2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
30 * Dump a prs to a file: from the current location through to the end.
32 void prs_dump(char *name
, int v
, prs_struct
*ps
)
34 prs_dump_region(name
, v
, ps
, ps
->data_offset
, ps
->buffer_size
);
38 * Dump from the start of the prs to the current location.
40 void prs_dump_before(char *name
, int v
, prs_struct
*ps
)
42 prs_dump_region(name
, v
, ps
, 0, ps
->data_offset
);
46 * Dump everything from the start of the prs up to the current location.
48 void prs_dump_region(char *name
, int v
, prs_struct
*ps
,
49 int from_off
, int to_off
)
54 if (DEBUGLEVEL
< 50) return;
57 slprintf(fname
,sizeof(fname
)-1, "/tmp/%s_%d.%d.prs", name
, v
, i
);
59 slprintf(fname
,sizeof(fname
)-1, "/tmp/%s.%d.prs", name
, i
);
61 fd
= open(fname
, O_WRONLY
|O_CREAT
|O_EXCL
, 0644);
62 if (fd
!= -1 || errno
!= EEXIST
) break;
65 sz
= write(fd
, ps
->data_p
+ from_off
, to_off
- from_off
);
67 if ( (sz
!= to_off
-from_off
) || (i
!= 0) ) {
68 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname
, (unsigned long)sz
, (unsigned long)to_off
-from_off
, i
));
70 DEBUG(0,("created %s\n", fname
));
75 /*******************************************************************
76 Debug output for parsing info
78 XXXX side-effect of this function is to increase the debug depth XXXX.
80 ********************************************************************/
82 void prs_debug(prs_struct
*ps
, int depth
, const char *desc
, const char *fn_name
)
84 DEBUG(5+depth
, ("%s%06x %s %s\n", tab_depth(depth
), ps
->data_offset
, fn_name
, desc
));
88 * Initialise an expandable parse structure.
90 * @param size Initial buffer size. If >0, a new buffer will be
91 * created with malloc().
93 * @return False if allocation fails, otherwise True.
96 BOOL
prs_init(prs_struct
*ps
, uint32 size
, TALLOC_CTX
*ctx
, BOOL io
)
100 ps
->bigendian_data
= RPC_LITTLE_ENDIAN
;
101 ps
->align
= RPC_PARSE_ALIGN
;
102 ps
->is_dynamic
= False
;
109 ps
->buffer_size
= size
;
110 if((ps
->data_p
= (char *)SMB_MALLOC((size_t)size
)) == NULL
) {
111 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size
));
114 memset(ps
->data_p
, '\0', (size_t)size
);
115 ps
->is_dynamic
= True
; /* We own this memory. */
116 } else if (MARSHALLING(ps
)) {
117 /* If size is zero and we're marshalling we should allocate memory on demand. */
118 ps
->is_dynamic
= True
;
124 /*******************************************************************
125 Delete the memory in a parse structure - if we own it.
126 ********************************************************************/
128 void prs_mem_free(prs_struct
*ps
)
131 SAFE_FREE(ps
->data_p
);
132 ps
->is_dynamic
= False
;
137 /*******************************************************************
138 Clear the memory in a parse structure.
139 ********************************************************************/
141 void prs_mem_clear(prs_struct
*ps
)
144 memset(ps
->data_p
, '\0', (size_t)ps
->buffer_size
);
147 /*******************************************************************
148 Allocate memory when unmarshalling... Always zero clears.
149 ********************************************************************/
151 #if defined(PARANOID_MALLOC_CHECKER)
152 char *prs_alloc_mem_(prs_struct
*ps
, size_t size
, unsigned int count
)
154 char *prs_alloc_mem(prs_struct
*ps
, size_t size
, unsigned int count
)
160 /* We can't call the type-safe version here. */
161 ret
= _talloc_zero_array(ps
->mem_ctx
, size
, count
, "parse_prs");
166 /*******************************************************************
167 Return the current talloc context we're using.
168 ********************************************************************/
170 TALLOC_CTX
*prs_get_mem_context(prs_struct
*ps
)
175 /*******************************************************************
176 Hand some already allocated memory to a prs_struct.
177 ********************************************************************/
179 void prs_give_memory(prs_struct
*ps
, char *buf
, uint32 size
, BOOL is_dynamic
)
181 ps
->is_dynamic
= is_dynamic
;
183 ps
->buffer_size
= size
;
186 /*******************************************************************
187 Take some memory back from a prs_struct.
188 ********************************************************************/
190 char *prs_take_memory(prs_struct
*ps
, uint32
*psize
)
192 char *ret
= ps
->data_p
;
194 *psize
= ps
->buffer_size
;
195 ps
->is_dynamic
= False
;
200 /*******************************************************************
201 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
202 ********************************************************************/
204 BOOL
prs_set_buffer_size(prs_struct
*ps
, uint32 newsize
)
206 if (newsize
> ps
->buffer_size
)
207 return prs_force_grow(ps
, newsize
- ps
->buffer_size
);
209 if (newsize
< ps
->buffer_size
) {
210 ps
->buffer_size
= newsize
;
212 /* newsize == 0 acts as a free and set pointer to NULL */
214 SAFE_FREE(ps
->data_p
);
216 ps
->data_p
= SMB_REALLOC(ps
->data_p
, newsize
);
218 if (ps
->data_p
== NULL
) {
219 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
220 (unsigned int)newsize
));
221 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno
)));
230 /*******************************************************************
231 Attempt, if needed, to grow a data buffer.
232 Also depends on the data stream mode (io).
233 ********************************************************************/
235 BOOL
prs_grow(prs_struct
*ps
, uint32 extra_space
)
239 ps
->grow_size
= MAX(ps
->grow_size
, ps
->data_offset
+ extra_space
);
241 if(ps
->data_offset
+ extra_space
<= ps
->buffer_size
)
245 * We cannot grow the buffer if we're not reading
246 * into the prs_struct, or if we don't own the memory.
249 if(UNMARSHALLING(ps
) || !ps
->is_dynamic
) {
250 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
251 (unsigned int)extra_space
));
256 * Decide how much extra space we really need.
