2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
39 0x2b, 0x10, 0x48, 0x60 } \
43 #define SYNT_NETLOGON_V2 \
46 0x8a885d04, 0x1ceb, 0x11c9, \
49 0x2b, 0x10, 0x48, 0x60 } \
53 #define SYNT_WKSSVC_V1 \
56 0x6bffd098, 0xa112, 0x3610, \
59 0xf8, 0x7e, 0x34, 0x5a } \
63 #define SYNT_SRVSVC_V3 \
66 0x4b324fc8, 0x1670, 0x01d3, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
73 #define SYNT_LSARPC_V0 \
76 0x12345778, 0x1234, 0xabcd, \
79 0x45, 0x67, 0x89, 0xab } \
83 #define SYNT_LSARPC_V0_DS \
86 0x3919286a, 0xb10c, 0x11d0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
93 #define SYNT_SAMR_V1 \
96 0x12345778, 0x1234, 0xabcd, \
99 0x45, 0x67, 0x89, 0xac } \
103 #define SYNT_NETLOGON_V1 \
106 0x12345678, 0x1234, 0xabcd, \
109 0x45, 0x67, 0xcf, 0xfb } \
113 #define SYNT_WINREG_V1 \
116 0x338cd001, 0x2244, 0x31f1, \
119 0x38, 0x00, 0x10, 0x03 } \
123 #define SYNT_SPOOLSS_V1 \
126 0x12345678, 0x1234, 0xabcd, \
129 0x45, 0x67, 0x89, 0xab } \
133 #define SYNT_NONE_V0 \
139 0x00, 0x00, 0x00, 0x00 } \
143 #define SYNT_NETDFS_V3 \
146 0x4fc742e0, 0x4a10, 0x11cf, \
149 0x00, 0x4a, 0xe6, 0x73 } \
153 #define SYNT_ECHO_V1 \
156 0x60a15ec5, 0x4de8, 0x11d7, \
159 0x56, 0xa2, 0x01, 0x82 } \
163 #define SYNT_SHUTDOWN_V1 \
166 0x894de0c0, 0x0d55, 0x11d3, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
173 #define SYNT_SVCCTL_V2 \
176 0x367abb81, 0x9844, 0x35f1, \
179 0x38, 0x00, 0x10, 0x03 } \
184 #define SYNT_EVENTLOG_V0 \
187 0x82273fdc, 0xe32a, 0x18c3, \
190 0x29, 0xdc, 0x23, 0xea } \
195 * IMPORTANT!! If you update this structure, make sure to
196 * update the index #defines in smb.h.
