1/* 2 * Unix SMB/CIFS implementation. 3 * RPC Pipe client / server routines 4 * Copyright (C) Andrew Tridgell 1992-1997, 5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, 6 * Copyright (C) Paul Ashton 1997. 7 * Copyright (C) Jeremy Allison 1999. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 */ 23 24#include "includes.h" 25 26#undef DBGC_CLASS 27#define DBGC_CLASS DBGC_RPC_PARSE 28 29/******************************************************************* 30interface/version dce/rpc pipe identification 31********************************************************************/ 32 33#define TRANS_SYNT_V2 \ 34{ \ 35 { \ 36 0x8a885d04, 0x1ceb, 0x11c9, \ 37 { 0x9f, 0xe8, 0x08, 0x00, \ 38 0x2b, 0x10, 0x48, 0x60 } \ 39 }, 0x02 \ 40} 41 42#define SYNT_NETLOGON_V2 \ 43{ \ 44 { \ 45 0x8a885d04, 0x1ceb, 0x11c9, \ 46 { 0x9f, 0xe8, 0x08, 0x00, \ 47 0x2b, 0x10, 0x48, 0x60 } \ 48 }, 0x02 \ 49} 50 51#define SYNT_WKSSVC_V1 \ 52{ \ 53 { \ 54 0x6bffd098, 0xa112, 0x3610, \ 55 { 0x98, 0x33, 0x46, 0xc3, \ 56 0xf8, 0x7e, 0x34, 0x5a } \ 57 }, 0x01 \ 58} 59 60#define SYNT_SRVSVC_V3 \ 61{ \ 62 { \ 63 0x4b324fc8, 0x1670, 0x01d3, \ 64 { 0x12, 0x78, 0x5a, 0x47, \ 65 0xbf, 0x6e, 0xe1, 0x88 } \ 66 }, 0x03 \ 67} 68 69#define SYNT_LSARPC_V0 \ 70{ \ 71 { \ 72 0x12345778, 0x1234, 0xabcd, \ 73 { 0xef, 0x00, 0x01, 0x23, \ 74 0x45, 0x67, 0x89, 0xab } \ 75 }, 0x00 \ 76} 77 78#define SYNT_LSARPC_V0_DS \ 79{ \ 80 { \ 81 0x3919286a, 0xb10c, 0x11d0, \ 82 { 0x9b, 0xa8, 0x00, 0xc0, \ 83 0x4f, 0xd9, 0x2e, 0xf5 } \ 84 }, 0x00 \ 85} 86 87#define SYNT_SAMR_V1 \ 88{ \ 89 { \ 90 0x12345778, 0x1234, 0xabcd, \ 91 { 0xef, 0x00, 0x01, 0x23, \ 92 0x45, 0x67, 0x89, 0xac } \ 93 }, 0x01 \ 94} 95 96#define SYNT_NETLOGON_V1 \ 97{ \ 98 { \ 99 0x12345678, 0x1234, 0xabcd, \ 100 { 0xef, 0x00, 0x01, 0x23, \ 101 0x45, 0x67, 0xcf, 0xfb } \ 102 }, 0x01 \ 103} 104 105#define SYNT_WINREG_V1 \ 106{ \ 107 { \ 108 0x338cd001, 0x2244, 0x31f1, \ 109 { 0xaa, 0xaa, 0x90, 0x00, \ 110 0x38, 0x00, 0x10, 0x03 } \ 111 }, 0x01 \ 112} 113 114#define SYNT_SPOOLSS_V1 \ 115{ \ 116 { \ 117 0x12345678, 0x1234, 0xabcd, \ 118 { 0xef, 0x00, 0x01, 0x23, \ 119 0x45, 0x67, 0x89, 0xab } \ 120 }, 0x01 \ 121} 122 123#define SYNT_NONE_V0 \ 124{ \ 125 { \ 126 0x0, 0x0, 0x0, \ 127 { 0x00, 0x00, 0x00, 0x00, \ 128 0x00, 0x00, 0x00, 0x00 } \ 129 }, 0x00 \ 130} 131 132#define SYNT_NETDFS_V3 \ 133{ \ 134 { \ 135 0x4fc742e0, 0x4a10, 0x11cf, \ 136 { 0x82, 0x73, 0x00, 0xaa, \ 137 0x00, 0x4a, 0xe6, 0x73 } \ 138 }, 0x03 \ 139} 140 141#define SYNT_ECHO_V1 \ 142{ \ 143 { \ 144 0x60a15ec5, 0x4de8, 0x11d7, \ 145 { 0xa6, 0x37, 0x00, 0x50, \ 146 0x56, 0xa2, 0x01, 0x82 } \ 147 }, 0x01 \ 148} 149 150#define SYNT_SHUTDOWN_V1 \ 151{ \ 152 { \ 153 0x894de0c0, 0x0d55, 0x11d3, \ 154 { 0xa3, 0x22, 0x00, 0xc0, \ 155 0x4f, 0xa3, 0x21, 0xa1 } \ 156 }, 0x01 \ 157} 158 159/* 160 * IMPORTANT!! If you update this structure, make sure to 161 * update the index #defines in smb.h. 162 */ 163 164const struct pipe_id_info pipe_names [] = 165{ 166 /* client pipe , abstract syntax , server pipe , transfer syntax */ 167 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 }, 168 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 }, 169 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 }, 170 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 }, 171 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 172 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 173 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 }, 174 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 }, 175 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 }, 176 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 }, 177 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 }, 178 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } 179}; 180 181/******************************************************************* 182 Inits an RPC_HDR structure. 183********************************************************************/ 184 185void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags, 186 uint32 call_id, int data_len, int auth_len) 187{ 188 hdr->major = 5; /* RPC version 5 */ 189 hdr->minor = 0; /* minor version 0 */ 190 hdr->pkt_type = pkt_type; /* RPC packet type */ 191 hdr->flags = flags; /* dce/rpc flags */ 192 hdr->pack_type[0] = 0x10; /* little-endian data representation */ 193 hdr->pack_type[1] = 0; /* packed data representation */ 194 hdr->pack_type[2] = 0; /* packed data representation */ 195 hdr->pack_type[3] = 0; /* packed data representation */ 196 hdr->frag_len = data_len; /* fragment length, fill in later */ 197 hdr->auth_len = auth_len; /* authentication length */ 198 hdr->call_id = call_id; /* call identifier - match incoming RPC */ 199} 200 201/******************************************************************* 202 Reads or writes an RPC_HDR structure. 