search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14146: Just some typos.
[Samba/nascimento.git] / source3 / rpc_parse / parse_prs.c
blob474e93cc1f09d152dd80bede6c81a1a0b4ced816
1 /*
2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30 * Dump a prs to a file: from the current location through to the end.
31 **/
32 void prs_dump(char *name, int v, prs_struct *ps)
33 {
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37 /**
38 * Dump from the start of the prs to the current location.
39 **/
40 void prs_dump_before(char *name, int v, prs_struct *ps)
41 {
42 prs_dump_region(name, v, ps, 0, ps->data_offset);
43 }
44
45 /**
46 * Dump everything from the start of the prs up to the current location.
47 **/
48 void prs_dump_region(char *name, int v, prs_struct *ps,
49 int from_off, int to_off)
50 {
51 int fd, i;
52 pstring fname;
53 ssize_t sz;
54 if (DEBUGLEVEL < 50) return;
55 for (i=1;i<100;i++) {
56 if (v != -1) {
57 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
58 } else {
59 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
60 }
61 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
62 if (fd != -1 || errno != EEXIST) break;
63 }
64 if (fd != -1) {
65 sz = write(fd, ps->data_p + from_off, to_off - from_off);
66 i = close(fd);
67 if ( (sz != to_off-from_off) || (i != 0) ) {
68 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
69 } else {
70 DEBUG(0,("created %s\n", fname));
71 }
72 }
73 }
74
75 /*******************************************************************
76 Debug output for parsing info
77
78 XXXX side-effect of this function is to increase the debug depth XXXX.
79
80 ********************************************************************/
81
82 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
83 {
84 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
85 }
86
87 /**
88 * Initialise an expandable parse structure.
89 *
90 * @param size Initial buffer size. If >0, a new buffer will be
91 * created with malloc().
92 *
93 * @return False if allocation fails, otherwise True.
94 **/
95
96 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
97 {
98 ZERO_STRUCTP(ps);
99 ps->io = io;
100 ps->bigendian_data = RPC_LITTLE_ENDIAN;
101 ps->align = RPC_PARSE_ALIGN;
102 ps->is_dynamic = False;
103 ps->data_offset = 0;
104 ps->buffer_size = 0;
105 ps->data_p = NULL;
106 ps->mem_ctx = ctx;
107
108 if (size != 0) {
109 ps->buffer_size = size;
110 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
111 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
112 return False;
113 }
114 memset(ps->data_p, '\0', (size_t)size);
115 ps->is_dynamic = True; /* We own this memory. */
116 } else if (MARSHALLING(ps)) {
117 /* If size is zero and we're marshalling we should allocate memory on demand. */
118 ps->is_dynamic = True;
119 }
120
121 return True;
122 }
123
124 /*******************************************************************
125 Delete the memory in a parse structure - if we own it.
126 ********************************************************************/
127
128 void prs_mem_free(prs_struct *ps)
129 {
130 if(ps->is_dynamic)
131 SAFE_FREE(ps->data_p);
132 ps->is_dynamic = False;
133 ps->buffer_size = 0;
134 ps->data_offset = 0;
135 }
136
137 /*******************************************************************
138 Clear the memory in a parse structure.
139 ********************************************************************/
140
141 void prs_mem_clear(prs_struct *ps)
142 {
143 if (ps->buffer_size)
144 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
145 }
146
147 /*******************************************************************
148 Allocate memory when unmarshalling... Always zero clears.
149 ********************************************************************/
150
151 #if defined(PARANOID_MALLOC_CHECKER)
152 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
153 #else
154 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
155 #endif
156 {
157 char *ret = NULL;
158
159 if (size) {
160 /* We can't call the type-safe version here. */
161 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
162 }
163 return ret;
164 }
165
166 /*******************************************************************
167 Return the current talloc context we're using.
168 ********************************************************************/
169
170 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
171 {
172 return ps->mem_ctx;
173 }
174
175 /*******************************************************************
176 Hand some already allocated memory to a prs_struct.
177 ********************************************************************/
178
179 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
180 {
181 ps->is_dynamic = is_dynamic;
182 ps->data_p = buf;
183 ps->buffer_size = size;
184 }
185
186 /*******************************************************************
187 Take some memory back from a prs_struct.
188 ********************************************************************/
189
190 char *prs_take_memory(prs_struct *ps, uint32 *psize)
191 {
192 char *ret = ps->data_p;
193 if(psize)
194 *psize = ps->buffer_size;
195 ps->is_dynamic = False;
196 prs_mem_free(ps);
197 return ret;
198 }
199
200 /*******************************************************************
201 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
202 ********************************************************************/
203
204 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
205 {
206 if (newsize > ps->buffer_size)
207 return prs_force_grow(ps, newsize - ps->buffer_size);
208
209 if (newsize < ps->buffer_size) {
210 ps->buffer_size = newsize;
211
212 /* newsize == 0 acts as a free and set pointer to NULL */
213 if (newsize == 0) {
214 SAFE_FREE(ps->data_p);
215 } else {
216 ps->data_p = SMB_REALLOC(ps->data_p, newsize);
217
218 if (ps->data_p == NULL) {
219 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
220 (unsigned int)newsize));
221 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
222 return False;
223 }
224 }
225 }
226
227 return True;
228 }
229
230 /*******************************************************************
231 Attempt, if needed, to grow a data buffer.
232 Also depends on the data stream mode (io).
233 ********************************************************************/
234
235 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
236 {
237 uint32 new_size;
238
239 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
240
241 if(ps->data_offset + extra_space <= ps->buffer_size)
242 return True;
243
244 /*
245 * We cannot grow the buffer if we're not reading
246 * into the prs_struct, or if we don't own the memory.