199 const struct pipe_id_info pipe_names
[] =
201 /* client pipe , abstract syntax , server pipe , transfer syntax */
202 { PIPE_LSARPC
, SYNT_LSARPC_V0
, PIPE_LSASS
, TRANS_SYNT_V2
},
203 { PIPE_LSARPC
, SYNT_LSARPC_V0_DS
, PIPE_LSASS
, TRANS_SYNT_V2
},
204 { PIPE_SAMR
, SYNT_SAMR_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
205 { PIPE_NETLOGON
, SYNT_NETLOGON_V1
, PIPE_LSASS
, TRANS_SYNT_V2
},
206 { PIPE_SRVSVC
, SYNT_SRVSVC_V3
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
207 { PIPE_WKSSVC
, SYNT_WKSSVC_V1
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
208 { PIPE_WINREG
, SYNT_WINREG_V1
, PIPE_WINREG
, TRANS_SYNT_V2
},
209 { PIPE_SPOOLSS
, SYNT_SPOOLSS_V1
, PIPE_SPOOLSS
, TRANS_SYNT_V2
},
210 { PIPE_NETDFS
, SYNT_NETDFS_V3
, PIPE_NETDFS
, TRANS_SYNT_V2
},
211 { PIPE_ECHO
, SYNT_ECHO_V1
, PIPE_ECHO
, TRANS_SYNT_V2
},
212 { PIPE_SHUTDOWN
, SYNT_SHUTDOWN_V1
, PIPE_SHUTDOWN
, TRANS_SYNT_V2
},
213 { PIPE_SVCCTL
, SYNT_SVCCTL_V2
, PIPE_NTSVCS
, TRANS_SYNT_V2
},
214 { PIPE_EVENTLOG
, SYNT_EVENTLOG_V0
, PIPE_EVENTLOG
, TRANS_SYNT_V2
},
215 { NULL
, SYNT_NONE_V0
, NULL
, SYNT_NONE_V0
}
218 /*******************************************************************
219 Inits an RPC_HDR structure.
220 ********************************************************************/
222 void init_rpc_hdr(RPC_HDR
*hdr
, enum RPC_PKT_TYPE pkt_type
, uint8 flags
,
223 uint32 call_id
, int data_len
, int auth_len
)
225 hdr
->major
= 5; /* RPC version 5 */
226 hdr
->minor
= 0; /* minor version 0 */
227 hdr
->pkt_type
= pkt_type
; /* RPC packet type */
228 hdr
->flags
= flags
; /* dce/rpc flags */
229 hdr
->pack_type
[0] = 0x10; /* little-endian data representation */
230 hdr
->pack_type
[1] = 0; /* packed data representation */
231 hdr
->pack_type
[2] = 0; /* packed data representation */
232 hdr
->pack_type
[3] = 0; /* packed data representation */
233 hdr
->frag_len
= data_len
; /* fragment length, fill in later */
234 hdr
->auth_len
= auth_len
; /* authentication length */
235 hdr
->call_id
= call_id
; /* call identifier - match incoming RPC */
238 /*******************************************************************
239 Reads or writes an RPC_HDR structure.
240 ********************************************************************/
242 BOOL
smb_io_rpc_hdr(const char *desc
, RPC_HDR
*rpc
, prs_struct
*ps
, int depth
)
247 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr");
250 if(!prs_uint8 ("major ", ps
, depth
, &rpc
->major
))
253 if(!prs_uint8 ("minor ", ps
, depth
, &rpc
->minor
))
255 if(!prs_uint8 ("pkt_type ", ps
, depth
, &rpc
->pkt_type
))
257 if(!prs_uint8 ("flags ", ps
, depth
, &rpc
->flags
))
260 /* We always marshall in little endian format. */
262 rpc
->pack_type
[0] = 0x10;
264 if(!prs_uint8("pack_type0", ps
, depth
, &rpc
->pack_type
[0]))
266 if(!prs_uint8("pack_type1", ps
, depth
, &rpc
->pack_type
[1]))
268 if(!prs_uint8("pack_type2", ps
, depth
, &rpc
->pack_type
[2]))
270 if(!prs_uint8("pack_type3", ps
, depth
, &rpc
->pack_type
[3]))
274 * If reading and pack_type[0] == 0 then the data is in big-endian
275 * format. Set the flag in the prs_struct to specify reverse-endainness.
278 if (UNMARSHALLING(ps
) && rpc
->pack_type
[0] == 0) {
279 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
280 prs_set_endian_data(ps
, RPC_BIG_ENDIAN
);
283 if(!prs_uint16("frag_len ", ps
, depth
, &rpc
->frag_len
))
285 if(!prs_uint16("auth_len ", ps
, depth
, &rpc
->auth_len
))
287 if(!prs_uint32("call_id ", ps
, depth
, &rpc
->call_id
))
292 /*******************************************************************
293 Reads or writes an RPC_IFACE structure.
294 ********************************************************************/
296 static BOOL
smb_io_rpc_iface(const char *desc
, RPC_IFACE
*ifc
, prs_struct
*ps
, int depth
)
301 prs_debug(ps
, depth
, desc
, "smb_io_rpc_iface");
307 if (!smb_io_uuid( "uuid", &ifc
->uuid
, ps
, depth
))
310 if(!prs_uint32 ("version", ps
, depth
, &ifc
->version
))
316 /*******************************************************************
317 Inits an RPC_ADDR_STR structure.
318 ********************************************************************/
320 static void init_rpc_addr_str(RPC_ADDR_STR
*str
, const char *name
)
322 str
->len
= strlen(name
) + 1;
323 fstrcpy(str
->str
, name
);
326 /*******************************************************************
327 Reads or writes an RPC_ADDR_STR structure.
328 ********************************************************************/
330 static BOOL
smb_io_rpc_addr_str(const char *desc
, RPC_ADDR_STR
*str
, prs_struct
*ps
, int depth
)
335 prs_debug(ps
, depth
, desc
, "smb_io_rpc_addr_str");
340 if(!prs_uint16 ( "len", ps
, depth
, &str
->len
))
342 if(!prs_uint8s (True
, "str", ps
, depth
, (uchar
*)str
->str
, MIN(str
->len
, sizeof(str
->str
)) ))