259 extra_space
-= (ps
->buffer_size
- ps
->data_offset
);
260 if(ps
->buffer_size
== 0) {
262 * Ensure we have at least a PDU's length, or extra_space, whichever
266 new_size
= MAX(RPC_MAX_PDU_FRAG_LEN
,extra_space
);
268 if((ps
->data_p
= SMB_MALLOC(new_size
)) == NULL
) {
269 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size
));
272 memset(ps
->data_p
, '\0', (size_t)new_size
);
275 * If the current buffer size is bigger than the space needed, just
276 * double it, else add extra_space.
278 new_size
= MAX(ps
->buffer_size
*2, ps
->buffer_size
+ extra_space
);
280 if ((ps
->data_p
= SMB_REALLOC(ps
->data_p
, new_size
)) == NULL
) {
281 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
282 (unsigned int)new_size
));
286 memset(&ps
->data_p
[ps
->buffer_size
], '\0', (size_t)(new_size
- ps
->buffer_size
));
288 ps
->buffer_size
= new_size
;
293 /*******************************************************************
294 Attempt to force a data buffer to grow by len bytes.
295 This is only used when appending more data onto a prs_struct
296 when reading an rpc reply, before unmarshalling it.
297 ********************************************************************/
299 BOOL
prs_force_grow(prs_struct
*ps
, uint32 extra_space
)
301 uint32 new_size
= ps
->buffer_size
+ extra_space
;
303 if(!UNMARSHALLING(ps
) || !ps
->is_dynamic
) {
304 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
305 (unsigned int)extra_space
));
309 if((ps
->data_p
= SMB_REALLOC(ps
->data_p
, new_size
)) == NULL
) {
310 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
311 (unsigned int)new_size
));
315 memset(&ps
->data_p
[ps
->buffer_size
], '\0', (size_t)(new_size
- ps
->buffer_size
));
317 ps
->buffer_size
= new_size
;
322 /*******************************************************************
323 Get the data pointer (external interface).
324 ********************************************************************/
326 char *prs_data_p(prs_struct
*ps
)
331 /*******************************************************************
332 Get the current data size (external interface).
333 ********************************************************************/
335 uint32
prs_data_size(prs_struct
*ps
)
337 return ps
->buffer_size
;
340 /*******************************************************************
341 Fetch the current offset (external interface).
342 ********************************************************************/
344 uint32
prs_offset(prs_struct
*ps
)
346 return ps
->data_offset
;
349 /*******************************************************************
350 Set the current offset (external interface).
351 ********************************************************************/
353 BOOL
prs_set_offset(prs_struct
*ps
, uint32 offset
)
355 if(offset
<= ps
->data_offset
) {
356 ps
->data_offset
= offset
;
360 if(!prs_grow(ps
, offset
- ps
->data_offset
))
363 ps
->data_offset
= offset
;
367 /*******************************************************************
368 Append the data from one parse_struct into another.
369 ********************************************************************/
371 BOOL
prs_append_prs_data(prs_struct
*dst
, prs_struct
*src
)
373 if (prs_offset(src
) == 0)
376 if(!prs_grow(dst
, prs_offset(src
)))
379 memcpy(&dst
->data_p
[dst
->data_offset
], src
->data_p
, (size_t)prs_offset(src
));
380 dst
->data_offset
+= prs_offset(src
);
385 /*******************************************************************
386 Append some data from one parse_struct into another.
387 ********************************************************************/
389 BOOL
prs_append_some_prs_data(prs_struct
*dst
, prs_struct
*src
, int32 start
, uint32 len
)
394 if(!prs_grow(dst
, len
))
397 memcpy(&dst
->data_p
[dst
->data_offset
], src
->data_p
+ start
, (size_t)len
);
398 dst
->data_offset
+= len
;
403 /*******************************************************************
404 Append the data from a buffer into a parse_struct.
405 ********************************************************************/
407 BOOL
prs_copy_data_in(prs_struct
*dst
, const char *src
, uint32 len
)
412 if(!prs_grow(dst
, len
))
415 memcpy(&dst
->data_p
[dst
->data_offset
], src
, (size_t)len
);
416 dst
->data_offset
+= len
;
421 /*******************************************************************
422 Copy some data from a parse_struct into a buffer.
423 ********************************************************************/
425 BOOL
prs_copy_data_out(char *dst
, prs_struct
*src
, uint32 len
)
430 if(!prs_mem_get(src
, len
))
433 memcpy(dst
, &src
->data_p
[src
->data_offset
], (size_t)len
);
434 src
->data_offset
+= len
;
439 /*******************************************************************
440 Copy all the data from a parse_struct into a buffer.
441 ********************************************************************/
443 BOOL
prs_copy_all_data_out(char *dst
, prs_struct
*src
)
445 uint32 len
= prs_offset(src
);
450 prs_set_offset(src
, 0);
451 return prs_copy_data_out(dst
, src
, len
);
454 /*******************************************************************
455 Set the data as X-endian (external interface).
456 ********************************************************************/
458 void prs_set_endian_data(prs_struct
*ps
, BOOL endian
)
460 ps
->bigendian_data
= endian
;
463 /*******************************************************************
464 Align a the data_len to a multiple of align bytes - filling with
466 ********************************************************************/
468 BOOL
prs_align(prs_struct
*ps
)
470 uint32 mod
= ps
->data_offset
& (ps
->align
-1);
472 if (ps
->align
!= 0 && mod
!= 0) {
473 uint32 extra_space
= (ps
->align
- mod
);
474 if(!prs_grow(ps
, extra_space
))
476 memset(&ps
->data_p
[ps
->data_offset
], '\0', (size_t)extra_space
);
477 ps
->data_offset
+= extra_space
;
483 /******************************************************************
484 Align on a 2 byte boundary
485 *****************************************************************/
487 BOOL
prs_align_uint16(prs_struct
*ps
)
490 uint8 old_align
= ps
->align
;
494 ps
->align
= old_align
;
499 /******************************************************************
500 Align on a 8 byte boundary
501 *****************************************************************/
503 BOOL
prs_align_uint64(prs_struct
*ps
)
506 uint8 old_align
= ps
->align
;
510 ps
->align
= old_align
;
515 /******************************************************************
516 Align on a specific byte boundary
517 *****************************************************************/
519 BOOL
prs_align_custom(prs_struct
*ps
, uint8 boundary
)
522 uint8 old_align
= ps
->align
;
524 ps
->align
= boundary
;
526 ps
->align
= old_align
;
533 /*******************************************************************
534 Align only if required (for the unistr2 string mainly)
535 ********************************************************************/
537 BOOL
prs_align_needed(prs_struct
*ps
, uint32 needed
)
542 return prs_align(ps
);
545 /*******************************************************************
546 Ensure we can read/write to a given offset.
547 ********************************************************************/
549 char *prs_mem_get(prs_struct
*ps
, uint32 extra_size
)
551 if(UNMARSHALLING(ps
)) {
553 * If reading, ensure that we can read the requested size item.