203********************************************************************/ 204 205BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) 206{ 207 if (rpc == NULL) 208 return False; 209 210 prs_debug(ps, depth, desc, "smb_io_rpc_hdr"); 211 depth++; 212 213 if(!prs_uint8 ("major ", ps, depth, &rpc->major)) 214 return False; 215 216 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor)) 217 return False; 218 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type)) 219 return False; 220 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags)) 221 return False; 222 223 /* We always marshall in little endian format. */ 224 if (MARSHALLING(ps)) 225 rpc->pack_type[0] = 0x10; 226 227 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0])) 228 return False; 229 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1])) 230 return False; 231 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2])) 232 return False; 233 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3])) 234 return False; 235 236 /* 237 * If reading and pack_type[0] == 0 then the data is in big-endian 238 * format. Set the flag in the prs_struct to specify reverse-endainness. 239 */ 240 241 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) { 242 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n")); 243 prs_set_endian_data(ps, RPC_BIG_ENDIAN); 244 } 245 246 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len)) 247 return False; 248 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len)) 249 return False; 250 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id)) 251 return False; 252 return True; 253} 254 255/******************************************************************* 256 Reads or writes an RPC_UUID structure. 257********************************************************************/ 258 259static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth) 260{ 261 if (uuid == NULL) 262 return False; 263 264 prs_debug(ps, depth, desc, "smb_io_rpc_uuid"); 265 depth++; 266 267 if(!prs_align(ps)) 268 return False; 269 270 if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) 271 return False; 272 if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) 273 return False; 274 if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) 275 return False; 276 277 if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining))) 278 return False; 279 280 return True; 281} 282 283/******************************************************************* 284 Reads or writes an RPC_IFACE structure. 285********************************************************************/ 286 287static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth) 288{ 289 if (ifc == NULL) 290 return False; 291 292 prs_debug(ps, depth, desc, "smb_io_rpc_iface"); 293 depth++; 294 295 if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth)) 296 return False; 297 298 if(!prs_uint32 ("version", ps, depth, &ifc->version)) 299 return False; 300 301 return True; 302} 303 304/******************************************************************* 305 Inits an RPC_ADDR_STR structure. 306********************************************************************/ 307 308static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name) 309{ 310 str->len = strlen(name) + 1; 311 fstrcpy(str->str, name); 312} 313 314/******************************************************************* 315 Reads or writes an RPC_ADDR_STR structure. 316********************************************************************/ 317 318static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth) 319{ 320 if (str == NULL) 321 return False; 322 323 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str"); 324 depth++; 325 if(!prs_align(ps)) 326 return False; 327 328 if(!prs_uint16 ( "len", ps, depth, &str->len)) 329 return False; 330 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) )) 331 return False; 332 return True; 333} 334 335/******************************************************************* 336 Inits an RPC_HDR_BBA structure. 337********************************************************************/ 338 339static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid) 340{ 341 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 342 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 343 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */ 344} 345 346/******************************************************************* 347 Reads or writes an RPC_HDR_BBA structure. 