************************************************/
685
686 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
687 {
688 char *q = prs_mem_get(ps, sizeof(uint32));
689 if (q == NULL)
690 return False;
691
692 if (UNMARSHALLING(ps)) {
693 if (ps->bigendian_data)
694 *data32 = RIVAL(q,0);
695 else
696 *data32 = IVAL(q,0);
697 } else {
698 if (ps->bigendian_data)
699 RSIVAL(q,0,*data32);
700 else
701 SIVAL(q,0,*data32);
702 }
703
704 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
705
706 ps->data_offset += sizeof(uint32);
707
708 return True;
709 }
710
711 /*******************************************************************
712 Stream an int32.
713 ********************************************************************/
714
715 BOOL prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
716 {
717 char *q = prs_mem_get(ps, sizeof(int32));
718 if (q == NULL)
719 return False;
720
721 if (UNMARSHALLING(ps)) {
722 if (ps->bigendian_data)
723 *data32 = RIVALS(q,0);
724 else
725 *data32 = IVALS(q,0);
726 } else {
727 if (ps->bigendian_data)
728 RSIVALS(q,0,*data32);
729 else
730 SIVALS(q,0,*data32);
731 }
732
733 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
734
735 ps->data_offset += sizeof(int32);
736
737 return True;
738 }
739
740 /*******************************************************************
741 Stream a NTSTATUS
742 ********************************************************************/
743
744 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
745 {
746 char *q = prs_mem_get(ps, sizeof(uint32));
747 if (q == NULL)
748 return False;
749
750 if (UNMARSHALLING(ps)) {
751 if (ps->bigendian_data)
752 *status = NT_STATUS(RIVAL(q,0));
753 else
754 *status = NT_STATUS(IVAL(q,0));
755 } else {
756 if (ps->bigendian_data)
757 RSIVAL(q,0,NT_STATUS_V(*status));
758 else
759 SIVAL(q,0,NT_STATUS_V(*status));
760 }
761
762 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
763 nt_errstr(*status)));
764
765 ps->data_offset += sizeof(uint32);
766
767 return True;
768 }
769
770 /*******************************************************************
771 Stream a DCE error code
772 ********************************************************************/
773
774 BOOL prs_dcerpc_status(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
775 {
776 char *q = prs_mem_get(ps, sizeof(uint32));
777 if (q == NULL)
778 return False;
779
780 if (UNMARSHALLING(ps)) {
781 if (ps->bigendian_data)
782 *status = NT_STATUS(RIVAL(q,0));
783 else
784 *status = NT_STATUS(IVAL(q,0));
785 } else {
786 if (ps->bigendian_data)
787 RSIVAL(q,0,NT_STATUS_V(*status));
788 else
789 SIVAL(q,0,NT_STATUS_V(*status));
790 }
791
792 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
793 dcerpc_errstr(NT_STATUS_V(*status))));
794
795 ps->data_offset += sizeof(uint32);
796
797 return True;
798 }
799
800
801 /*******************************************************************
802 Stream a WERROR
803 ********************************************************************/
804
805 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
806 {
807 char *q = prs_mem_get(ps, sizeof(uint32));
808 if (q == NULL)
809 return False;
810
811 if (UNMARSHALLING(ps)) {
812 if (ps->bigendian_data)
813 *status = W_ERROR(RIVAL(q,0));
814 else
815 *status = W_ERROR(IVAL(q,0));
816 } else {
817 if (ps->bigendian_data)
818 RSIVAL(q,0,W_ERROR_V(*status));
819 else
820 SIVAL(q,0,W_ERROR_V(*status));
821 }
822
823 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
824 dos_errstr(*status)));
825
826 ps->data_offset += sizeof(uint32);
827
828 return True;
829 }
830
831
832 /******************************************************************
833 Stream an array of uint8s. Length is number of uint8s.
834 ********************************************************************/
835
836 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
837 {
838 int i;
839 char *q = prs_mem_get(ps, len);
840 if (q == NULL)
841 return False;
842
843 if (UNMARSHALLING(ps)) {
844 for (i = 0; i < len; i++)
845 data8s[i] = CVAL(q,i);
846 } else {
847 for (i = 0; i < len; i++)
848 SCVAL(q, i, data8s[i]);
849 }
850
851 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
852 if (charmode)
853 print_asc(5, (unsigned char*)data8s, len);
854 else {
855 for (i = 0; i < len; i++)
856 DEBUG(5,("%02x ", data8s[i]));
857 }
858 DEBUG(5,("\n"));
859
860 ps->data_offset += len;
861
862 return True;