555 if (ps
->data_offset
+ extra_size
> ps
->buffer_size
) {
556 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
557 "buffer by %u bytes.\n",
558 (unsigned int)extra_size
,
559 (unsigned int)(ps
->data_offset
+ extra_size
- ps
->buffer_size
) ));
564 * Writing - grow the buffer if needed.
566 if(!prs_grow(ps
, extra_size
))
569 return &ps
->data_p
[ps
->data_offset
];
572 /*******************************************************************
573 Change the struct type.
574 ********************************************************************/
576 void prs_switch_type(prs_struct
*ps
, BOOL io
)
578 if ((ps
->io
^ io
) == True
)
582 /*******************************************************************
583 Force a prs_struct to be dynamic even when it's size is 0.
584 ********************************************************************/
586 void prs_force_dynamic(prs_struct
*ps
)
591 /*******************************************************************
592 Associate a session key with a parse struct.
593 ********************************************************************/
595 void prs_set_session_key(prs_struct
*ps
, const char sess_key
[16])
597 ps
->sess_key
= sess_key
;
600 /*******************************************************************
602 ********************************************************************/
604 BOOL
prs_uint8(const char *name
, prs_struct
*ps
, int depth
, uint8
*data8
)
606 char *q
= prs_mem_get(ps
, 1);
610 if (UNMARSHALLING(ps
))
615 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth
), ps
->data_offset
, name
, *data8
));
617 ps
->data_offset
+= 1;
622 /*******************************************************************
623 Stream a uint16* (allocate memory if unmarshalling)
624 ********************************************************************/
626 BOOL
prs_pointer( const char *name
, prs_struct
*ps
, int depth
,
627 void **data
, size_t data_size
,
628 BOOL(*prs_fn
)(const char*, prs_struct
*, int, void*) )
632 /* output f000baaa to stream if the pointer is non-zero. */
634 data_p
= *data
? 0xf000baaa : 0;
636 if ( !prs_uint32("ptr", ps
, depth
, &data_p
))
639 /* we're done if there is no data */
644 if (UNMARSHALLING(ps
)) {
645 if ( !(*data
= PRS_ALLOC_MEM_VOID(ps
, data_size
)) )
649 return prs_fn(name
, ps
, depth
, *data
);
653 /*******************************************************************
655 ********************************************************************/
657 BOOL
prs_uint16(const char *name
, prs_struct
*ps
, int depth
, uint16
*data16
)
659 char *q
= prs_mem_get(ps
, sizeof(uint16
));
663 if (UNMARSHALLING(ps
)) {
664 if (ps
->bigendian_data
)
665 *data16
= RSVAL(q
,0);
669 if (ps
->bigendian_data
)
675 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth
), ps
->data_offset
, name
, *data16
));
677 ps
->data_offset
+= sizeof(uint16
);
682 /*******************************************************************
684 ********************************************************************/
686 BOOL
prs_uint32(const char *name
, prs_struct
*ps
, int depth
, uint32
*data32
)
688 char *q
= prs_mem_get(ps
, sizeof(uint32
));
692 if (UNMARSHALLING(ps
)) {
693 if (ps
->bigendian_data
)
694 *data32
= RIVAL(q
,0);
698 if (ps
->bigendian_data
)
704 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth
), ps
->data_offset
, name
, *data32
));
706 ps
->data_offset
+= sizeof(uint32
);
711 /*******************************************************************
713 ********************************************************************/
715 BOOL
prs_int32(const char *name
, prs_struct
*ps
, int depth
, int32
*data32
)
717 char *q
= prs_mem_get(ps
, sizeof(int32
));
721 if (UNMARSHALLING(ps
)) {
722 if (ps
->bigendian_data
)
723 *data32
= RIVALS(q
,0);
725 *data32
= IVALS(q
,0);
727 if (ps
->bigendian_data
)
728 RSIVALS(q
,0,*data32
);
733 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth
), ps
->data_offset
, name
, *data32
));
735 ps
->data_offset
+= sizeof(int32
);
740 /*******************************************************************
742 ********************************************************************/
744 BOOL
prs_ntstatus(const char *name
, prs_struct
*ps
, int depth
, NTSTATUS
*status
)
746 char *q
= prs_mem_get(ps
, sizeof(uint32
));
750 if (UNMARSHALLING(ps
)) {
751 if (ps
->bigendian_data
)
752 *status
= NT_STATUS(RIVAL(q
,0));
754 *status
= NT_STATUS(IVAL(q
,0));
756 if (ps
->bigendian_data
)
757 RSIVAL(q
,0,NT_STATUS_V(*status
));
759 SIVAL(q
,0,NT_STATUS_V(*status
));
762 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth
), ps
->data_offset
, name
,
763 nt_errstr(*status
)));
765 ps
->data_offset
+= sizeof(uint32
);
770 /*******************************************************************
771 Stream a DCE error code
772 ********************************************************************/
774 BOOL
prs_dcerpc_status(const char *name
, prs_struct
*ps
, int depth
, NTSTATUS
*status
)
776 char *q
= prs_mem_get(ps
, sizeof(uint32
));
780 if (UNMARSHALLING(ps
)) {
781 if (ps
->bigendian_data
)
782 *status
= NT_STATUS(RIVAL(q
,0));
784 *status
= NT_STATUS(IVAL(q
,0));
786 if (ps
->bigendian_data
)
787 RSIVAL(q
,0,NT_STATUS_V(*status
));
789 SIVAL(q
,0,NT_STATUS_V(*status
));
792 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth
), ps
->data_offset
, name
,
793 dcerpc_errstr(NT_STATUS_V(*status
))));
795 ps
->data_offset
+= sizeof(uint32
);
801 /*******************************************************************
803 ********************************************************************/
805 BOOL
prs_werror(const char *name
, prs_struct
*ps
, int depth
, WERROR
*status
)
807 char *q
= prs_mem_get(ps
, sizeof(uint32
));
811 if (UNMARSHALLING(ps
)) {
812 if (ps
->bigendian_data
)
813 *status
= W_ERROR(RIVAL(q
,0));
815 *status
= W_ERROR(IVAL(q
,0));
817 if (ps
->bigendian_data
)
818 RSIVAL(q
,0,W_ERROR_V(*status
));
820 SIVAL(q
,0,W_ERROR_V(*status
));
823 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth
), ps
->data_offset
, name
,
824 dos_errstr(*status
)));
826 ps
->data_offset
+= sizeof(uint32
);