247 */
248
249 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
250 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
251 (unsigned int)extra_space));
252 return False;
253 }
254
255 /*
256 * Decide how much extra space we really need.
257 */
258
259 extra_space -= (ps->buffer_size - ps->data_offset);
260 if(ps->buffer_size == 0) {
261 /*
262 * Ensure we have at least a PDU's length, or extra_space, whichever
263 * is greater.
264 */
265
266 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
267
268 if((ps->data_p = SMB_MALLOC(new_size)) == NULL) {
269 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
270 return False;
271 }
272 memset(ps->data_p, '\0', (size_t)new_size );
273 } else {
274 /*
275 * If the current buffer size is bigger than the space needed, just
276 * double it, else add extra_space.
277 */
278 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
279
280 if ((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
281 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
282 (unsigned int)new_size));
283 return False;
284 }
285
286 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
287 }
288 ps->buffer_size = new_size;
289
290 return True;
291 }
292
293 /*******************************************************************
294 Attempt to force a data buffer to grow by len bytes.
295 This is only used when appending more data onto a prs_struct
296 when reading an rpc reply, before unmarshalling it.
297 ********************************************************************/
298
299 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
300 {
301 uint32 new_size = ps->buffer_size + extra_space;
302
303 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
304 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
305 (unsigned int)extra_space));
306 return False;
307 }
308
309 if((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
310 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
311 (unsigned int)new_size));
312 return False;
313 }
314
315 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
316
317 ps->buffer_size = new_size;
318
319 return True;
320 }
321
322 /*******************************************************************
323 Get the data pointer (external interface).
324 ********************************************************************/
325
326 char *prs_data_p(prs_struct *ps)
327 {
328 return ps->data_p;
329 }
330
331 /*******************************************************************
332 Get the current data size (external interface).
333 ********************************************************************/
334
335 uint32 prs_data_size(prs_struct *ps)
336 {
337 return ps->buffer_size;
338 }
339
340 /*******************************************************************
341 Fetch the current offset (external interface).
342 ********************************************************************/
343
344 uint32 prs_offset(prs_struct *ps)
345 {
346 return ps->data_offset;
347 }
348
349 /*******************************************************************
350 Set the current offset (external interface).
351 ********************************************************************/
352
353 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
354 {
355 if(offset <= ps->data_offset) {
356 ps->data_offset = offset;
357 return True;
358 }
359
360 if(!prs_grow(ps, offset - ps->data_offset))
361 return False;
362
363 ps->data_offset = offset;
364 return True;
365 }
366
367 /*******************************************************************
368 Append the data from one parse_struct into another.
369 ********************************************************************/
370
371 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
372 {
373 if (prs_offset(src) == 0)
374 return True;
375
376 if(!prs_grow(dst, prs_offset(src)))
377 return False;
378
379 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
380 dst->data_offset += prs_offset(src);
381
382 return True;
383 }
384
385 /*******************************************************************
386 Append some data from one parse_struct into another.
387 ********************************************************************/
388
389 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
390 {
391 if (len == 0)
392 return True;
393
394 if(!prs_grow(dst, len))
395 return False;
396
397 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
398 dst->data_offset += len;
399
400 return True;
401 }
402
403 /*******************************************************************
404 Append the data from a buffer into a parse_struct.
405 ********************************************************************/
406
407 BOOL prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
408 {
409 if (len == 0)
410 return True;
411
412 if(!prs_grow(dst, len))
413 return False;
414
415 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
416 dst->data_offset += len;
417
418 return True;
419 }
420
421 /*******************************************************************
422 Copy some data from a parse_struct into a buffer.
423 ********************************************************************/
424
425 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
426 {
427 if (len == 0)
428 return True;
429
430 if(!prs_mem_get(src, len))
431 return False;
432
433 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
434 src->data_offset += len;
435
436 return True;
437 }
438
439 /*******************************************************************
440 Copy all the data from a parse_struct into a buffer.
441 ********************************************************************/
442
443 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
444 {
445 uint32 len = prs_offset(src);
446
447 if (!len)
448 return True;
449
450 prs_set_offset(src, 0);
451 return prs_copy_data_out(dst, src, len);
452 }
453
454 /*******************************************************************
455 Set the data as X-endian (external interface).
456 ********************************************************************/
457
458 void prs_set_endian_data(prs_struct *ps, BOOL endian)
459 {
460 ps->bigendian_data = endian;
461 }
462
463 /*******************************************************************
464 Align a the data_len to a multiple of align bytes - filling with
465 zeros.