347 /*******************************************************************
348 Inits an RPC_HDR_BBA structure.
349 ********************************************************************/
351 static void init_rpc_hdr_bba(RPC_HDR_BBA
*bba
, uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
)
353 bba
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
354 bba
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
355 bba
->assoc_gid
= assoc_gid
; /* associated group id (0x0) */
358 /*******************************************************************
359 Reads or writes an RPC_HDR_BBA structure.
360 ********************************************************************/
362 static BOOL
smb_io_rpc_hdr_bba(const char *desc
, RPC_HDR_BBA
*rpc
, prs_struct
*ps
, int depth
)
367 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_bba");
370 if(!prs_uint16("max_tsize", ps
, depth
, &rpc
->max_tsize
))
372 if(!prs_uint16("max_rsize", ps
, depth
, &rpc
->max_rsize
))
374 if(!prs_uint32("assoc_gid", ps
, depth
, &rpc
->assoc_gid
))
379 /*******************************************************************
380 Inits an RPC_CONTEXT structure.
381 Note the transfer pointer must remain valid until this is marshalled.
382 ********************************************************************/
384 void init_rpc_context(RPC_CONTEXT
*rpc_ctx
, uint16 context_id
, RPC_IFACE
*abstract
, RPC_IFACE
*transfer
)
386 rpc_ctx
->context_id
= context_id
; /* presentation context identifier (0x0) */
387 rpc_ctx
->num_transfer_syntaxes
= 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
389 /* num and vers. of interface client is using */
390 rpc_ctx
->abstract
= *abstract
;
392 /* vers. of interface to use for replies */
393 rpc_ctx
->transfer
= transfer
;
396 /*******************************************************************
397 Inits an RPC_HDR_RB structure.
398 Note the context pointer must remain valid until this is marshalled.
399 ********************************************************************/
401 void init_rpc_hdr_rb(RPC_HDR_RB
*rpc
,
402 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
403 RPC_CONTEXT
*context
)
405 init_rpc_hdr_bba(&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
407 rpc
->num_contexts
= 1;
408 rpc
->rpc_context
= context
;
411 /*******************************************************************
412 Reads or writes an RPC_CONTEXT structure.
413 ********************************************************************/
415 BOOL
smb_io_rpc_context(const char *desc
, RPC_CONTEXT
*rpc_ctx
, prs_struct
*ps
, int depth
)
424 if(!prs_uint16("context_id ", ps
, depth
, &rpc_ctx
->context_id
))
426 if(!prs_uint8 ("num_transfer_syntaxes", ps
, depth
, &rpc_ctx
->num_transfer_syntaxes
))
429 /* num_transfer_syntaxes must not be zero. */
430 if (rpc_ctx
->num_transfer_syntaxes
== 0)
433 if(!smb_io_rpc_iface("", &rpc_ctx
->abstract
, ps
, depth
))
436 if (UNMARSHALLING(ps
)) {
437 if (!(rpc_ctx
->transfer
= PRS_ALLOC_MEM(ps
, RPC_IFACE
, rpc_ctx
->num_transfer_syntaxes
))) {
442 for (i
= 0; i
< rpc_ctx
->num_transfer_syntaxes
; i
++ ) {
443 if (!smb_io_rpc_iface("", &rpc_ctx
->transfer
[i
], ps
, depth
))
449 /*******************************************************************
450 Reads or writes an RPC_HDR_RB structure.
451 ********************************************************************/
453 BOOL
smb_io_rpc_hdr_rb(const char *desc
, RPC_HDR_RB
*rpc
, prs_struct
*ps
, int depth
)
460 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_rb");
463 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
466 if(!prs_uint8("num_contexts", ps
, depth
, &rpc
->num_contexts
))
469 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
471 /* num_contexts must not be zero. */
472 if (rpc
->num_contexts
== 0)
475 if (UNMARSHALLING(ps
)) {
476 if (!(rpc
->rpc_context
= PRS_ALLOC_MEM(ps
, RPC_CONTEXT
, rpc
->num_contexts
))) {
481 for (i
= 0; i
< rpc
->num_contexts
; i
++ ) {
482 if (!smb_io_rpc_context("", &rpc
->rpc_context
[i
], ps
, depth
))
489 /*******************************************************************
490 Inits an RPC_RESULTS structure.
492 lkclXXXX only one reason at the moment!
493 ********************************************************************/
495 static void init_rpc_results(RPC_RESULTS
*res
,
496 uint8 num_results
, uint16 result
, uint16 reason
)
498 res
->num_results
= num_results
; /* the number of results (0x01) */
499 res
->result
= result
; /* result (0x00 = accept) */
500 res
->reason
= reason
; /* reason (0x00 = no reason specified) */
503 /*******************************************************************
504 Reads or writes an RPC_RESULTS structure.
506 lkclXXXX only one reason at the moment!