832 /******************************************************************
833 Stream an array of uint8s. Length is number of uint8s.
834 ********************************************************************/
836 BOOL
prs_uint8s(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, uint8
*data8s
, int len
)
839 char *q
= prs_mem_get(ps
, len
);
843 if (UNMARSHALLING(ps
)) {
844 for (i
= 0; i
< len
; i
++)
845 data8s
[i
] = CVAL(q
,i
);
847 for (i
= 0; i
< len
; i
++)
848 SCVAL(q
, i
, data8s
[i
]);
851 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
,name
));
853 print_asc(5, (unsigned char*)data8s
, len
);
855 for (i
= 0; i
< len
; i
++)
856 DEBUG(5,("%02x ", data8s
[i
]));
860 ps
->data_offset
+= len
;
865 /******************************************************************
866 Stream an array of uint16s. Length is number of uint16s.
867 ********************************************************************/
869 BOOL
prs_uint16s(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, uint16
*data16s
, int len
)
872 char *q
= prs_mem_get(ps
, len
* sizeof(uint16
));
876 if (UNMARSHALLING(ps
)) {
877 if (ps
->bigendian_data
) {
878 for (i
= 0; i
< len
; i
++)
879 data16s
[i
] = RSVAL(q
, 2*i
);
881 for (i
= 0; i
< len
; i
++)
882 data16s
[i
] = SVAL(q
, 2*i
);
885 if (ps
->bigendian_data
) {
886 for (i
= 0; i
< len
; i
++)
887 RSSVAL(q
, 2*i
, data16s
[i
]);
889 for (i
= 0; i
< len
; i
++)
890 SSVAL(q
, 2*i
, data16s
[i
]);
894 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
896 print_asc(5, (unsigned char*)data16s
, 2*len
);
898 for (i
= 0; i
< len
; i
++)
899 DEBUG(5,("%04x ", data16s
[i
]));
903 ps
->data_offset
+= (len
* sizeof(uint16
));
908 /******************************************************************
909 Start using a function for streaming unicode chars. If unmarshalling,
910 output must be little-endian, if marshalling, input must be little-endian.
911 ********************************************************************/
913 static void dbg_rw_punival(BOOL charmode
, const char *name
, int depth
, prs_struct
*ps
,
914 char *in_buf
, char *out_buf
, int len
)
918 if (UNMARSHALLING(ps
)) {
919 if (ps
->bigendian_data
) {
920 for (i
= 0; i
< len
; i
++)
921 SSVAL(out_buf
,2*i
,RSVAL(in_buf
, 2*i
));
923 for (i
= 0; i
< len
; i
++)
924 SSVAL(out_buf
, 2*i
, SVAL(in_buf
, 2*i
));
927 if (ps
->bigendian_data
) {
928 for (i
= 0; i
< len
; i
++)
929 RSSVAL(in_buf
, 2*i
, SVAL(out_buf
,2*i
));
931 for (i
= 0; i
< len
; i
++)
932 SSVAL(in_buf
, 2*i
, SVAL(out_buf
,2*i
));
936 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
938 print_asc(5, (unsigned char*)out_buf
, 2*len
);
940 for (i
= 0; i
< len
; i
++)
941 DEBUG(5,("%04x ", out_buf
[i
]));
946 /******************************************************************
947 Stream a unistr. Always little endian.
948 ********************************************************************/
950 BOOL
prs_uint16uni(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, uint16
*data16s
, int len
)
952 char *q
= prs_mem_get(ps
, len
* sizeof(uint16
));
956 dbg_rw_punival(charmode
, name
, depth
, ps
, q
, (char *)data16s
, len
);
957 ps
->data_offset
+= (len
* sizeof(uint16
));
962 /******************************************************************
963 Stream an array of uint32s. Length is number of uint32s.
964 ********************************************************************/
966 BOOL
prs_uint32s(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, uint32
*data32s
, int len
)
969 char *q
= prs_mem_get(ps
, len
* sizeof(uint32
));
973 if (UNMARSHALLING(ps
)) {
974 if (ps
->bigendian_data
) {
975 for (i
= 0; i
< len
; i
++)
976 data32s
[i
] = RIVAL(q
, 4*i
);
978 for (i
= 0; i
< len
; i
++)
979 data32s
[i
] = IVAL(q
, 4*i
);
982 if (ps
->bigendian_data
) {
983 for (i
= 0; i
< len
; i
++)
984 RSIVAL(q
, 4*i
, data32s
[i
]);
986 for (i
= 0; i
< len
; i
++)
987 SIVAL(q
, 4*i
, data32s
[i
]);
991 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
993 print_asc(5, (unsigned char*)data32s
, 4*len
);
995 for (i
= 0; i
< len
; i
++)
996 DEBUG(5,("%08x ", data32s
[i
]));
1000 ps
->data_offset
+= (len
* sizeof(uint32
));
1005 /******************************************************************
1006 Stream an array of unicode string, length/buffer specified separately,
1007 in uint16 chars. The unicode string is already in little-endian format.
1008 ********************************************************************/
1010 BOOL
prs_buffer5(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, BUFFER5
*str
)
1013 char *q
= prs_mem_get(ps
, str
->buf_len
* sizeof(uint16
));
1017 if (UNMARSHALLING(ps
)) {
1018 str
->buffer
= PRS_ALLOC_MEM(ps
,uint16
,str
->buf_len
);
1019 if (str
->buffer
== NULL
)
1023 /* If the string is empty, we don't have anything to stream */
1024 if (str
->buf_len
==0)
1027 p
= (char *)str
->buffer
;
1029 dbg_rw_punival(charmode
, name
, depth
, ps
, q
, p
, str
->buf_len
);
1031 ps
->data_offset
+= (str
->buf_len
* sizeof(uint16
));
1036 /******************************************************************
1037 Stream a "not" unicode string, length/buffer specified separately,
1038 in byte chars. String is in little-endian format.