348********************************************************************/ 349 350static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth) 351{ 352 if (rpc == NULL) 353 return False; 354 355 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba"); 356 depth++; 357 358 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize)) 359 return False; 360 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize)) 361 return False; 362 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid)) 363 return False; 364 return True; 365} 366 367/******************************************************************* 368 Inits an RPC_HDR_RB structure. 369********************************************************************/ 370 371void init_rpc_hdr_rb(RPC_HDR_RB *rpc, 372 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 373 uint32 num_elements, uint16 context_id, uint8 num_syntaxes, 374 RPC_IFACE *abstract, RPC_IFACE *transfer) 375{ 376 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid); 377 378 rpc->num_elements = num_elements ; /* the number of elements (0x1) */ 379 rpc->context_id = context_id ; /* presentation context identifier (0x0) */ 380 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */ 381 382 /* num and vers. of interface client is using */ 383 rpc->abstract = *abstract; 384 385 /* num and vers. of interface to use for replies */ 386 rpc->transfer = *transfer; 387} 388 389/******************************************************************* 390 Reads or writes an RPC_HDR_RB structure. 391********************************************************************/ 392 393BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth) 394{ 395 if (rpc == NULL) 396 return False; 397 398 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb"); 399 depth++; 400 401 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 402 return False; 403 404 if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements)) 405 return False; 406 if(!prs_uint16("context_id ", ps, depth, &rpc->context_id )) 407 return False; 408 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes)) 409 return False; 410 411 if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth)) 412 return False; 413 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 414 return False; 415 416 return True; 417} 418 419/******************************************************************* 420 Inits an RPC_RESULTS structure. 421 422 lkclXXXX only one reason at the moment! 423********************************************************************/ 424 425static void init_rpc_results(RPC_RESULTS *res, 426 uint8 num_results, uint16 result, uint16 reason) 427{ 428 res->num_results = num_results; /* the number of results (0x01) */ 429 res->result = result ; /* result (0x00 = accept) */ 430 res->reason = reason ; /* reason (0x00 = no reason specified) */ 431} 432 433/******************************************************************* 434 Reads or writes an RPC_RESULTS structure. 435 436 lkclXXXX only one reason at the moment! 437********************************************************************/ 438 439static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth) 440{ 441 if (res == NULL) 442 return False; 443 444 prs_debug(ps, depth, desc, "smb_io_rpc_results"); 445 depth++; 446 447 if(!prs_align(ps)) 448 return False; 449 450 if(!prs_uint8 ("num_results", ps, depth, &res->num_results)) 451 return False; 452 453 if(!prs_align(ps)) 454 return False; 455 456 if(!prs_uint16("result ", ps, depth, &res->result)) 457 return False; 458 if(!prs_uint16("reason ", ps, depth, &res->reason)) 459 return False; 460 return True; 461} 462 463/******************************************************************* 464 Init an RPC_HDR_BA structure. 465 466 lkclXXXX only one reason at the moment! 467 468********************************************************************/ 469 470void init_rpc_hdr_ba(RPC_HDR_BA *rpc, 471 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 472 const char *pipe_addr, 473 uint8 num_results, uint16 result, uint16 reason, 474 RPC_IFACE *transfer) 475{ 476 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid); 477 init_rpc_addr_str(&rpc->addr, pipe_addr); 478 init_rpc_results (&rpc->res, num_results, result, reason); 479 480 /* the transfer syntax from the request */ 481 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer)); 482} 483 484/******************************************************************* 485 Reads or writes an RPC_HDR_BA structure. 486********************************************************************/ 487 488BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth) 489{ 490 if (rpc == NULL) 491 return False; 492 493 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba"); 494 depth++; 495 496 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 497 return False; 498 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth)) 499 return False; 500 if(!smb_io_rpc_results("", &rpc->res, ps, depth)) 501 return False; 502 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 503 return False; 504 return True; 505} 506 507/******************************************************************* 508 Init an RPC_HDR_REQ structure. 