466 ********************************************************************/
467
468 BOOL prs_align(prs_struct *ps)
469 {
470 uint32 mod = ps->data_offset & (ps->align-1);
471
472 if (ps->align != 0 && mod != 0) {
473 uint32 extra_space = (ps->align - mod);
474 if(!prs_grow(ps, extra_space))
475 return False;
476 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
477 ps->data_offset += extra_space;
478 }
479
480 return True;
481 }
482
483 /******************************************************************
484 Align on a 2 byte boundary
485 *****************************************************************/
486
487 BOOL prs_align_uint16(prs_struct *ps)
488 {
489 BOOL ret;
490 uint8 old_align = ps->align;
491
492 ps->align = 2;
493 ret = prs_align(ps);
494 ps->align = old_align;
495
496 return ret;
497 }
498
499 /******************************************************************
500 Align on a 8 byte boundary
501 *****************************************************************/
502
503 BOOL prs_align_uint64(prs_struct *ps)
504 {
505 BOOL ret;
506 uint8 old_align = ps->align;
507
508 ps->align = 8;
509 ret = prs_align(ps);
510 ps->align = old_align;
511
512 return ret;
513 }
514
515 /******************************************************************
516 Align on a specific byte boundary
517 *****************************************************************/
518
519 BOOL prs_align_custom(prs_struct *ps, uint8 boundary)
520 {
521 BOOL ret;
522 uint8 old_align = ps->align;
523
524 ps->align = boundary;
525 ret = prs_align(ps);
526 ps->align = old_align;
527
528 return ret;
529 }
530
531
532
533 /*******************************************************************
534 Align only if required (for the unistr2 string mainly)
535 ********************************************************************/
536
537 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
538 {
539 if (needed==0)
540 return True;
541 else
542 return prs_align(ps);
543 }
544
545 /*******************************************************************
546 Ensure we can read/write to a given offset.
547 ********************************************************************/
548
549 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
550 {
551 if(UNMARSHALLING(ps)) {
552 /*
553 * If reading, ensure that we can read the requested size item.
554 */
555 if (ps->data_offset + extra_size > ps->buffer_size) {
556 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
557 "buffer by %u bytes.\n",
558 (unsigned int)extra_size,
559 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
560 return NULL;
561 }
562 } else {
563 /*
564 * Writing - grow the buffer if needed.
565 */
566 if(!prs_grow(ps, extra_size))
567 return NULL;
568 }
569 return &ps->data_p[ps->data_offset];
570 }
571
572 /*******************************************************************
573 Change the struct type.
574 ********************************************************************/
575
576 void prs_switch_type(prs_struct *ps, BOOL io)
577 {
578 if ((ps->io ^ io) == True)
579 ps->io=io;
580 }
581
582 /*******************************************************************
583 Force a prs_struct to be dynamic even when it's size is 0.
584 ********************************************************************/
585
586 void prs_force_dynamic(prs_struct *ps)
587 {
588 ps->is_dynamic=True;
589 }
590
591 /*******************************************************************
592 Associate a session key with a parse struct.
593 ********************************************************************/
594
595 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
596 {
597 ps->sess_key = sess_key;
598 }
599
600 /*******************************************************************
601 Stream a uint8.
602 ********************************************************************/
603
604 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
605 {
606 char *q = prs_mem_get(ps, 1);
607 if (q == NULL)
608 return False;
609
610 if (UNMARSHALLING(ps))
611 *data8 = CVAL(q,0);
612 else
613 SCVAL(q,0,*data8);
614
615 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
616
617 ps->data_offset += 1;
618
619 return True;
620 }
621
622 /*******************************************************************
623 Stream a uint16* (allocate memory if unmarshalling)
624 ********************************************************************/
625
626 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
627 void **data, size_t data_size,
628 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
629 {
630 uint32 data_p;
631
632 /* output f000baaa to stream if the pointer is non-zero. */
633
634 data_p = *data ? 0xf000baaa : 0;
635
636 if ( !prs_uint32("ptr", ps, depth, &data_p ))
637 return False;
638
639 /* we're done if there is no data */
640
641 if ( !data_p )
642 return True;
643
644 if (UNMARSHALLING(ps)) {
645 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
646 return False;
647 }
648
649 return prs_fn(name, ps, depth, *data);
650 }
651
652
653 /*******************************************************************
654 Stream a uint16.
655 ********************************************************************/
656
657 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
658 {
659 char *q = prs_mem_get(ps, sizeof(uint16));
660 if (q == NULL)
661 return False;
662
663 if (UNMARSHALLING(ps)) {
664 if (ps->bigendian_data)
665 *data16 = RSVAL(q,0);
666 else
667 *data16 = SVAL(q,0);
668 } else {
669 if (ps->bigendian_data)
670 RSSVAL(q,0,*data16);
671 else
672 SSVAL(q,0,*data16);
673 }
674
675 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
676
677 ps->data_offset += sizeof(uint16);
678
679 return True;
680 }
681
682 /*******************************************************************
683 Stream a uint32.
684 ********************************************************************/
685
686 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
687 {
688 char *q = prs_mem_get(ps, sizeof(uint32));
689 if (q == NULL)
690 return False;
691
692 if (UNMARSHALLING(ps)) {
693 if (ps->bigendian_data)
694 *data32 = RIVAL(q,0);
695 else
696 *data32 = IVAL(q,0);
697 } else {
698 if (ps->bigendian_data)
699 RSIVAL(q,0,*data32);
700 else
701 SIVAL(q,0,*data32);
702 }
703
704 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
705
706 ps->data_offset += sizeof(uint32);
707
708 return True;