863 }
864
865 /******************************************************************
866 Stream an array of uint16s. Length is number of uint16s.
867 ********************************************************************/
868
869 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
870 {
871 int i;
872 char *q = prs_mem_get(ps, len * sizeof(uint16));
873 if (q == NULL)
874 return False;
875
876 if (UNMARSHALLING(ps)) {
877 if (ps->bigendian_data) {
878 for (i = 0; i < len; i++)
879 data16s[i] = RSVAL(q, 2*i);
880 } else {
881 for (i = 0; i < len; i++)
882 data16s[i] = SVAL(q, 2*i);
883 }
884 } else {
885 if (ps->bigendian_data) {
886 for (i = 0; i < len; i++)
887 RSSVAL(q, 2*i, data16s[i]);
888 } else {
889 for (i = 0; i < len; i++)
890 SSVAL(q, 2*i, data16s[i]);
891 }
892 }
893
894 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
895 if (charmode)
896 print_asc(5, (unsigned char*)data16s, 2*len);
897 else {
898 for (i = 0; i < len; i++)
899 DEBUG(5,("%04x ", data16s[i]));
900 }
901 DEBUG(5,("\n"));
902
903 ps->data_offset += (len * sizeof(uint16));
904
905 return True;
906 }
907
908 /******************************************************************
909 Start using a function for streaming unicode chars. If unmarshalling,
910 output must be little-endian, if marshalling, input must be little-endian.
911 ********************************************************************/
912
913 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
914 char *in_buf, char *out_buf, int len)
915 {
916 int i;
917
918 if (UNMARSHALLING(ps)) {
919 if (ps->bigendian_data) {
920 for (i = 0; i < len; i++)
921 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
922 } else {
923 for (i = 0; i < len; i++)
924 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
925 }
926 } else {
927 if (ps->bigendian_data) {
928 for (i = 0; i < len; i++)
929 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
930 } else {
931 for (i = 0; i < len; i++)
932 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
933 }
934 }
935
936 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
937 if (charmode)
938 print_asc(5, (unsigned char*)out_buf, 2*len);
939 else {
940 for (i = 0; i < len; i++)
941 DEBUG(5,("%04x ", out_buf[i]));
942 }
943 DEBUG(5,("\n"));
944 }
945
946 /******************************************************************
947 Stream a unistr. Always little endian.
948 ********************************************************************/
949
950 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
951 {
952 char *q = prs_mem_get(ps, len * sizeof(uint16));
953 if (q == NULL)
954 return False;
955
956 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
957 ps->data_offset += (len * sizeof(uint16));
958
959 return True;
960 }
961
962 /******************************************************************
963 Stream an array of uint32s. Length is number of uint32s.
964 ********************************************************************/
965
966 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
967 {
968 int i;
969 char *q = prs_mem_get(ps, len * sizeof(uint32));
970 if (q == NULL)
971 return False;
972
973 if (UNMARSHALLING(ps)) {
974 if (ps->bigendian_data) {
975 for (i = 0; i < len; i++)
976 data32s[i] = RIVAL(q, 4*i);
977 } else {
978 for (i = 0; i < len; i++)
979 data32s[i] = IVAL(q, 4*i);
980 }
981 } else {
982 if (ps->bigendian_data) {
983 for (i = 0; i < len; i++)
984 RSIVAL(q, 4*i, data32s[i]);
985 } else {
986 for (i = 0; i < len; i++)
987 SIVAL(q, 4*i, data32s[i]);
988 }
989 }
990
991 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
992 if (charmode)
993 print_asc(5, (unsigned char*)data32s, 4*len);
994 else {
995 for (i = 0; i < len; i++)
996 DEBUG(5,("%08x ", data32s[i]));
997 }
998 DEBUG(5,("\n"));
999
1000 ps->data_offset += (len * sizeof(uint32));
1001
1002 return True;
1003 }
1004
1005 /******************************************************************
1006 Stream an array of unicode string, length/buffer specified separately,
1007 in uint16 chars. The unicode string is already in little-endian format.