509********************************************************************/ 510 511void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum) 512{ 513 hdr->alloc_hint = alloc_hint; /* allocation hint */ 514 hdr->context_id = 0; /* presentation context identifier */ 515 hdr->opnum = opnum; /* opnum */ 516} 517 518/******************************************************************* 519 Reads or writes an RPC_HDR_REQ structure. 520********************************************************************/ 521 522BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth) 523{ 524 if (rpc == NULL) 525 return False; 526 527 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req"); 528 depth++; 529 530 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 531 return False; 532 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 533 return False; 534 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum)) 535 return False; 536 return True; 537} 538 539/******************************************************************* 540 Reads or writes an RPC_HDR_RESP structure. 541********************************************************************/ 542 543BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth) 544{ 545 if (rpc == NULL) 546 return False; 547 548 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp"); 549 depth++; 550 551 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 552 return False; 553 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 554 return False; 555 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count)) 556 return False; 557 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved)) 558 return False; 559 return True; 560} 561 562/******************************************************************* 563 Reads or writes an RPC_HDR_FAULT structure. 564********************************************************************/ 565 566BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth) 567{ 568 if (rpc == NULL) 569 return False; 570 571 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault"); 572 depth++; 573 574 if(!prs_ntstatus("status ", ps, depth, &rpc->status)) 575 return False; 576 if(!prs_uint32("reserved", ps, depth, &rpc->reserved)) 577 return False; 578 579 return True; 580} 581 582/******************************************************************* 583 Init an RPC_HDR_AUTHA structure. 584********************************************************************/ 585 586void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai, 587 uint16 max_tsize, uint16 max_rsize, 588 uint8 auth_type, uint8 auth_level, 589 uint8 stub_type_len) 590{ 591 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 592 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 593 594 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 595 rai->auth_level = auth_level; /* 0x06 */ 596 rai->stub_type_len = stub_type_len; /* 0x00 */ 597 rai->padding = 0; /* padding 0x00 */ 598 599 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */ 600} 601 602/******************************************************************* 603 Reads or writes an RPC_HDR_AUTHA structure. 604********************************************************************/ 605 606BOOL smb_io_rpc_hdr_autha(const char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth) 607{ 608 if (rai == NULL) 609 return False; 610 611 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha"); 612 depth++; 613 614 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize)) 615 return False; 616 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize)) 617 return False; 618 619 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 620 return False; 621 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 622 return False; 623 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len)) 624 return False; 625 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 626 return False; 627 628 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */ 629 return False; 630 631 return True; 632} 633 634/******************************************************************* 635 Inits an RPC_HDR_AUTH structure. 636********************************************************************/ 637 638void init_rpc_hdr_auth(RPC_HDR_AUTH *rai, 639 uint8 auth_type, uint8 auth_level, 640 uint8 padding, 641 uint32 ptr) 642{ 643 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 644 rai->auth_level = auth_level; /* 0x06 */ 645 rai->padding = padding; 646 rai->reserved = 0; 647 648 rai->auth_context = ptr; /* non-zero pointer to something */ 649} 650 651/******************************************************************* 652 Reads or writes an RPC_HDR_AUTH structure. 