709 }
710
711 /*******************************************************************
712 Stream an int32.
713 ********************************************************************/
714
715 BOOL prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
716 {
717 char *q = prs_mem_get(ps, sizeof(int32));
718 if (q == NULL)
719 return False;
720
721 if (UNMARSHALLING(ps)) {
722 if (ps->bigendian_data)
723 *data32 = RIVALS(q,0);
724 else
725 *data32 = IVALS(q,0);
726 } else {
727 if (ps->bigendian_data)
728 RSIVALS(q,0,*data32);
729 else
730 SIVALS(q,0,*data32);
731 }
732
733 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
734
735 ps->data_offset += sizeof(int32);
736
737 return True;
738 }
739
740 /*******************************************************************
741 Stream a NTSTATUS
742 ********************************************************************/
743
744 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
745 {
746 char *q = prs_mem_get(ps, sizeof(uint32));
747 if (q == NULL)
748 return False;
749
750 if (UNMARSHALLING(ps)) {
751 if (ps->bigendian_data)
752 *status = NT_STATUS(RIVAL(q,0));
753 else
754 *status = NT_STATUS(IVAL(q,0));
755 } else {
756 if (ps->bigendian_data)
757 RSIVAL(q,0,NT_STATUS_V(*status));
758 else
759 SIVAL(q,0,NT_STATUS_V(*status));
760 }
761
762 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
763 nt_errstr(*status)));
764
765 ps->data_offset += sizeof(uint32);
766
767 return True;
768 }
769
770 /*******************************************************************
771 Stream a WERROR
772 ********************************************************************/
773
774 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
775 {
776 char *q = prs_mem_get(ps, sizeof(uint32));
777 if (q == NULL)
778 return False;
779
780 if (UNMARSHALLING(ps)) {
781 if (ps->bigendian_data)
782 *status = W_ERROR(RIVAL(q,0));
783 else
784 *status = W_ERROR(IVAL(q,0));
785 } else {
786 if (ps->bigendian_data)
787 RSIVAL(q,0,W_ERROR_V(*status));
788 else
789 SIVAL(q,0,W_ERROR_V(*status));
790 }
791
792 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
793 dos_errstr(*status)));
794
795 ps->data_offset += sizeof(uint32);
796
797 return True;
798 }
799
800
801 /******************************************************************
802 Stream an array of uint8s. Length is number of uint8s.
803 ********************************************************************/
804
805 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
806 {
807 int i;
808 char *q = prs_mem_get(ps, len);
809 if (q == NULL)
810 return False;
811
812 if (UNMARSHALLING(ps)) {
813 for (i = 0; i < len; i++)
814 data8s[i] = CVAL(q,i);
815 } else {
816 for (i = 0; i < len; i++)
817 SCVAL(q, i, data8s[i]);
818 }
819
820 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
821 if (charmode)
822 print_asc(5, (unsigned char*)data8s, len);
823 else {
824 for (i = 0; i < len; i++)
825 DEBUG(5,("%02x ", data8s[i]));
826 }
827 DEBUG(5,("\n"));
828
829 ps->data_offset += len;
830
831 return True;
832 }
833
834 /******************************************************************
835 Stream an array of uint16s. Length is number of uint16s.
836 ********************************************************************/
837
838 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
839 {
840 int i;
841 char *q = prs_mem_get(ps, len * sizeof(uint16));
842 if (q == NULL)
843 return False;
844
845 if (UNMARSHALLING(ps)) {
846 if (ps->bigendian_data) {
847 for (i = 0; i < len; i++)
848 data16s[i] = RSVAL(q, 2*i);
849 } else {
850 for (i = 0; i < len; i++)
851 data16s[i] = SVAL(q, 2*i);
852 }
853 } else {
854 if (ps->bigendian_data) {
855 for (i = 0; i < len; i++)
856 RSSVAL(q, 2*i, data16s[i]);
857 } else {
858 for (i = 0; i < len; i++)
859 SSVAL(q, 2*i, data16s[i]);
860 }
861 }
862
863 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
864 if (charmode)
865 print_asc(5, (unsigned char*)data16s, 2*len);
866 else {
867 for (i = 0; i < len; i++)
868 DEBUG(5,("%04x ", data16s[i]));
869 }
870 DEBUG(5,("\n"));
871
872 ps->data_offset += (len * sizeof(uint16));
873
874 return True;
875 }
876
877 /******************************************************************
878 Start using a function for streaming unicode chars. If unmarshalling,
879 output must be little-endian, if marshalling, input must be little-endian.
880 ********************************************************************/
881
882 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
883 char *in_buf, char *out_buf, int len)
884 {
885 int i;
886
887 if (UNMARSHALLING(ps)) {
888 if (ps->bigendian_data) {
889 for (i = 0; i < len; i++)
890 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
891 } else {
892 for (i = 0; i < len; i++)
893 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
894 }
895 } else {
896 if (ps->bigendian_data) {
897 for (i = 0; i < len; i++)
898 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
899 } else {
900 for (i = 0; i < len; i++)
901 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
902 }
903 }
904
905 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
906 if (charmode)
907 print_asc(5, (unsigned char*)out_buf, 2*len);
908 else {
909 for (i = 0; i < len; i++)
910 DEBUG(5,("%04x ", out_buf[i]));
911 }
912 DEBUG(5,("\n"));
913 }
914
915 /******************************************************************
916 Stream a unistr. Always little endian.
917 ********************************************************************/
918
919 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
920 {
921 char *q = prs_mem_get(ps, len * sizeof(uint16));
922 if (q == NULL)
923 return False;
924
925 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
926 ps->data_offset += (len * sizeof(uint16));
927
928 return True;
929 }
930
931 /******************************************************************
932 Stream an array of uint32s. Length is number of uint32s.
933 ********************************************************************/
934
935 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
936 {
937 int i;
938 char *q = prs_mem_get(ps, len * sizeof(uint32));
939 if (q == NULL)
940 return False;
941
942 if (UNMARSHALLING(ps)) {
943 if (ps->bigendian_data) {
944 for (i = 0; i < len; i++)
945 data32s[i] = RIVAL(q, 4*i);
946 } else {
947 for (i = 0; i < len; i++)
948 data32s[i] = IVAL(q, 4*i);
949 }
950 } else {
951 if (ps->bigendian_data) {
952 for (i = 0; i < len; i++)
953 RSIVAL(q, 4*i, data32s[i]);
954 } else {
955 for (i = 0; i < len; i++)
956 SIVAL(q, 4*i, data32s[i]);
957 }
958 }
959
960 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
961 if (charmode)
962 print_asc(5, (unsigned char*)data32s, 4*len);
963 else {
964 for (i = 0; i < len; i++)
965 DEBUG(5,("%08x ", data32s[i]));
966 }
967 DEBUG(5,("\n"));
968
969 ps->data_offset += (len * sizeof(uint32));
970
971 return True;
972 }
973
974 /******************************************************************
975 Stream an array of unicode string, length/buffer specified separately,
976 in uint16 chars. The unicode string is already in little-endian format.