507 ********************************************************************/
509 static BOOL
smb_io_rpc_results(const char *desc
, RPC_RESULTS
*res
, prs_struct
*ps
, int depth
)
514 prs_debug(ps
, depth
, desc
, "smb_io_rpc_results");
520 if(!prs_uint8 ("num_results", ps
, depth
, &res
->num_results
))
526 if(!prs_uint16("result ", ps
, depth
, &res
->result
))
528 if(!prs_uint16("reason ", ps
, depth
, &res
->reason
))
533 /*******************************************************************
534 Init an RPC_HDR_BA structure.
536 lkclXXXX only one reason at the moment!
538 ********************************************************************/
540 void init_rpc_hdr_ba(RPC_HDR_BA
*rpc
,
541 uint16 max_tsize
, uint16 max_rsize
, uint32 assoc_gid
,
542 const char *pipe_addr
,
543 uint8 num_results
, uint16 result
, uint16 reason
,
546 init_rpc_hdr_bba (&rpc
->bba
, max_tsize
, max_rsize
, assoc_gid
);
547 init_rpc_addr_str(&rpc
->addr
, pipe_addr
);
548 init_rpc_results (&rpc
->res
, num_results
, result
, reason
);
550 /* the transfer syntax from the request */
551 memcpy(&rpc
->transfer
, transfer
, sizeof(rpc
->transfer
));
554 /*******************************************************************
555 Reads or writes an RPC_HDR_BA structure.
556 ********************************************************************/
558 BOOL
smb_io_rpc_hdr_ba(const char *desc
, RPC_HDR_BA
*rpc
, prs_struct
*ps
, int depth
)
563 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_ba");
566 if(!smb_io_rpc_hdr_bba("", &rpc
->bba
, ps
, depth
))
568 if(!smb_io_rpc_addr_str("", &rpc
->addr
, ps
, depth
))
570 if(!smb_io_rpc_results("", &rpc
->res
, ps
, depth
))
572 if(!smb_io_rpc_iface("", &rpc
->transfer
, ps
, depth
))
577 /*******************************************************************
578 Init an RPC_HDR_REQ structure.
579 ********************************************************************/
581 void init_rpc_hdr_req(RPC_HDR_REQ
*hdr
, uint32 alloc_hint
, uint16 opnum
)
583 hdr
->alloc_hint
= alloc_hint
; /* allocation hint */
584 hdr
->context_id
= 0; /* presentation context identifier */
585 hdr
->opnum
= opnum
; /* opnum */
588 /*******************************************************************
589 Reads or writes an RPC_HDR_REQ structure.
590 ********************************************************************/
592 BOOL
smb_io_rpc_hdr_req(const char *desc
, RPC_HDR_REQ
*rpc
, prs_struct
*ps
, int depth
)
597 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_req");
600 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
602 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
604 if(!prs_uint16("opnum ", ps
, depth
, &rpc
->opnum
))
609 /*******************************************************************
610 Reads or writes an RPC_HDR_RESP structure.
611 ********************************************************************/
613 BOOL
smb_io_rpc_hdr_resp(const char *desc
, RPC_HDR_RESP
*rpc
, prs_struct
*ps
, int depth
)
618 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_resp");
621 if(!prs_uint32("alloc_hint", ps
, depth
, &rpc
->alloc_hint
))
623 if(!prs_uint16("context_id", ps
, depth
, &rpc
->context_id
))
625 if(!prs_uint8 ("cancel_ct ", ps
, depth
, &rpc
->cancel_count
))
627 if(!prs_uint8 ("reserved ", ps
, depth
, &rpc
->reserved
))
632 /*******************************************************************
633 Reads or writes an RPC_HDR_FAULT structure.
634 ********************************************************************/
636 BOOL
smb_io_rpc_hdr_fault(const char *desc
, RPC_HDR_FAULT
*rpc
, prs_struct
*ps
, int depth
)
641 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_fault");
644 if(!prs_ntstatus("status ", ps
, depth
, &rpc
->status
))
646 if(!prs_uint32("reserved", ps
, depth
, &rpc
->reserved
))