653********************************************************************/ 654 655BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth) 656{ 657 if (rai == NULL) 658 return False; 659 660 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth"); 661 depth++; 662 663 if(!prs_align(ps)) 664 return False; 665 666 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 667 return False; 668 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 669 return False; 670 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 671 return False; 672 if(!prs_uint8 ("reserved ", ps, depth, &rai->reserved)) 673 return False; 674 if(!prs_uint32("auth_context ", ps, depth, &rai->auth_context)) 675 return False; 676 677 return True; 678} 679 680/******************************************************************* 681 Checks an RPC_AUTH_VERIFIER structure. 682********************************************************************/ 683 684BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav, 685 const char *signature, uint32 msg_type) 686{ 687 return (strequal(rav->signature, signature) && rav->msg_type == msg_type); 688} 689 690/******************************************************************* 691 Inits an RPC_AUTH_VERIFIER structure. 692********************************************************************/ 693 694void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, 695 const char *signature, uint32 msg_type) 696{ 697 fstrcpy(rav->signature, signature); /* "NTLMSSP" */ 698 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ 699} 700 701/******************************************************************* 702 Reads or writes an RPC_AUTH_VERIFIER structure. 703********************************************************************/ 704 705BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) 706{ 707 if (rav == NULL) 708 return False; 709 710 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); 711 depth++; 712 713 /* "NTLMSSP" */ 714 if(!prs_string("signature", ps, depth, rav->signature, 715 sizeof(rav->signature))) 716 return False; 717 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */ 718 return False; 719 720 return True; 721} 722 723/******************************************************************* 724 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think 725 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong. 726 I have to look at that later... 727********************************************************************/ 728 729BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) 730{ 731 if (rav == NULL) 732 return False; 733 734 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); 735 depth++; 736 737 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature))) 738 return False; 739 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) 740 return False; 741 742 return True; 743} 744 745/******************************************************************* 746 Inits an RPC_AUTH_NTLMSSP_NEG structure. 747********************************************************************/ 748 749void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg, 750 uint32 neg_flgs, 751 const char *myname, const char *domain) 752{ 753 int len_myname = strlen(myname); 754 int len_domain = strlen(domain); 755 756 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */ 757 758 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname); 759 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 760 761 fstrcpy(neg->myname, myname); 762 fstrcpy(neg->domain, domain); 763} 764 765/******************************************************************* 766 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure. 767 768 *** lkclXXXX HACK ALERT! *** 769********************************************************************/ 770 771BOOL smb_io_rpc_auth_ntlmssp_neg(const char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth) 772{ 773 uint32 start_offset = prs_offset(ps); 774 if (neg == NULL) 775 return False; 776 777 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg"); 778 depth++; 779 780 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs)) 781 return False; 782 783 if (ps->io) { 784 uint32 old_offset; 785 uint32 old_neg_flags = neg->neg_flgs; 786 787 /* reading */ 788 789 ZERO_STRUCTP(neg); 790 791 neg->neg_flgs = old_neg_flags; 792 793 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 794 return False; 795 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 796 return False; 797 798 old_offset = prs_offset(ps); 799 800 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12)) 801 return