977 ********************************************************************/
978
979 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
980 {
981 char *p;
982 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
983 if (q == NULL)
984 return False;
985
986 if (UNMARSHALLING(ps)) {
987 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
988 if (str->buffer == NULL)
989 return False;
990 }
991
992 /* If the string is empty, we don't have anything to stream */
993 if (str->buf_len==0)
994 return True;
995
996 p = (char *)str->buffer;
997
998 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
999
1000 ps->data_offset += (str->buf_len * sizeof(uint16));
1001
1002 return True;
1003 }
1004
1005 /******************************************************************
1006 Stream a "not" unicode string, length/buffer specified separately,
1007 in byte chars. String is in little-endian format.
1008 ********************************************************************/
1009
1010 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
1011 {
1012 char *p;
1013 char *q = prs_mem_get(ps, buf->buf_len);
1014 if (q == NULL)
1015 return False;
1016
1017 if (UNMARSHALLING(ps)) {
1018 if (buf->buf_len > buf->buf_max_len) {
1019 return False;
1020 }
1021 if ( buf->buf_max_len ) {
1022 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
1023 if ( buf->buffer == NULL )
1024 return False;
1025 }
1026 }
1027
1028 p = (char *)buf->buffer;
1029
1030 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
1031 ps->data_offset += buf->buf_len;
1032
1033 return True;
1034 }
1035
1036 /******************************************************************
1037 Stream a string, length/buffer specified separately,
1038 in uint8 chars.
1039 ********************************************************************/
1040
1041 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
1042 {
1043 unsigned int i;
1044 char *q = prs_mem_get(ps, str->str_str_len);
1045 if (q == NULL)
1046 return False;
1047
1048 if (UNMARSHALLING(ps)) {
1049 if (str->str_str_len > str->str_max_len) {
1050 return False;
1051 }
1052 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1053 if (str->buffer == NULL)
1054 return False;
1055 }
1056
1057 if (UNMARSHALLING(ps)) {
1058 for (i = 0; i < str->str_str_len; i++)
1059 str->buffer[i] = CVAL(q,i);
1060 } else {
1061 for (i = 0; i < str->str_str_len; i++)
1062 SCVAL(q, i, str->buffer[i]);
1063 }
1064
1065 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1066 if (charmode)
1067 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1068 else {
1069 for (i = 0; i < str->str_str_len; i++)
1070 DEBUG(5,("%02x ", str->buffer[i]));
1071 }
1072 DEBUG(5,("\n"));
1073
1074 ps->data_offset += str->str_str_len;
1075
1076 return True;
1077 }
1078
1079 /******************************************************************
1080 Stream a unicode string, length/buffer specified separately,
1081 in uint16 chars. The unicode string is already in little-endian format.
1082 ********************************************************************/
1083
1084 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1085 {
1086 char *p;
1087 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1088 if (q == NULL)
1089 return False;
1090
1091 /* If the string is empty, we don't have anything to stream */
1092 if (str->uni_str_len==0)
1093 return True;
1094
1095 if (UNMARSHALLING(ps)) {
1096 if (str->uni_str_len > str->uni_max_len) {
1097 return False;
1098 }
1099 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1100 if (str->buffer == NULL)
1101 return False;
1102 }
1103
1104 p = (char *)str->buffer;
1105
1106 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1107
1108 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1109
1110 return True;
1111 }
1112
1113 /******************************************************************
1114 Stream a unicode string, length/buffer specified separately,
1115 in uint16 chars. The unicode string is already in little-endian format.
1116 ********************************************************************/
1117
1118 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1119 {
1120 char *p;
1121 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1122 if (q == NULL)
1123 return False;
1124
1125 if (UNMARSHALLING(ps)) {
1126 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1127 if (str->str.buffer == NULL)
1128 return False;
1129 }
1130
1131 p = (char *)str->str.buffer;
1132
1133 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1134 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1135
1136 return True;
1137 }
1138
1139 /*******************************************************************
1140 Stream a unicode null-terminated string. As the string is already
1141 in little-endian format then do it as a stream of bytes.
1142 ********************************************************************/
1143
1144 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1145 {
1146 unsigned int len = 0;
1147 unsigned char *p = (unsigned char *)str->buffer;
1148 uint8 *start;
1149 char *q;
1150 uint32 max_len;
1151 uint16* ptr;
1152
1153 if (MARSHALLING(ps)) {
1154
1155 for(len = 0; str->buffer[len] != 0; len++)
1156 ;
1157
1158 q = prs_mem_get(ps, (len+1)*2);
1159 if (q == NULL)
1160 return False;
1161
1162 start = (uint8*)q;
1163
1164 for(len = 0; str->buffer[len] != 0; len++) {
1165 if(ps->bigendian_data) {
1166 /* swap bytes - p is little endian, q is big endian. */
1167 q[0] = (char)p[1];
1168 q[1] = (char)p[0];
1169 p += 2;
1170 q += 2;
1171 }
1172 else
1173 {
1174 q[0] = (char)p[0];
1175 q[1] = (char)p[1];
1176 p += 2;
1177 q += 2;
1178 }
1179 }
1180
1181 /*
1182 * even if the string is 'empty' (only an \0 char)
1183 * at this point the leading \0 hasn't been parsed.