1039 ********************************************************************/
1041 BOOL
prs_regval_buffer(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, REGVAL_BUFFER
*buf
)
1044 char *q
= prs_mem_get(ps
, buf
->buf_len
);
1048 if (UNMARSHALLING(ps
)) {
1049 if (buf
->buf_len
> buf
->buf_max_len
) {
1052 if ( buf
->buf_max_len
) {
1053 buf
->buffer
= PRS_ALLOC_MEM(ps
, uint16
, buf
->buf_max_len
);
1054 if ( buf
->buffer
== NULL
)
1059 p
= (char *)buf
->buffer
;
1061 dbg_rw_punival(charmode
, name
, depth
, ps
, q
, p
, buf
->buf_len
/2);
1062 ps
->data_offset
+= buf
->buf_len
;
1067 /******************************************************************
1068 Stream a string, length/buffer specified separately,
1070 ********************************************************************/
1072 BOOL
prs_string2(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, STRING2
*str
)
1075 char *q
= prs_mem_get(ps
, str
->str_str_len
);
1079 if (UNMARSHALLING(ps
)) {
1080 if (str
->str_str_len
> str
->str_max_len
) {
1083 str
->buffer
= PRS_ALLOC_MEM(ps
,unsigned char, str
->str_max_len
);
1084 if (str
->buffer
== NULL
)
1088 if (UNMARSHALLING(ps
)) {
1089 for (i
= 0; i
< str
->str_str_len
; i
++)
1090 str
->buffer
[i
] = CVAL(q
,i
);
1092 for (i
= 0; i
< str
->str_str_len
; i
++)
1093 SCVAL(q
, i
, str
->buffer
[i
]);
1096 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
1098 print_asc(5, (unsigned char*)str
->buffer
, str
->str_str_len
);
1100 for (i
= 0; i
< str
->str_str_len
; i
++)
1101 DEBUG(5,("%02x ", str
->buffer
[i
]));
1105 ps
->data_offset
+= str
->str_str_len
;
1110 /******************************************************************
1111 Stream a unicode string, length/buffer specified separately,
1112 in uint16 chars. The unicode string is already in little-endian format.
1113 ********************************************************************/
1115 BOOL
prs_unistr2(BOOL charmode
, const char *name
, prs_struct
*ps
, int depth
, UNISTR2
*str
)
1118 char *q
= prs_mem_get(ps
, str
->uni_str_len
* sizeof(uint16
));
1122 /* If the string is empty, we don't have anything to stream */
1123 if (str
->uni_str_len
==0)
1126 if (UNMARSHALLING(ps
)) {
1127 if (str
->uni_str_len
> str
->uni_max_len
) {
1130 str
->buffer
= PRS_ALLOC_MEM(ps
,uint16
,str
->uni_max_len
);
1131 if (str
->buffer
== NULL
)
1135 p
= (char *)str
->buffer
;
1137 dbg_rw_punival(charmode
, name
, depth
, ps
, q
, p
, str
->uni_str_len
);
1139 ps
->data_offset
+= (str
->uni_str_len
* sizeof(uint16
));
1144 /******************************************************************
1145 Stream a unicode string, length/buffer specified separately,
1146 in uint16 chars. The unicode string is already in little-endian format.
1147 ********************************************************************/
1149 BOOL
prs_unistr3(BOOL charmode
, const char *name
, UNISTR3
*str
, prs_struct
*ps
, int depth
)
1152 char *q
= prs_mem_get(ps
, str
->uni_str_len
* sizeof(uint16
));
1156 if (UNMARSHALLING(ps
)) {
1157 str
->str
.buffer
= PRS_ALLOC_MEM(ps
,uint16
,str
->uni_str_len
);
1158 if (str
->str
.buffer
== NULL
)
1162 p
= (char *)str
->str
.buffer
;
1164 dbg_rw_punival(charmode
, name
, depth
, ps
, q
, p
, str
->uni_str_len
);
1165 ps
->data_offset
+= (str
->uni_str_len
* sizeof(uint16
));
1170 /*******************************************************************
1171 Stream a unicode null-terminated string. As the string is already
1172 in little-endian format then do it as a stream of bytes.
1173 ********************************************************************/
1175 BOOL
prs_unistr(const char *name
, prs_struct
*ps
, int depth
, UNISTR
*str
)
1177 unsigned int len
= 0;
1178 unsigned char *p
= (unsigned char *)str
->buffer
;
1184 if (MARSHALLING(ps
)) {
1186 for(len
= 0; str
->buffer
[len
] != 0; len
++)
1189 q
= prs_mem_get(ps
, (len
+1)*2);
1195 for(len
= 0; str
->buffer
[len
] != 0; len
++) {
1196 if(ps
->bigendian_data
) {
1197 /* swap bytes - p is little endian, q is big endian. */
1213 * even if the string is 'empty' (only an \0 char)
1214 * at this point the leading \0 hasn't been parsed.
1224 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
1225 print_asc(5, (unsigned char*)start
, 2*len
);
1228 else { /* unmarshalling */
1230 uint32 alloc_len
= 0;
1231 q
= ps
->data_p
+ prs_offset(ps
);
1234 * Work out how much space we need and talloc it.