1008 ********************************************************************/
1009
1010 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
1011 {
1012 char *p;
1013 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
1014 if (q == NULL)
1015 return False;
1016
1017 if (UNMARSHALLING(ps)) {
1018 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
1019 if (str->buffer == NULL)
1020 return False;
1021 }
1022
1023 /* If the string is empty, we don't have anything to stream */
1024 if (str->buf_len==0)
1025 return True;
1026
1027 p = (char *)str->buffer;
1028
1029 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
1030
1031 ps->data_offset += (str->buf_len * sizeof(uint16));
1032
1033 return True;
1034 }
1035
1036 /******************************************************************
1037 Stream a "not" unicode string, length/buffer specified separately,
1038 in byte chars. String is in little-endian format.
1039 ********************************************************************/
1040
1041 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
1042 {
1043 char *p;
1044 char *q = prs_mem_get(ps, buf->buf_len);
1045 if (q == NULL)
1046 return False;
1047
1048 if (UNMARSHALLING(ps)) {
1049 if (buf->buf_len > buf->buf_max_len) {
1050 return False;
1051 }
1052 if ( buf->buf_max_len ) {
1053 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
1054 if ( buf->buffer == NULL )
1055 return False;
1056 }
1057 }
1058
1059 p = (char *)buf->buffer;
1060
1061 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
1062 ps->data_offset += buf->buf_len;
1063
1064 return True;
1065 }
1066
1067 /******************************************************************
1068 Stream a string, length/buffer specified separately,
1069 in uint8 chars.
1070 ********************************************************************/
1071
1072 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
1073 {
1074 unsigned int i;
1075 char *q = prs_mem_get(ps, str->str_str_len);
1076 if (q == NULL)
1077 return False;
1078
1079 if (UNMARSHALLING(ps)) {
1080 if (str->str_str_len > str->str_max_len) {
1081 return False;
1082 }
1083 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1084 if (str->buffer == NULL)
1085 return False;
1086 }
1087
1088 if (UNMARSHALLING(ps)) {
1089 for (i = 0; i < str->str_str_len; i++)
1090 str->buffer[i] = CVAL(q,i);
1091 } else {
1092 for (i = 0; i < str->str_str_len; i++)
1093 SCVAL(q, i, str->buffer[i]);
1094 }
1095
1096 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1097 if (charmode)
1098 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1099 else {
1100 for (i = 0; i < str->str_str_len; i++)
1101 DEBUG(5,("%02x ", str->buffer[i]));
1102 }
1103 DEBUG(5,("\n"));
1104
1105 ps->data_offset += str->str_str_len;
1106
1107 return True;
1108 }
1109
1110 /******************************************************************
1111 Stream a unicode string, length/buffer specified separately,
1112 in uint16 chars. The unicode string is already in little-endian format.
1113 ********************************************************************/
1114
1115 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1116 {
1117 char *p;
1118 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1119 if (q == NULL)
1120 return False;
1121
1122 /* If the string is empty, we don't have anything to stream */
1123 if (str->uni_str_len==0)
1124 return True;
1125
1126 if (UNMARSHALLING(ps)) {
1127 if (str->uni_str_len > str->uni_max_len) {
1128 return False;
1129 }
1130 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1131 if (str->buffer == NULL)
1132 return False;
1133 }
1134
1135 p = (char *)str->buffer;
1136
1137 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1138
1139 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1140
1141 return True;
1142 }
1143
1144 /******************************************************************
1145 Stream a unicode string, length/buffer specified separately,
1146 in uint16 chars. The unicode string is already in little-endian format.
1147 ********************************************************************/
1148
1149 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1150 {
1151 char *p;
1152 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1153 if (q == NULL)
1154 return False;
1155
1156 if (UNMARSHALLING(ps)) {
1157 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1158 if (str->str.buffer == NULL)
1159 return False;
1160 }
1161
1162 p = (char *)str->str.buffer;
1163
1164 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1165 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1166
1167 return True;
1168 }
1169
1170 /*******************************************************************
1171 Stream a unicode null-terminated string. As the string is already
1172 in little-endian format then do it as a stream of bytes.