652 /*******************************************************************
653 Inits an RPC_HDR_AUTH structure.
654 ********************************************************************/
656 void init_rpc_hdr_auth(RPC_HDR_AUTH
*rai
,
657 uint8 auth_type
, uint8 auth_level
,
659 uint32 auth_context_id
)
661 rai
->auth_type
= auth_type
; /* nt lm ssp 0x0a */
662 rai
->auth_level
= auth_level
; /* 0x06 */
663 rai
->auth_pad_len
= auth_pad_len
;
664 rai
->auth_reserved
= 0;
665 rai
->auth_context_id
= auth_context_id
;
668 /*******************************************************************
669 Reads or writes an RPC_HDR_AUTH structure.
670 ********************************************************************/
672 BOOL
smb_io_rpc_hdr_auth(const char *desc
, RPC_HDR_AUTH
*rai
, prs_struct
*ps
, int depth
)
677 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_auth");
683 if(!prs_uint8 ("auth_type ", ps
, depth
, &rai
->auth_type
)) /* 0x0a nt lm ssp */
685 if(!prs_uint8 ("auth_level ", ps
, depth
, &rai
->auth_level
)) /* 0x06 */
687 if(!prs_uint8 ("auth_pad_len ", ps
, depth
, &rai
->auth_pad_len
))
689 if(!prs_uint8 ("auth_reserved", ps
, depth
, &rai
->auth_reserved
))
691 if(!prs_uint32("auth_context_id", ps
, depth
, &rai
->auth_context_id
))
698 /*******************************************************************
699 Init an RPC_HDR_AUTHA structure.
700 ********************************************************************/
702 void init_rpc_hdr_autha(RPC_HDR_AUTHA
*rai
,
703 uint16 max_tsize
, uint16 max_rsize
,
706 rai
->max_tsize
= max_tsize
; /* maximum transmission fragment size (0x1630) */
707 rai
->max_rsize
= max_rsize
; /* max receive fragment size (0x1630) */
711 /*******************************************************************
712 Reads or writes an RPC_HDR_AUTHA structure.
713 ********************************************************************/
715 BOOL
smb_io_rpc_hdr_autha(const char *desc
, RPC_HDR_AUTHA
*rai
, prs_struct
*ps
, int depth
)
720 prs_debug(ps
, depth
, desc
, "smb_io_rpc_hdr_autha");
723 if(!prs_uint16("max_tsize ", ps
, depth
, &rai
->max_tsize
))
725 if(!prs_uint16("max_rsize ", ps
, depth
, &rai
->max_rsize
))
728 if(!smb_io_rpc_hdr_auth("auth", &rai
->auth
, ps
, depth
))
734 /*******************************************************************
735 Checks an RPC_AUTH_VERIFIER structure.
736 ********************************************************************/
738 BOOL
rpc_auth_verifier_chk(RPC_AUTH_VERIFIER
*rav
,
739 const char *signature
, uint32 msg_type
)
741 return (strequal(rav
->signature
, signature
) && rav
->msg_type
== msg_type
);
744 /*******************************************************************
745 Inits an RPC_AUTH_VERIFIER structure.
746 ********************************************************************/
748 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER
*rav
,
749 const char *signature
, uint32 msg_type
)
751 fstrcpy(rav
->signature
, signature
); /* "NTLMSSP" */
752 rav
->msg_type
= msg_type
; /* NTLMSSP_MESSAGE_TYPE */
755 /*******************************************************************
756 Reads or writes an RPC_AUTH_VERIFIER structure.
757 ********************************************************************/
759 BOOL
smb_io_rpc_auth_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
764 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
768 if(!prs_string("signature", ps
, depth
, rav
->signature
,
769 sizeof(rav
->signature
)))
771 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
)) /* NTLMSSP_MESSAGE_TYPE */
777 /*******************************************************************
778 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
779 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
780 I have to look at that later...
781 ********************************************************************/
783 BOOL
smb_io_rpc_netsec_verifier(const char *desc
, RPC_AUTH_VERIFIER
*rav
, prs_struct
*ps
, int depth
)
788 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_verifier");
791 if(!prs_string("signature", ps
, depth
, rav
->signature
, sizeof(rav
->signature
)))
793 if(!prs_uint32("msg_type ", ps
, depth
, &rav
->msg_type
))