1236 max_len
= (ps
->buffer_size
- ps
->data_offset
)/sizeof(uint16
);
1238 /* the test of the value of *ptr helps to catch the circumstance
1239 where we have an emtpty (non-existent) string in the buffer */
1240 for ( ptr
= (uint16
*)q
; *ptr
++ && (alloc_len
<= max_len
); alloc_len
++)
1244 if (alloc_len
< max_len
)
1247 /* should we allocate anything at all? */
1248 str
->buffer
= PRS_ALLOC_MEM(ps
,uint16
,alloc_len
);
1249 if ((str
->buffer
== NULL
) && (alloc_len
> 0))
1252 p
= (unsigned char *)str
->buffer
;
1255 /* the (len < alloc_len) test is to prevent us from overwriting
1256 memory that is not ours...if we get that far, we have a non-null
1257 terminated string in the buffer and have messed up somewhere */
1258 while ((len
< alloc_len
) && (*(uint16
*)q
!= 0)) {
1259 if(ps
->bigendian_data
)
1261 /* swap bytes - q is big endian, p is little endian. */
1262 p
[0] = (unsigned char)q
[1];
1263 p
[1] = (unsigned char)q
[0];
1268 p
[0] = (unsigned char)q
[0];
1269 p
[1] = (unsigned char)q
[1];
1276 if (len
< alloc_len
) {
1277 /* NULL terminate the UNISTR */
1278 str
->buffer
[len
++] = '\0';
1281 DEBUG(5,("%s%04x %s: ", tab_depth(depth
), ps
->data_offset
, name
));
1282 print_asc(5, (unsigned char*)str
->buffer
, 2*len
);
1286 /* set the offset in the prs_struct; 'len' points to the
1287 terminiating NULL in the UNISTR so we need to go one more
1289 ps
->data_offset
+= (len
)*2;
1295 /*******************************************************************
1296 Stream a null-terminated string. len is strlen, and therefore does
1297 not include the null-termination character.
1298 ********************************************************************/
1300 BOOL
prs_string(const char *name
, prs_struct
*ps
, int depth
, char *str
, int max_buf_size
)
1306 if (UNMARSHALLING(ps
))
1307 len
= strlen(&ps
->data_p
[ps
->data_offset
]);
1311 len
= MIN(len
, (max_buf_size
-1));
1313 q
= prs_mem_get(ps
, len
+1);
1317 for(i
= 0; i
< len
; i
++) {
1318 if (UNMARSHALLING(ps
))
1324 /* The terminating null. */
1327 if (MARSHALLING(ps
)) {
1331 ps
->data_offset
+= len
+1;
1333 dump_data(5+depth
, q
, len
);
1338 BOOL
prs_string_alloc(const char *name
, prs_struct
*ps
, int depth
, const char **str
)
1343 if (UNMARSHALLING(ps
)) {
1344 len
= strlen(&ps
->data_p
[ps
->data_offset
]);
1349 tmp_str
= PRS_ALLOC_MEM(ps
, char, len
+1);
1351 if (tmp_str
== NULL
) {
1355 if (MARSHALLING(ps
)) {
1356 strncpy(tmp_str
, *str
, len
);
1359 if (!prs_string(name
, ps
, depth
, tmp_str
, len
+1)) {
1367 /*******************************************************************
1368 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1369 uint16 should be stored, or gets the size if reading.
1370 ********************************************************************/
1372 BOOL
prs_uint16_pre(const char *name
, prs_struct
*ps
, int depth
, uint16
*data16
, uint32
*offset
)
1374 *offset
= ps
->data_offset
;
1375 if (UNMARSHALLING(ps
)) {
1377 return prs_uint16(name
, ps
, depth
, data16
);
1379 char *q
= prs_mem_get(ps
, sizeof(uint16
));
1382 ps
->data_offset
+= sizeof(uint16
);
1387 /*******************************************************************
1388 prs_uint16 wrapper. call this and it retrospectively stores the size.
1389 does nothing on reading, as that is already handled by ...._pre()
1390 ********************************************************************/
1392 BOOL
prs_uint16_post(const char *name
, prs_struct
*ps
, int depth
, uint16
*data16
,
1393 uint32 ptr_uint16
, uint32 start_offset
)
1395 if (MARSHALLING(ps
)) {
1397 * Writing - temporarily move the offset pointer.
1399 uint16 data_size
= ps
->data_offset
- start_offset
;
1400 uint32 old_offset
= ps
->data_offset
;
1402 ps
->data_offset
= ptr_uint16
;
1403 if(!prs_uint16(name
, ps
, depth
, &data_size
)) {
1404 ps
->data_offset
= old_offset
;
1407 ps
->data_offset
= old_offset
;
1409 ps
->data_offset
= start_offset
+ (uint32
)(*data16
);
1414 /*******************************************************************
1415 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1416 uint32 should be stored, or gets the size if reading.
1417 ********************************************************************/
1419 BOOL
prs_uint32_pre(const char *name
, prs_struct
*ps
, int depth
, uint32
*data32
, uint32
*offset
)
1421 *offset
= ps
->data_offset
;
1422 if (UNMARSHALLING(ps
) && (data32
!= NULL
)) {
1424 return prs_uint32(name
, ps
, depth
, data32
);
1426 ps
->data_offset
+= sizeof(uint32
);
1431 /*******************************************************************
1432 prs_uint32 wrapper. call this and it retrospectively stores the size.
1433 does nothing on reading, as that is already handled by ...._pre()
1434 ********************************************************************/
1436 BOOL
prs_uint32_post(const char *name
, prs_struct
*ps
, int depth
, uint32
*data32
,
1437 uint32 ptr_uint32
, uint32 data_size
)
1439 if (MARSHALLING(ps
)) {
1441 * Writing - temporarily move the offset pointer.
1443 uint32 old_offset
= ps
->data_offset
;
1444 ps
->data_offset
= ptr_uint32
;
1445 if(!prs_uint32(name
, ps
, depth
, &data_size
)) {
1446 ps
->data_offset
= old_offset
;
1449 ps
->data_offset
= old_offset
;
1454 /* useful function to store a structure in rpc wire format */
1455 int tdb_prs_store(TDB_CONTEXT
*tdb
, char *keystr
, prs_struct
*ps
)
1457 TDB_DATA kbuf
, dbuf
;
1459 kbuf
.dsize
= strlen(keystr
)+1;
1460 dbuf
.dptr
= ps
->data_p
;
1461 dbuf
.dsize
= prs_offset(ps
);
1462 return tdb_store(tdb
, kbuf
, dbuf
, TDB_REPLACE
);
1465 /* useful function to fetch a structure into rpc wire format */
1466 int tdb_prs_fetch(TDB_CONTEXT
*tdb
, char *keystr
, prs_struct
*ps
, TALLOC_CTX
*mem_ctx
)
1468 TDB_DATA kbuf
, dbuf
;
1470 kbuf
.dsize
= strlen(keystr
)+1;
1472 dbuf
= tdb_fetch(tdb
, kbuf
);
1476 prs_init(ps
, 0, mem_ctx
, UNMARSHALL
);
1477 prs_give_memory(ps
, dbuf
.dptr
, dbuf
.dsize
, True
);
1482 /*******************************************************************
1484 ********************************************************************/
1486 BOOL
prs_hash1(prs_struct
*ps
, uint32 offset
, int len
)
1493 #ifdef DEBUG_PASSWORD
1494 DEBUG(100, ("prs_hash1\n"));
1495 dump_data(100, ps
->sess_key
, 16);
1496 dump_data(100, q
, len
);
1498 SamOEMhash((uchar
*) q
, (const unsigned char *)ps
->sess_key
, len
);
1500 #ifdef DEBUG_PASSWORD
1501 dump_data(100, q
, len
);