1173 ********************************************************************/
1174
1175 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1176 {
1177 unsigned int len = 0;
1178 unsigned char *p = (unsigned char *)str->buffer;
1179 uint8 *start;
1180 char *q;
1181 uint32 max_len;
1182 uint16* ptr;
1183
1184 if (MARSHALLING(ps)) {
1185
1186 for(len = 0; str->buffer[len] != 0; len++)
1187 ;
1188
1189 q = prs_mem_get(ps, (len+1)*2);
1190 if (q == NULL)
1191 return False;
1192
1193 start = (uint8*)q;
1194
1195 for(len = 0; str->buffer[len] != 0; len++) {
1196 if(ps->bigendian_data) {
1197 /* swap bytes - p is little endian, q is big endian. */
1198 q[0] = (char)p[1];
1199 q[1] = (char)p[0];
1200 p += 2;
1201 q += 2;
1202 }
1203 else
1204 {
1205 q[0] = (char)p[0];
1206 q[1] = (char)p[1];
1207 p += 2;
1208 q += 2;
1209 }
1210 }
1211
1212 /*
1213 * even if the string is 'empty' (only an \0 char)
1214 * at this point the leading \0 hasn't been parsed.
1215 * so parse it now
1216 */
1217
1218 q[0] = 0;
1219 q[1] = 0;
1220 q += 2;
1221
1222 len++;
1223
1224 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1225 print_asc(5, (unsigned char*)start, 2*len);
1226 DEBUG(5, ("\n"));
1227 }
1228 else { /* unmarshalling */
1229
1230 uint32 alloc_len = 0;
1231 q = ps->data_p + prs_offset(ps);
1232
1233 /*
1234 * Work out how much space we need and talloc it.
1235 */
1236 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1237
1238 /* the test of the value of *ptr helps to catch the circumstance
1239 where we have an emtpty (non-existent) string in the buffer */
1240 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1241 /* do nothing */
1242 ;
1243
1244 if (alloc_len < max_len)
1245 alloc_len += 1;
1246
1247 /* should we allocate anything at all? */
1248 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1249 if ((str->buffer == NULL) && (alloc_len > 0))
1250 return False;
1251
1252 p = (unsigned char *)str->buffer;
1253
1254 len = 0;
1255 /* the (len < alloc_len) test is to prevent us from overwriting
1256 memory that is not ours...if we get that far, we have a non-null
1257 terminated string in the buffer and have messed up somewhere */
1258 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1259 if(ps->bigendian_data)
1260 {
1261 /* swap bytes - q is big endian, p is little endian. */
1262 p[0] = (unsigned char)q[1];
1263 p[1] = (unsigned char)q[0];
1264 p += 2;
1265 q += 2;
1266 } else {
1267
1268 p[0] = (unsigned char)q[0];
1269 p[1] = (unsigned char)q[1];
1270 p += 2;
1271 q += 2;
1272 }
1273
1274 len++;
1275 }
1276 if (len < alloc_len) {
1277 /* NULL terminate the UNISTR */
1278 str->buffer[len++] = '\0';
1279 }
1280
1281 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1282 print_asc(5, (unsigned char*)str->buffer, 2*len);
1283 DEBUG(5, ("\n"));
1284 }
1285
1286 /* set the offset in the prs_struct; 'len' points to the
1287 terminiating NULL in the UNISTR so we need to go one more
1288 uint16 */
1289 ps->data_offset += (len)*2;
1290
1291 return True;
1292 }
1293
1294
1295 /*******************************************************************
1296 Stream a null-terminated string. len is strlen, and therefore does
1297 not include the null-termination character.
1298 ********************************************************************/
1299
1300 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1301 {
1302 char *q;
1303 int i;
1304 int len;
1305
1306 if (UNMARSHALLING(ps))
1307 len = strlen(&ps->data_p[ps->data_offset]);
1308 else
1309 len = strlen(str);
1310
1311 len = MIN(len, (max_buf_size-1));
1312
1313 q = prs_mem_get(ps, len+1);
1314 if (q == NULL)
1315 return False;
1316
1317 for(i = 0; i < len; i++) {
1318 if (UNMARSHALLING(ps))
1319 str[i] = q[i];
1320 else
1321 q[i] = str[i];
1322 }
1323
1324 /* The terminating null. */
1325 str[i] = '\0';
1326
1327 if (MARSHALLING(ps)) {
1328 q[i] = '\0';
1329 }
1330
1331 ps->data_offset += len+1;
1332
1333 dump_data(5+depth, q, len);
1334
1335 return True;
1336 }
1337
1338 BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **str)
1339 {
1340 size_t len;
1341 char *tmp_str;
1342
1343 if (UNMARSHALLING(ps)) {
1344 len = strlen(&ps->data_p[ps->data_offset]);
1345 } else {
1346 len = strlen(*str);
1347 }
1348
1349 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1350
1351 if (tmp_str == NULL) {
1352 return False;
1353 }
1354
1355 if (MARSHALLING(ps)) {
1356 strncpy(tmp_str, *str, len);
1357 }
1358
1359 if (!prs_string(name, ps, depth, tmp_str, len+1)) {
1360 return False;
1361 }
1362
1363 *str = tmp_str;
1364 return True;
1365 }
1366
1367 /*******************************************************************
1368 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1369 uint16 should be stored, or gets the size if reading.