799 /*******************************************************************
800 Inits an RPC_AUTH_NTLMSSP_NEG structure.
801 ********************************************************************/
803 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG
*neg
,
805 const char *myname
, const char *domain
)
807 int len_myname
= strlen(myname
);
808 int len_domain
= strlen(domain
);
810 neg
->neg_flgs
= neg_flgs
; /* 0x00b2b3 */
812 init_str_hdr(&neg
->hdr_domain
, len_domain
, len_domain
, 0x20 + len_myname
);
813 init_str_hdr(&neg
->hdr_myname
, len_myname
, len_myname
, 0x20);
815 fstrcpy(neg
->myname
, myname
);
816 fstrcpy(neg
->domain
, domain
);
819 /*******************************************************************
820 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
822 *** lkclXXXX HACK ALERT! ***
823 ********************************************************************/
825 BOOL
smb_io_rpc_auth_ntlmssp_neg(const char *desc
, RPC_AUTH_NTLMSSP_NEG
*neg
, prs_struct
*ps
, int depth
)
827 uint32 start_offset
= prs_offset(ps
);
831 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_neg");
834 if(!prs_uint32("neg_flgs ", ps
, depth
, &neg
->neg_flgs
))
839 uint32 old_neg_flags
= neg
->neg_flgs
;
845 neg
->neg_flgs
= old_neg_flags
;
847 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
849 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
852 old_offset
= prs_offset(ps
);
854 if(!prs_set_offset(ps
, neg
->hdr_myname
.buffer
+ start_offset
- 12))
857 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
858 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
861 old_offset
+= neg
->hdr_myname
.str_str_len
;
863 if(!prs_set_offset(ps
, neg
->hdr_domain
.buffer
+ start_offset
- 12))
866 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
867 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
870 old_offset
+= neg
->hdr_domain
.str_str_len
;
872 if(!prs_set_offset(ps
, old_offset
))
876 if(!smb_io_strhdr("hdr_domain", &neg
->hdr_domain
, ps
, depth
))
878 if(!smb_io_strhdr("hdr_myname", &neg
->hdr_myname
, ps
, depth
))
881 if(!prs_uint8s(True
, "myname", ps
, depth
, (uint8
*)neg
->myname
,
882 MIN(neg
->hdr_myname
.str_str_len
, sizeof(neg
->myname
))))
884 if(!prs_uint8s(True
, "domain", ps
, depth
, (uint8
*)neg
->domain
,
885 MIN(neg
->hdr_domain
.str_str_len
, sizeof(neg
->domain
))))
892 /*******************************************************************
893 creates an RPC_AUTH_NTLMSSP_CHAL structure.
894 ********************************************************************/
896 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL
*chl
,
900 chl
->unknown_1
= 0x0;
901 chl
->unknown_2
= 0x00000028;
902 chl
->neg_flags
= neg_flags
; /* 0x0082b1 */
904 memcpy(chl
->challenge
, challenge
, sizeof(chl
->challenge
));
905 memset((char *)chl
->reserved
, '\0', sizeof(chl
->reserved
));
908 /*******************************************************************
909 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
910 ********************************************************************/
912 BOOL
smb_io_rpc_auth_ntlmssp_chal(const char *desc
, RPC_AUTH_NTLMSSP_CHAL
*chl
, prs_struct
*ps
, int depth
)
917 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chal");
920 if(!prs_uint32("unknown_1", ps
, depth
, &chl
->unknown_1
)) /* 0x0000 0000 */
922 if(!prs_uint32("unknown_2", ps
, depth
, &chl
->unknown_2
)) /* 0x0000 b2b3 */
924 if(!prs_uint32("neg_flags", ps
, depth
, &chl
->neg_flags
)) /* 0x0000 82b1 */
927 if(!prs_uint8s (False
, "challenge", ps
, depth
, chl
->challenge
, sizeof(chl
->challenge
)))
929 if(!prs_uint8s (False
, "reserved ", ps
, depth
, chl
->reserved
, sizeof(chl
->reserved
)))