1184 * so parse it now
1185 */
1186
1187 q[0] = 0;
1188 q[1] = 0;
1189 q += 2;
1190
1191 len++;
1192
1193 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1194 print_asc(5, (unsigned char*)start, 2*len);
1195 DEBUG(5, ("\n"));
1196 }
1197 else { /* unmarshalling */
1198
1199 uint32 alloc_len = 0;
1200 q = ps->data_p + prs_offset(ps);
1201
1202 /*
1203 * Work out how much space we need and talloc it.
1204 */
1205 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1206
1207 /* the test of the value of *ptr helps to catch the circumstance
1208 where we have an emtpty (non-existent) string in the buffer */
1209 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1210 /* do nothing */
1211 ;
1212
1213 if (alloc_len < max_len)
1214 alloc_len += 1;
1215
1216 /* should we allocate anything at all? */
1217 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1218 if ((str->buffer == NULL) && (alloc_len > 0))
1219 return False;
1220
1221 p = (unsigned char *)str->buffer;
1222
1223 len = 0;
1224 /* the (len < alloc_len) test is to prevent us from overwriting
1225 memory that is not ours...if we get that far, we have a non-null
1226 terminated string in the buffer and have messed up somewhere */
1227 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1228 if(ps->bigendian_data)
1229 {
1230 /* swap bytes - q is big endian, p is little endian. */
1231 p[0] = (unsigned char)q[1];
1232 p[1] = (unsigned char)q[0];
1233 p += 2;
1234 q += 2;
1235 } else {
1236
1237 p[0] = (unsigned char)q[0];
1238 p[1] = (unsigned char)q[1];
1239 p += 2;
1240 q += 2;
1241 }
1242
1243 len++;
1244 }
1245 if (len < alloc_len) {
1246 /* NULL terminate the UNISTR */
1247 str->buffer[len++] = '\0';
1248 }
1249
1250 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1251 print_asc(5, (unsigned char*)str->buffer, 2*len);
1252 DEBUG(5, ("\n"));
1253 }
1254
1255 /* set the offset in the prs_struct; 'len' points to the
1256 terminiating NULL in the UNISTR so we need to go one more
1257 uint16 */
1258 ps->data_offset += (len)*2;
1259
1260 return True;
1261 }
1262
1263
1264 /*******************************************************************
1265 Stream a null-terminated string. len is strlen, and therefore does
1266 not include the null-termination character.
1267 ********************************************************************/
1268
1269 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1270 {
1271 char *q;
1272 int i;
1273 int len;
1274
1275 if (UNMARSHALLING(ps))
1276 len = strlen(&ps->data_p[ps->data_offset]);
1277 else
1278 len = strlen(str);
1279
1280 len = MIN(len, (max_buf_size-1));
1281
1282 q = prs_mem_get(ps, len+1);
1283 if (q == NULL)
1284 return False;
1285
1286 for(i = 0; i < len; i++) {
1287 if (UNMARSHALLING(ps))
1288 str[i] = q[i];
1289 else
1290 q[i] = str[i];
1291 }
1292
1293 /* The terminating null. */
1294 str[i] = '\0';
1295
1296 if (MARSHALLING(ps)) {
1297 q[i] = '\0';
1298 }
1299
1300 ps->data_offset += len+1;
1301
1302 dump_data(5+depth, q, len);
1303
1304 return True;
1305 }
1306
1307 BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **str)
1308 {
1309 size_t len;
1310 char *tmp_str;
1311
1312 if (UNMARSHALLING(ps)) {
1313 len = strlen(&ps->data_p[ps->data_offset]);
1314 } else {
1315 len = strlen(*str);
1316 }
1317
1318 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1319
1320 if (tmp_str == NULL) {
1321 return False;
1322 }
1323
1324 if (MARSHALLING(ps)) {
1325 strncpy(tmp_str, *str, len);
1326 }
1327
1328 if (!prs_string(name, ps, depth, tmp_str, len+1)) {
1329 return False;
1330 }
1331
1332 *str = tmp_str;
1333 return True;
1334 }
1335
1336 /*******************************************************************
1337 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1338 uint16 should be stored, or gets the size if reading.
1339 ********************************************************************/
1340
1341 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1342 {
1343 *offset = ps->data_offset;
1344 if (UNMARSHALLING(ps)) {
1345 /* reading. */
1346 return prs_uint16(name, ps, depth, data16);
1347 } else {
1348 char *q = prs_mem_get(ps, sizeof(uint16));
1349 if(q ==NULL)
1350 return False;
1351 ps->data_offset += sizeof(uint16);
1352 }
1353 return True;
1354 }
1355
1356 /*******************************************************************
1357 prs_uint16 wrapper. call this and it retrospectively stores the size.
1358 does nothing on reading, as that is already handled by ...._pre()
1359 ********************************************************************/
1360
1361 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1362 uint32 ptr_uint16, uint32 start_offset)
1363 {
1364 if (MARSHALLING(ps)) {
1365 /*
1366 * Writing - temporarily move the offset pointer.