1370 ********************************************************************/
1371
1372 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1373 {
1374 *offset = ps->data_offset;
1375 if (UNMARSHALLING(ps)) {
1376 /* reading. */
1377 return prs_uint16(name, ps, depth, data16);
1378 } else {
1379 char *q = prs_mem_get(ps, sizeof(uint16));
1380 if(q ==NULL)
1381 return False;
1382 ps->data_offset += sizeof(uint16);
1383 }
1384 return True;
1385 }
1386
1387 /*******************************************************************
1388 prs_uint16 wrapper. call this and it retrospectively stores the size.
1389 does nothing on reading, as that is already handled by ...._pre()
1390 ********************************************************************/
1391
1392 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1393 uint32 ptr_uint16, uint32 start_offset)
1394 {
1395 if (MARSHALLING(ps)) {
1396 /*
1397 * Writing - temporarily move the offset pointer.
1398 */
1399 uint16 data_size = ps->data_offset - start_offset;
1400 uint32 old_offset = ps->data_offset;
1401
1402 ps->data_offset = ptr_uint16;
1403 if(!prs_uint16(name, ps, depth, &data_size)) {
1404 ps->data_offset = old_offset;
1405 return False;
1406 }
1407 ps->data_offset = old_offset;
1408 } else {
1409 ps->data_offset = start_offset + (uint32)(*data16);
1410 }
1411 return True;
1412 }
1413
1414 /*******************************************************************
1415 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1416 uint32 should be stored, or gets the size if reading.
1417 ********************************************************************/
1418
1419 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1420 {
1421 *offset = ps->data_offset;
1422 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1423 /* reading. */
1424 return prs_uint32(name, ps, depth, data32);
1425 } else {
1426 ps->data_offset += sizeof(uint32);
1427 }
1428 return True;
1429 }
1430
1431 /*******************************************************************
1432 prs_uint32 wrapper. call this and it retrospectively stores the size.
1433 does nothing on reading, as that is already handled by ...._pre()
1434 ********************************************************************/
1435
1436 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1437 uint32 ptr_uint32, uint32 data_size)
1438 {
1439 if (MARSHALLING(ps)) {
1440 /*
1441 * Writing - temporarily move the offset pointer.
1442 */
1443 uint32 old_offset = ps->data_offset;
1444 ps->data_offset = ptr_uint32;
1445 if(!prs_uint32(name, ps, depth, &data_size)) {
1446 ps->data_offset = old_offset;
1447 return False;
1448 }
1449 ps->data_offset = old_offset;
1450 }
1451 return True;
1452 }
1453
1454 /* useful function to store a structure in rpc wire format */
1455 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1456 {
1457 TDB_DATA kbuf, dbuf;
1458 kbuf.dptr = keystr;
1459 kbuf.dsize = strlen(keystr)+1;
1460 dbuf.dptr = ps->data_p;
1461 dbuf.dsize = prs_offset(ps);
1462 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1463 }
1464
1465 /* useful function to fetch a structure into rpc wire format */
1466 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1467 {
1468 TDB_DATA kbuf, dbuf;
1469 kbuf.dptr = keystr;
1470 kbuf.dsize = strlen(keystr)+1;
1471
1472 dbuf = tdb_fetch(tdb, kbuf);
1473 if (!dbuf.dptr)
1474 return -1;
1475
1476 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1477 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1478
1479 return 0;
1480 }
1481
1482 /*******************************************************************
1483 hash a stream.