1507 /*******************************************************************
1508 Create a digest over the entire packet (including the data), and
1509 MD5 it with the session key.
1510 ********************************************************************/
1512 static void schannel_digest(struct schannel_auth_struct
*a
,
1513 enum pipe_auth_level auth_level
,
1514 RPC_AUTH_SCHANNEL_CHK
* verf
,
1515 char *data
, size_t data_len
,
1516 uchar digest_final
[16])
1518 uchar whole_packet_digest
[16];
1519 static uchar zeros
[4];
1520 struct MD5Context ctx3
;
1522 /* verfiy the signature on the packet by MD5 over various bits */
1524 /* use our sequence number, which ensures the packet is not
1526 MD5Update(&ctx3
, zeros
, sizeof(zeros
));
1527 MD5Update(&ctx3
, verf
->sig
, sizeof(verf
->sig
));
1528 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1529 MD5Update(&ctx3
, verf
->confounder
, sizeof(verf
->confounder
));
1531 MD5Update(&ctx3
, (const unsigned char *)data
, data_len
);
1532 MD5Final(whole_packet_digest
, &ctx3
);
1533 dump_data_pw("whole_packet_digest:\n", whole_packet_digest
, sizeof(whole_packet_digest
));
1535 /* MD5 this result and the session key, to prove that
1536 only a valid client could had produced this */
1537 hmac_md5(a
->sess_key
, whole_packet_digest
, sizeof(whole_packet_digest
), digest_final
);
1540 /*******************************************************************
1541 Calculate the key with which to encode the data payload
1542 ********************************************************************/
1544 static void schannel_get_sealing_key(struct schannel_auth_struct
*a
,
1545 RPC_AUTH_SCHANNEL_CHK
*verf
,
1546 uchar sealing_key
[16])
1548 static uchar zeros
[4];
1553 for (i
= 0; i
< sizeof(sess_kf0
); i
++) {
1554 sess_kf0
[i
] = a
->sess_key
[i
] ^ 0xf0;
1557 dump_data_pw("sess_kf0:\n", sess_kf0
, sizeof(sess_kf0
));
1559 /* MD5 of sess_kf0 and 4 zero bytes */
1560 hmac_md5(sess_kf0
, zeros
, 0x4, digest2
);
1561 dump_data_pw("digest2:\n", digest2
, sizeof(digest2
));
1563 /* MD5 of the above result, plus 8 bytes of sequence number */
1564 hmac_md5(digest2
, verf
->seq_num
, sizeof(verf
->seq_num
), sealing_key
);
1565 dump_data_pw("sealing_key:\n", sealing_key
, 16);
1568 /*******************************************************************
1569 Encode or Decode the sequence number (which is symmetric)
1570 ********************************************************************/
1572 static void schannel_deal_with_seq_num(struct schannel_auth_struct
*a
,
1573 RPC_AUTH_SCHANNEL_CHK
*verf
)
1575 static uchar zeros
[4];
1576 uchar sequence_key
[16];
1579 hmac_md5(a
->sess_key
, zeros
, sizeof(zeros
), digest1
);
1580 dump_data_pw("(sequence key) digest1:\n", digest1
, sizeof(digest1
));
1582 hmac_md5(digest1
, verf
->packet_digest
, 8, sequence_key
);
1584 dump_data_pw("sequence_key:\n", sequence_key
, sizeof(sequence_key
));
1586 dump_data_pw("seq_num (before):\n", verf
->seq_num
, sizeof(verf
->seq_num
));
1587 SamOEMhash(verf
->seq_num
, sequence_key
, 8);
1588 dump_data_pw("seq_num (after):\n", verf
->seq_num
, sizeof(verf
->seq_num
));
1591 /*******************************************************************
1592 creates an RPC_AUTH_SCHANNEL_CHK structure.
1593 ********************************************************************/
1595 static BOOL
init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK
* chk
,
1597 const uchar packet_digest
[8],
1598 const uchar seq_num
[8], const uchar confounder
[8])
1603 memcpy(chk
->sig
, sig
, sizeof(chk
->sig
));
1604 memcpy(chk
->packet_digest
, packet_digest
, sizeof(chk
->packet_digest
));
1605 memcpy(chk
->seq_num
, seq_num
, sizeof(chk
->seq_num
));
1606 memcpy(chk
->confounder
, confounder
, sizeof(chk
->confounder
));
1611 /*******************************************************************
1612 Encode a blob of data using the schannel alogrithm, also produceing
1613 a checksum over the original data. We currently only support
1614 signing and sealing togeather - the signing-only code is close, but not
1615 quite compatible with what MS does.