1367 */
1368 uint16 data_size = ps->data_offset - start_offset;
1369 uint32 old_offset = ps->data_offset;
1370
1371 ps->data_offset = ptr_uint16;
1372 if(!prs_uint16(name, ps, depth, &data_size)) {
1373 ps->data_offset = old_offset;
1374 return False;
1375 }
1376 ps->data_offset = old_offset;
1377 } else {
1378 ps->data_offset = start_offset + (uint32)(*data16);
1379 }
1380 return True;
1381 }
1382
1383 /*******************************************************************
1384 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1385 uint32 should be stored, or gets the size if reading.
1386 ********************************************************************/
1387
1388 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1389 {
1390 *offset = ps->data_offset;
1391 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1392 /* reading. */
1393 return prs_uint32(name, ps, depth, data32);
1394 } else {
1395 ps->data_offset += sizeof(uint32);
1396 }
1397 return True;
1398 }
1399
1400 /*******************************************************************
1401 prs_uint32 wrapper. call this and it retrospectively stores the size.
1402 does nothing on reading, as that is already handled by ...._pre()
1403 ********************************************************************/
1404
1405 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1406 uint32 ptr_uint32, uint32 data_size)
1407 {
1408 if (MARSHALLING(ps)) {
1409 /*
1410 * Writing - temporarily move the offset pointer.
1411 */
1412 uint32 old_offset = ps->data_offset;
1413 ps->data_offset = ptr_uint32;
1414 if(!prs_uint32(name, ps, depth, &data_size)) {
1415 ps->data_offset = old_offset;
1416 return False;
1417 }
1418 ps->data_offset = old_offset;
1419 }
1420 return True;
1421 }
1422
1423 /* useful function to store a structure in rpc wire format */
1424 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1425 {
1426 TDB_DATA kbuf, dbuf;
1427 kbuf.dptr = keystr;
1428 kbuf.dsize = strlen(keystr)+1;
1429 dbuf.dptr = ps->data_p;
1430 dbuf.dsize = prs_offset(ps);
1431 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1432 }
1433
1434 /* useful function to fetch a structure into rpc wire format */
1435 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1436 {
1437 TDB_DATA kbuf, dbuf;
1438 kbuf.dptr = keystr;
1439 kbuf.dsize = strlen(keystr)+1;
1440
1441 dbuf = tdb_fetch(tdb, kbuf);
1442 if (!dbuf.dptr)
1443 return -1;
1444
1445 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1446 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1447
1448 return 0;
1449 }
1450
1451 /*******************************************************************
1452 hash a stream.
1453 ********************************************************************/
1454
1455 BOOL prs_hash1(prs_struct *ps, uint32 offset, int len)
1456 {
1457 char *q;
1458
1459 q = ps->data_p;
1460 q = &q[offset];
1461
1462 #ifdef DEBUG_PASSWORD
1463 DEBUG(100, ("prs_hash1\n"));
1464 dump_data(100, ps->sess_key, 16);
1465 dump_data(100, q, len);
1466 #endif
1467 SamOEMhash((uchar *) q, (const unsigned char *)ps->sess_key, len);
1468
1469 #ifdef DEBUG_PASSWORD
1470 dump_data(100, q, len);
1471 #endif
1472
1473 return True;
1474 }
1475
1476 /*******************************************************************
1477 Create a digest over the entire packet (including the data), and
1478 MD5 it with the session key.
1479 ********************************************************************/
1480
1481 static void schannel_digest(struct schannel_auth_struct *a,
1482 enum pipe_auth_level auth_level,
1483 RPC_AUTH_SCHANNEL_CHK * verf,
1484 char *data, size_t data_len,
1485 uchar digest_final[16])
1486 {
1487 uchar whole_packet_digest[16];
1488 static uchar zeros[4];
1489 struct MD5Context ctx3;
1490
1491 /* verfiy the signature on the packet by MD5 over various bits */
1492 MD5Init(&ctx3);
1493 /* use our sequence number, which ensures the packet is not
1494 out of order */
1495 MD5Update(&ctx3, zeros, sizeof(zeros));
1496 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1497 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1498 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1499 }
1500 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1501 MD5Final(whole_packet_digest, &ctx3);
1502 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1503
1504 /* MD5 this result and the session key, to prove that
1505 only a valid client could had produced this */
1506 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1507 }
1508
1509 /*******************************************************************
1510 Calculate the key with which to encode the data payload
1511 ********************************************************************/
1512
1513 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1514 RPC_AUTH_SCHANNEL_CHK *verf,
1515 uchar sealing_key[16])
1516 {
1517 static uchar zeros[4];
1518 uchar digest2[16];
1519 uchar sess_kf0[16];
1520 int i;
1521
1522 for (i = 0; i < sizeof(sess_kf0); i++) {
1523 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1524 }
1525
1526 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1527
1528 /* MD5 of sess_kf0 and 4 zero bytes */
1529 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1530 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1531
1532 /* MD5 of the above result, plus 8 bytes of sequence number */
1533 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1534 dump_data_pw("sealing_key:\n", sealing_key, 16);
1535 }
1536
1537 /*******************************************************************
1538 Encode or Decode the sequence number (which is symmetric)
1539 ********************************************************************/
1540
1541 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1542 RPC_AUTH_SCHANNEL_CHK *verf)
1543 {
1544 static uchar zeros[4];
1545 uchar sequence_key[16];
1546 uchar digest1[16];
1547
1548 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1549 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1550
1551 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1552
1553 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1554
1555 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1556 SamOEMhash(verf->seq_num, sequence_key, 8);
1557 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1558 }
1559
1560 /*******************************************************************
1561 creates an RPC_AUTH_SCHANNEL_CHK structure.