1484 ********************************************************************/
1485
1486 BOOL prs_hash1(prs_struct *ps, uint32 offset, int len)
1487 {
1488 char *q;
1489
1490 q = ps->data_p;
1491 q = &q[offset];
1492
1493 #ifdef DEBUG_PASSWORD
1494 DEBUG(100, ("prs_hash1\n"));
1495 dump_data(100, ps->sess_key, 16);
1496 dump_data(100, q, len);
1497 #endif
1498 SamOEMhash((uchar *) q, (const unsigned char *)ps->sess_key, len);
1499
1500 #ifdef DEBUG_PASSWORD
1501 dump_data(100, q, len);
1502 #endif
1503
1504 return True;
1505 }
1506
1507 /*******************************************************************
1508 Create a digest over the entire packet (including the data), and
1509 MD5 it with the session key.
1510 ********************************************************************/
1511
1512 static void schannel_digest(struct schannel_auth_struct *a,
1513 enum pipe_auth_level auth_level,
1514 RPC_AUTH_SCHANNEL_CHK * verf,
1515 char *data, size_t data_len,
1516 uchar digest_final[16])
1517 {
1518 uchar whole_packet_digest[16];
1519 static uchar zeros[4];
1520 struct MD5Context ctx3;
1521
1522 /* verfiy the signature on the packet by MD5 over various bits */
1523 MD5Init(&ctx3);
1524 /* use our sequence number, which ensures the packet is not
1525 out of order */
1526 MD5Update(&ctx3, zeros, sizeof(zeros));
1527 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1528 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1529 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1530 }
1531 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1532 MD5Final(whole_packet_digest, &ctx3);
1533 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1534
1535 /* MD5 this result and the session key, to prove that
1536 only a valid client could had produced this */
1537 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1538 }
1539
1540 /*******************************************************************
1541 Calculate the key with which to encode the data payload
1542 ********************************************************************/
1543
1544 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1545 RPC_AUTH_SCHANNEL_CHK *verf,
1546 uchar sealing_key[16])
1547 {
1548 static uchar zeros[4];
1549 uchar digest2[16];
1550 uchar sess_kf0[16];
1551 int i;
1552
1553 for (i = 0; i < sizeof(sess_kf0); i++) {
1554 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1555 }
1556
1557 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1558
1559 /* MD5 of sess_kf0 and 4 zero bytes */
1560 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1561 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1562
1563 /* MD5 of the above result, plus 8 bytes of sequence number */
1564 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1565 dump_data_pw("sealing_key:\n", sealing_key, 16);
1566 }
1567
1568 /*******************************************************************
1569 Encode or Decode the sequence number (which is symmetric)
1570 ********************************************************************/
1571
1572 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1573 RPC_AUTH_SCHANNEL_CHK *verf)
1574 {
1575 static uchar zeros[4];
1576 uchar sequence_key[16];
1577 uchar digest1[16];
1578
1579 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1580 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1581
1582 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1583
1584 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1585
1586 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1587 SamOEMhash(verf->seq_num, sequence_key, 8);
1588 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1589 }
1590
1591 /*******************************************************************
1592 creates an RPC_AUTH_SCHANNEL_CHK structure.
1593 ********************************************************************/
1594
1595 static BOOL init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1596 const uchar sig[8],
1597 const uchar packet_digest[8],
1598 const uchar seq_num[8], const uchar confounder[8])
1599 {
1600 if (chk == NULL)
1601 return False;
1602
1603 memcpy(chk->sig, sig, sizeof(chk->sig));
1604 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1605 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1606 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1607
1608 return True;
1609 }
1610
1611 /*******************************************************************
1612 Encode a blob of data using the schannel alogrithm, also produceing
1613 a checksum over the original data. We currently only support
1614 signing and sealing togeather - the signing-only code is close, but not
1615 quite compatible with what MS does.