935 /*******************************************************************
936 Inits an RPC_AUTH_NTLMSSP_RESP structure.
938 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
939 *** lkclXXXX the actual offset is at the start of the auth verifier ***
940 ********************************************************************/
942 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP
*rsp
,
943 uchar lm_resp
[24], uchar nt_resp
[24],
944 const char *domain
, const char *user
, const char *wks
,
948 int dom_len
= strlen(domain
);
949 int wks_len
= strlen(wks
);
950 int usr_len
= strlen(user
);
951 int lm_len
= (lm_resp
!= NULL
) ? 24 : 0;
952 int nt_len
= (nt_resp
!= NULL
) ? 24 : 0;
954 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
956 #ifdef DEBUG_PASSWORD
957 DEBUG(100,("lm_resp\n"));
958 dump_data(100, (char *)lm_resp
, 24);
959 DEBUG(100,("nt_resp\n"));
960 dump_data(100, (char *)nt_resp
, 24);
963 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
964 domain
, user
, wks
, neg_flags
));
968 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
974 init_str_hdr(&rsp
->hdr_domain
, dom_len
, dom_len
, offset
);
977 init_str_hdr(&rsp
->hdr_usr
, usr_len
, usr_len
, offset
);
980 init_str_hdr(&rsp
->hdr_wks
, wks_len
, wks_len
, offset
);
983 init_str_hdr(&rsp
->hdr_lm_resp
, lm_len
, lm_len
, offset
);
986 init_str_hdr(&rsp
->hdr_nt_resp
, nt_len
, nt_len
, offset
);
989 init_str_hdr(&rsp
->hdr_sess_key
, 0, 0, offset
);
991 rsp
->neg_flags
= neg_flags
;
993 memcpy(rsp
->lm_resp
, lm_resp
, 24);
994 memcpy(rsp
->nt_resp
, nt_resp
, 24);
996 if (neg_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
997 rpcstr_push(rsp
->domain
, domain
, sizeof(rsp
->domain
), 0);
998 rpcstr_push(rsp
->user
, user
, sizeof(rsp
->user
), 0);
999 rpcstr_push(rsp
->wks
, wks
, sizeof(rsp
->wks
), 0);
1001 fstrcpy(rsp
->domain
, domain
);
1002 fstrcpy(rsp
->user
, user
);
1003 fstrcpy(rsp
->wks
, wks
);
1006 rsp
->sess_key
[0] = 0;
1009 /*******************************************************************
1010 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
1012 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
1013 *** lkclXXXX the actual offset is at the start of the auth verifier ***
1014 ********************************************************************/
1016 BOOL
smb_io_rpc_auth_ntlmssp_resp(const char *desc
, RPC_AUTH_NTLMSSP_RESP
*rsp
, prs_struct
*ps
, int depth
)
1021 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_resp");
1031 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
1033 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
1035 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
1037 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
1039 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1041 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1044 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1047 old_offset
= prs_offset(ps
);
1049 if(!prs_set_offset(ps
, rsp
->hdr_domain
.buffer
+ 0xc))
1052 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1053 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1056 old_offset
+= rsp
->hdr_domain
.str_str_len
;
1058 if(!prs_set_offset(ps
, rsp
->hdr_usr
.buffer
+ 0xc))
1061 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1062 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1065 old_offset
+= rsp
->hdr_usr
.str_str_len
;
1067 if(!prs_set_offset(ps
, rsp
->hdr_wks
.buffer
+ 0xc))
1070 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1071 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1074 old_offset
+= rsp
->hdr_wks
.str_str_len
;
1076 if(!prs_set_offset(ps
, rsp
->hdr_lm_resp
.buffer
+ 0xc))
1079 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1080 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1083 old_offset
+= rsp
->hdr_lm_resp
.str_str_len
;
1085 if(!prs_set_offset(ps
, rsp
->hdr_nt_resp
.buffer
+ 0xc))
1088 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1089 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1092 old_offset
+= rsp
->hdr_nt_resp
.str_str_len
;
1094 if (rsp
->hdr_sess_key
.str_str_len
!= 0) {
1096 if(!prs_set_offset(ps
, rsp
->hdr_sess_key
.buffer
+ 0x10))
1099 old_offset
+= rsp
->hdr_sess_key
.str_str_len
;
1101 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1102 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1106 if(!prs_set_offset(ps
, old_offset
))
1110 if(!smb_io_strhdr("hdr_lm_resp ", &rsp
->hdr_lm_resp
, ps
, depth
))
1112 if(!smb_io_strhdr("hdr_nt_resp ", &rsp
->hdr_nt_resp
, ps
, depth
))
1114 if(!smb_io_strhdr("hdr_domain ", &rsp
->hdr_domain
, ps
, depth
))
1116 if(!smb_io_strhdr("hdr_user ", &rsp
->hdr_usr
, ps