1562 ********************************************************************/
1563
1564 static BOOL init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1565 const uchar sig[8],
1566 const uchar packet_digest[8],
1567 const uchar seq_num[8], const uchar confounder[8])
1568 {
1569 if (chk == NULL)
1570 return False;
1571
1572 memcpy(chk->sig, sig, sizeof(chk->sig));
1573 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1574 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1575 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1576
1577 return True;
1578 }
1579
1580 /*******************************************************************
1581 Encode a blob of data using the schannel alogrithm, also produceing
1582 a checksum over the original data. We currently only support
1583 signing and sealing togeather - the signing-only code is close, but not
1584 quite compatible with what MS does.
1585 ********************************************************************/
1586
1587 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1588 enum schannel_direction direction,
1589 RPC_AUTH_SCHANNEL_CHK * verf,
1590 char *data, size_t data_len)
1591 {
1592 uchar digest_final[16];
1593 uchar confounder[8];
1594 uchar seq_num[8];
1595 static const uchar nullbytes[8];
1596
1597 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1598 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1599 const uchar *schannel_sig = NULL;
1600
1601 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1602
1603 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1604 schannel_sig = schannel_seal_sig;
1605 } else {
1606 schannel_sig = schannel_sign_sig;
1607 }
1608
1609 /* fill the 'confounder' with random data */
1610 generate_random_buffer(confounder, sizeof(confounder));
1611
1612 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1613
1614 RSIVAL(seq_num, 0, a->seq_num);
1615
1616 switch (direction) {
1617 case SENDER_IS_INITIATOR:
1618 SIVAL(seq_num, 4, 0x80);
1619 break;
1620 case SENDER_IS_ACCEPTOR:
1621 SIVAL(seq_num, 4, 0x0);
1622 break;
1623 }
1624
1625 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1626
1627 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1628 seq_num, confounder);
1629
1630 /* produce a digest of the packet to prove it's legit (before we seal it) */
1631 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1632 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1633
1634 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1635 uchar sealing_key[16];
1636
1637 /* get the key to encode the data with */
1638 schannel_get_sealing_key(a, verf, sealing_key);
1639
1640 /* encode the verification data */
1641 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1642 SamOEMhash(verf->confounder, sealing_key, 8);
1643
1644 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1645
1646 /* encode the packet payload */
1647 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1648 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1649 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1650 }
1651
1652 /* encode the sequence number (key based on packet digest) */
1653 /* needs to be done after the sealing, as the original version
1654 is used in the sealing stuff... */
1655 schannel_deal_with_seq_num(a, verf);
1656
1657 return;
1658 }
1659
1660 /*******************************************************************
1661 Decode a blob of data using the schannel alogrithm, also verifiying
1662 a checksum over the original data. We currently can verify signed messages,
1663 as well as decode sealed messages
1664 ********************************************************************/
1665
1666 BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1667 enum schannel_direction direction,
1668 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1669 {
1670 uchar digest_final[16];
1671
1672 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1673 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1674 const uchar *schannel_sig = NULL;
1675
1676 uchar seq_num[8];
1677
1678 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1679
1680 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1681 schannel_sig = schannel_seal_sig;
1682 } else {
1683 schannel_sig = schannel_sign_sig;
1684 }
1685
1686 /* Create the expected sequence number for comparison */
1687 RSIVAL(seq_num, 0, a->seq_num);
1688
1689 switch (direction) {
1690 case SENDER_IS_INITIATOR:
1691 SIVAL(seq_num, 4, 0x80);
1692 break;
1693 case SENDER_IS_ACCEPTOR:
1694 SIVAL(seq_num, 4, 0x0);
1695 break;
1696 }
1697
1698 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1699 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1700
1701 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1702
1703 /* extract the sequence number (key based on supplied packet digest) */
1704 /* needs to be done before the sealing, as the original version
1705 is used in the sealing stuff... */
1706 schannel_deal_with_seq_num(a, verf);
1707
1708 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1709 /* don't even bother with the below if the sequence number is out */
1710 /* The sequence number is MD5'ed with a key based on the whole-packet
1711 digest, as supplied by the client. We check that it's a valid
1712 checksum after the decode, below
1713 */
1714 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1715 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1716 DEBUG(2, ("should be:\n"));
1717 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1718
1719 return False;
1720 }
1721
1722 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1723 /* Validate that the other end sent the expected header */
1724 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1725 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1726 DEBUG(2, ("should be:\n"));
1727 dump_data(2, (const char*)schannel_sig, sizeof(schannel_sig));
1728 return False;
1729 }
1730
1731 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1732 uchar sealing_key[16];
1733
1734 /* get the key to extract the data with */
1735 schannel_get_sealing_key(a, verf, sealing_key);
1736
1737 /* extract the verification data */
1738 dump_data_pw("verf->confounder:\n", verf->confounder,
1739 sizeof(verf->confounder));
1740 SamOEMhash(verf->confounder, sealing_key, 8);
1741
1742 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1743 sizeof(verf->confounder));
1744
1745 /* extract the packet payload */
1746 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1747 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1748 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1749 }
1750
1751 /* digest includes 'data' after unsealing */
1752 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1753
1754 dump_data_pw("Calculated digest:\n", digest_final,
1755 sizeof(digest_final));
1756 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1757 sizeof(verf->packet_digest));
1758
1759 /* compare - if the client got the same result as us, then
1760 it must know the session key */
1761 return (memcmp(digest_final, verf->packet_digest,
1762 sizeof(verf->packet_digest)) == 0);
1763 }