1616 ********************************************************************/
1617
1618 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1619 enum schannel_direction direction,
1620 RPC_AUTH_SCHANNEL_CHK * verf,
1621 char *data, size_t data_len)
1622 {
1623 uchar digest_final[16];
1624 uchar confounder[8];
1625 uchar seq_num[8];
1626 static const uchar nullbytes[8];
1627
1628 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1629 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1630 const uchar *schannel_sig = NULL;
1631
1632 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1633
1634 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1635 schannel_sig = schannel_seal_sig;
1636 } else {
1637 schannel_sig = schannel_sign_sig;
1638 }
1639
1640 /* fill the 'confounder' with random data */
1641 generate_random_buffer(confounder, sizeof(confounder));
1642
1643 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1644
1645 RSIVAL(seq_num, 0, a->seq_num);
1646
1647 switch (direction) {
1648 case SENDER_IS_INITIATOR:
1649 SIVAL(seq_num, 4, 0x80);
1650 break;
1651 case SENDER_IS_ACCEPTOR:
1652 SIVAL(seq_num, 4, 0x0);
1653 break;
1654 }
1655
1656 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1657
1658 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1659 seq_num, confounder);
1660
1661 /* produce a digest of the packet to prove it's legit (before we seal it) */
1662 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1663 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1664
1665 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1666 uchar sealing_key[16];
1667
1668 /* get the key to encode the data with */
1669 schannel_get_sealing_key(a, verf, sealing_key);
1670
1671 /* encode the verification data */
1672 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1673 SamOEMhash(verf->confounder, sealing_key, 8);
1674
1675 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1676
1677 /* encode the packet payload */
1678 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1679 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1680 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1681 }
1682
1683 /* encode the sequence number (key based on packet digest) */
1684 /* needs to be done after the sealing, as the original version
1685 is used in the sealing stuff... */
1686 schannel_deal_with_seq_num(a, verf);
1687
1688 return;
1689 }
1690
1691 /*******************************************************************
1692 Decode a blob of data using the schannel alogrithm, also verifiying
1693 a checksum over the original data. We currently can verify signed messages,
1694 as well as decode sealed messages
1695 ********************************************************************/
1696
1697 BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1698 enum schannel_direction direction,
1699 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1700 {
1701 uchar digest_final[16];
1702
1703 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1704 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1705 const uchar *schannel_sig = NULL;
1706
1707 uchar seq_num[8];
1708
1709 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1710
1711 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1712 schannel_sig = schannel_seal_sig;
1713 } else {
1714 schannel_sig = schannel_sign_sig;
1715 }
1716
1717 /* Create the expected sequence number for comparison */
1718 RSIVAL(seq_num, 0, a->seq_num);
1719
1720 switch (direction) {
1721 case SENDER_IS_INITIATOR:
1722 SIVAL(seq_num, 4, 0x80);
1723 break;
1724 case SENDER_IS_ACCEPTOR:
1725 SIVAL(seq_num, 4, 0x0);
1726 break;
1727 }
1728
1729 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1730 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1731
1732 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1733
1734 /* extract the sequence number (key based on supplied packet digest) */
1735 /* needs to be done before the sealing, as the original version
1736 is used in the sealing stuff... */
1737 schannel_deal_with_seq_num(a, verf);
1738
1739 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1740 /* don't even bother with the below if the sequence number is out */
1741 /* The sequence number is MD5'ed with a key based on the whole-packet
1742 digest, as supplied by the client. We check that it's a valid
1743 checksum after the decode, below
1744 */
1745 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1746 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1747 DEBUG(2, ("should be:\n"));
1748 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1749
1750 return False;
1751 }
1752
1753 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1754 /* Validate that the other end sent the expected header */
1755 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1756 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1757 DEBUG(2, ("should be:\n"));
1758 dump_data(2, (const char*)schannel_sig, sizeof(schannel_sig));
1759 return False;
1760 }
1761
1762 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1763 uchar sealing_key[16];
1764
1765 /* get the key to extract the data with */
1766 schannel_get_sealing_key(a, verf, sealing_key);
1767
1768 /* extract the verification data */
1769 dump_data_pw("verf->confounder:\n", verf->confounder,
1770 sizeof(verf->confounder));
1771 SamOEMhash(verf->confounder, sealing_key, 8);
1772
1773 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1774 sizeof(verf->confounder));
1775
1776 /* extract the packet payload */
1777 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1778 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1779 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1780 }
1781
1782 /* digest includes 'data' after unsealing */
1783 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1784
1785 dump_data_pw("Calculated digest:\n", digest_final,
1786 sizeof(digest_final));
1787 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1788 sizeof(verf->packet_digest));
1789
1790 /* compare - if the client got the same result as us, then
1791 it must know the session key */
1792 return (memcmp(digest_final, verf->packet_digest,
1793 sizeof(verf->packet_digest)) == 0);
1794 }