, depth
))
1118 if(!smb_io_strhdr("hdr_wks ", &rsp
->hdr_wks
, ps
, depth
))
1120 if(!smb_io_strhdr("hdr_sess_key", &rsp
->hdr_sess_key
, ps
, depth
))
1123 if(!prs_uint32("neg_flags", ps
, depth
, &rsp
->neg_flags
)) /* 0x0000 82b1 */
1126 if(!prs_uint8s(True
, "domain ", ps
, depth
, (uint8
*)rsp
->domain
,
1127 MIN(rsp
->hdr_domain
.str_str_len
, sizeof(rsp
->domain
))))
1130 if(!prs_uint8s(True
, "user ", ps
, depth
, (uint8
*)rsp
->user
,
1131 MIN(rsp
->hdr_usr
.str_str_len
, sizeof(rsp
->user
))))
1134 if(!prs_uint8s(True
, "wks ", ps
, depth
, (uint8
*)rsp
->wks
,
1135 MIN(rsp
->hdr_wks
.str_str_len
, sizeof(rsp
->wks
))))
1137 if(!prs_uint8s(False
, "lm_resp ", ps
, depth
, (uint8
*)rsp
->lm_resp
,
1138 MIN(rsp
->hdr_lm_resp
.str_str_len
, sizeof(rsp
->lm_resp
))))
1140 if(!prs_uint8s(False
, "nt_resp ", ps
, depth
, (uint8
*)rsp
->nt_resp
,
1141 MIN(rsp
->hdr_nt_resp
.str_str_len
, sizeof(rsp
->nt_resp
))))
1143 if(!prs_uint8s(False
, "sess_key", ps
, depth
, (uint8
*)rsp
->sess_key
,
1144 MIN(rsp
->hdr_sess_key
.str_str_len
, sizeof(rsp
->sess_key
))))
1151 /*******************************************************************
1152 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1153 ********************************************************************/
1155 BOOL
rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
, uint32 crc32
, uint32 seq_num
)
1160 if (chk
->crc32
!= crc32
||
1161 chk
->ver
!= NTLMSSP_SIGN_VERSION
||
1162 chk
->seq_num
!= seq_num
)
1164 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1165 chk
->crc32
, chk
->ver
, chk
->seq_num
));
1167 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1168 crc32
, NTLMSSP_SIGN_VERSION
, seq_num
));
1174 /*******************************************************************
1175 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1176 ********************************************************************/
1178 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK
*chk
,
1179 uint32 ver
, uint32 crc32
, uint32 seq_num
)
1182 chk
->reserved
= 0x0;
1184 chk
->seq_num
= seq_num
;
1187 /*******************************************************************
1188 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1189 ********************************************************************/
1191 BOOL
smb_io_rpc_auth_ntlmssp_chk(const char *desc
, RPC_AUTH_NTLMSSP_CHK
*chk
, prs_struct
*ps
, int depth
)
1196 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_ntlmssp_chk");
1202 if(!prs_uint32("ver ", ps
, depth
, &chk
->ver
))
1204 if(!prs_uint32("reserved", ps
, depth
, &chk
->reserved
))
1206 if(!prs_uint32("crc32 ", ps
, depth
, &chk
->crc32
))
1208 if(!prs_uint32("seq_num ", ps
, depth
, &chk
->seq_num
))
1214 /*******************************************************************
1215 creates an RPC_AUTH_NETSEC_NEG structure.
1216 ********************************************************************/
1217 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG
*neg
,
1218 const char *domain
, const char *myname
)
1222 fstrcpy(neg
->domain
, domain
);
1223 fstrcpy(neg
->myname
, myname
);
1226 /*******************************************************************
1227 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1228 ********************************************************************/
1230 BOOL
smb_io_rpc_auth_netsec_neg(const char *desc
, RPC_AUTH_NETSEC_NEG
*neg
,
1231 prs_struct
*ps
, int depth
)
1236 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_neg");
1242 if(!prs_uint32("type1", ps
, depth
, &neg
->type1
))
1244 if(!prs_uint32("type2", ps
, depth
, &neg
->type2
))
1246 if(!prs_string("domain ", ps
, depth
, neg
->domain
, sizeof(neg
->domain
)))
1248 if(!prs_string("myname ", ps
, depth
, neg
->myname
, sizeof(neg
->myname
)))
1254 /*******************************************************************
1255 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1256 ********************************************************************/
1257 BOOL
smb_io_rpc_auth_netsec_chk(const char *desc
, int auth_len
,
1258 RPC_AUTH_NETSEC_CHK
* chk
,
1259 prs_struct
*ps
, int depth
)
1264 prs_debug(ps
, depth
, desc
, "smb_io_rpc_auth_netsec_chk");
1267 if ( !prs_uint8s(False
, "sig ", ps
, depth
, chk
->sig
, sizeof(chk
->sig
)) )
1270 if ( !prs_uint8s(False
, "seq_num", ps
, depth
, chk
->seq_num
, sizeof(chk
->seq_num
)) )
1273 if ( !prs_uint8s(False
, "packet_digest", ps
, depth
, chk
->packet_digest
, sizeof(chk
->packet_digest
)) )
1276 if ( auth_len
== RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN
) {
1277 if ( !prs_uint8s(False
, "confounder", ps
, depth
, chk
->confounder
, sizeof(chk
->confounder
)) )