1616 ********************************************************************/
1618 void schannel_encode(struct schannel_auth_struct
*a
, enum pipe_auth_level auth_level
,
1619 enum schannel_direction direction
,
1620 RPC_AUTH_SCHANNEL_CHK
* verf
,
1621 char *data
, size_t data_len
)
1623 uchar digest_final
[16];
1624 uchar confounder
[8];
1626 static const uchar nullbytes
[8];
1628 static const uchar schannel_seal_sig
[8] = SCHANNEL_SEAL_SIGNATURE
;
1629 static const uchar schannel_sign_sig
[8] = SCHANNEL_SIGN_SIGNATURE
;
1630 const uchar
*schannel_sig
= NULL
;
1632 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1634 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1635 schannel_sig
= schannel_seal_sig
;
1637 schannel_sig
= schannel_sign_sig
;
1640 /* fill the 'confounder' with random data */
1641 generate_random_buffer(confounder
, sizeof(confounder
));
1643 dump_data_pw("a->sess_key:\n", a
->sess_key
, sizeof(a
->sess_key
));
1645 RSIVAL(seq_num
, 0, a
->seq_num
);
1647 switch (direction
) {
1648 case SENDER_IS_INITIATOR
:
1649 SIVAL(seq_num
, 4, 0x80);
1651 case SENDER_IS_ACCEPTOR
:
1652 SIVAL(seq_num
, 4, 0x0);
1656 dump_data_pw("verf->seq_num:\n", seq_num
, sizeof(verf
->seq_num
));
1658 init_rpc_auth_schannel_chk(verf
, schannel_sig
, nullbytes
,
1659 seq_num
, confounder
);
1661 /* produce a digest of the packet to prove it's legit (before we seal it) */
1662 schannel_digest(a
, auth_level
, verf
, data
, data_len
, digest_final
);
1663 memcpy(verf
->packet_digest
, digest_final
, sizeof(verf
->packet_digest
));
1665 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1666 uchar sealing_key
[16];
1668 /* get the key to encode the data with */
1669 schannel_get_sealing_key(a
, verf
, sealing_key
);
1671 /* encode the verification data */
1672 dump_data_pw("verf->confounder:\n", verf
->confounder
, sizeof(verf
->confounder
));
1673 SamOEMhash(verf
->confounder
, sealing_key
, 8);
1675 dump_data_pw("verf->confounder_enc:\n", verf
->confounder
, sizeof(verf
->confounder
));
1677 /* encode the packet payload */
1678 dump_data_pw("data:\n", (const unsigned char *)data
, data_len
);
1679 SamOEMhash((unsigned char *)data
, sealing_key
, data_len
);
1680 dump_data_pw("data_enc:\n", (const unsigned char *)data
, data_len
);
1683 /* encode the sequence number (key based on packet digest) */
1684 /* needs to be done after the sealing, as the original version
1685 is used in the sealing stuff... */
1686 schannel_deal_with_seq_num(a
, verf
);
1691 /*******************************************************************
1692 Decode a blob of data using the schannel alogrithm, also verifiying
1693 a checksum over the original data. We currently can verify signed messages,
1694 as well as decode sealed messages
1695 ********************************************************************/
1697 BOOL
schannel_decode(struct schannel_auth_struct
*a
, enum pipe_auth_level auth_level
,
1698 enum schannel_direction direction
,
1699 RPC_AUTH_SCHANNEL_CHK
* verf
, char *data
, size_t data_len
)
1701 uchar digest_final
[16];
1703 static const uchar schannel_seal_sig
[8] = SCHANNEL_SEAL_SIGNATURE
;
1704 static const uchar schannel_sign_sig
[8] = SCHANNEL_SIGN_SIGNATURE
;
1705 const uchar
*schannel_sig
= NULL
;
1709 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1711 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1712 schannel_sig
= schannel_seal_sig
;
1714 schannel_sig
= schannel_sign_sig
;
1717 /* Create the expected sequence number for comparison */
1718 RSIVAL(seq_num
, 0, a
->seq_num
);
1720 switch (direction
) {
1721 case SENDER_IS_INITIATOR
:
1722 SIVAL(seq_num
, 4, 0x80);
1724 case SENDER_IS_ACCEPTOR
:
1725 SIVAL(seq_num
, 4, 0x0);
1729 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a
->seq_num
, (unsigned long)data_len
));
1730 dump_data_pw("a->sess_key:\n", a
->sess_key
, sizeof(a
->sess_key
));
1732 dump_data_pw("seq_num:\n", seq_num
, sizeof(seq_num
));
1734 /* extract the sequence number (key based on supplied packet digest) */
1735 /* needs to be done before the sealing, as the original version
1736 is used in the sealing stuff... */
1737 schannel_deal_with_seq_num(a
, verf
);
1739 if (memcmp(verf
->seq_num
, seq_num
, sizeof(seq_num
))) {
1740 /* don't even bother with the below if the sequence number is out */
1741 /* The sequence number is MD5'ed with a key based on the whole-packet
1742 digest, as supplied by the client. We check that it's a valid
1743 checksum after the decode, below
1745 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1746 dump_data(2, (const char*)verf
->seq_num
, sizeof(verf
->seq_num
));
1747 DEBUG(2, ("should be:\n"));
1748 dump_data(2, (const char*)seq_num
, sizeof(seq_num
));
1753 if (memcmp(verf
->sig
, schannel_sig
, sizeof(verf
->sig
))) {
1754 /* Validate that the other end sent the expected header */
1755 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1756 dump_data(2, (const char*)verf
->sig
, sizeof(verf
->sig
));
1757 DEBUG(2, ("should be:\n"));
1758 dump_data(2, (const char*)schannel_sig
, sizeof(schannel_sig
));
1762 if (auth_level
== PIPE_AUTH_LEVEL_PRIVACY
) {
1763 uchar sealing_key
[16];
1765 /* get the key to extract the data with */
1766 schannel_get_sealing_key(a
, verf
, sealing_key
);
1768 /* extract the verification data */
1769 dump_data_pw("verf->confounder:\n", verf
->confounder
,
1770 sizeof(verf
->confounder
));
1771 SamOEMhash(verf
->confounder
, sealing_key
, 8);
1773 dump_data_pw("verf->confounder_dec:\n", verf
->confounder
,
1774 sizeof(verf
->confounder
));
1776 /* extract the packet payload */
1777 dump_data_pw("data :\n", (const unsigned char *)data
, data_len
);
1778 SamOEMhash((unsigned char *)data
, sealing_key
, data_len
);
1779 dump_data_pw("datadec:\n", (const unsigned char *)data
, data_len
);
1782 /* digest includes 'data' after unsealing */
1783 schannel_digest(a
, auth_level
, verf
, data
, data_len
, digest_final
);
1785 dump_data_pw("Calculated digest:\n", digest_final
,
1786 sizeof(digest_final
));
1787 dump_data_pw("verf->packet_digest:\n", verf
->packet_digest
,
1788 sizeof(verf
->packet_digest
));
1790 /* compare - if the client got the same result as us, then
1791 it must know the session key */
1792 return (memcmp(digest_final
, verf
->packet_digest
,
1793 sizeof(verf
->packet_digest
)) == 0);