False; 802 803 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 804 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 805 return False; 806 807 old_offset += neg->hdr_myname.str_str_len; 808 809 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12)) 810 return False; 811 812 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 813 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 814 return False; 815 816 old_offset += neg->hdr_domain .str_str_len; 817 818 if(!prs_set_offset(ps, old_offset)) 819 return False; 820 } else { 821 /* writing */ 822 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 823 return False; 824 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 825 return False; 826 827 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 828 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 829 return False; 830 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 831 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 832 return False; 833 } 834 835 return True; 836} 837 838/******************************************************************* 839creates an RPC_AUTH_NTLMSSP_CHAL structure. 840********************************************************************/ 841 842void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl, 843 uint32 neg_flags, 844 uint8 challenge[8]) 845{ 846 chl->unknown_1 = 0x0; 847 chl->unknown_2 = 0x00000028; 848 chl->neg_flags = neg_flags; /* 0x0082b1 */ 849 850 memcpy(chl->challenge, challenge, sizeof(chl->challenge)); 851 memset((char *)chl->reserved , '\0', sizeof(chl->reserved)); 852} 853 854/******************************************************************* 855 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure. 856********************************************************************/ 857 858BOOL smb_io_rpc_auth_ntlmssp_chal(const char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth) 859{ 860 if (chl == NULL) 861 return False; 862 863 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal"); 864 depth++; 865 866 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */ 867 return False; 868 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */ 869 return False; 870 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */ 871 return False; 872 873 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge))) 874 return False; 875 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved ))) 876 return False; 877 878 return True; 879} 880 881/******************************************************************* 882 Inits an RPC_AUTH_NTLMSSP_RESP structure. 883 884 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 885 *** lkclXXXX the actual offset is at the start of the auth verifier *** 886********************************************************************/ 887 888void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, 889 uchar lm_resp[24], uchar nt_resp[24], 890 const char *domain, const char *user, const char *wks, 891 uint32 neg_flags) 892{ 893 uint32 offset; 894 int dom_len = strlen(domain); 895 int wks_len = strlen(wks); 896 int usr_len = strlen(user); 897 int lm_len = (lm_resp != NULL) ? 24 : 0; 898 int nt_len = (nt_resp != NULL) ? 24 : 0; 899 900 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n")); 901 902#ifdef DEBUG_PASSWORD 903 DEBUG(100,("lm_resp\n")); 904 dump_data(100, (char *)lm_resp, 24); 905 DEBUG(100,("nt_resp\n")); 906 dump_data(100, (char *)nt_resp, 24); 907#endif 908 909 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n", 910 domain, user, wks, neg_flags)); 911 912 offset = 0x40; 913 914 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { 915 dom_len *= 2; 916 wks_len *= 2; 917 usr_len *= 2; 918 } 919 920 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset); 921 offset += dom_len; 922 923 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset); 924 offset += usr_len; 925 926 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset); 927 offset += wks_len; 928 929 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset); 930 offset += lm_len; 931 932 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset); 933 offset += nt_len; 934 935 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset); 936 937 rsp->neg_flags = neg_flags; 938 939 memcpy(rsp->lm_resp, lm_resp, 24); 940 memcpy(rsp->nt_resp, nt_resp, 24); 941 942 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { 943 rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0); 944 rpcstr_push(rsp->user, user, sizeof(rsp->user), 0); 945 rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0); 946 } else { 947 fstrcpy(rsp->domain, domain); 948 fstrcpy(rsp->user, user); 949 fstrcpy(rsp->wks, wks); 950 } 951 952 rsp->sess_key[0] = 0; 953} 954 955/******************************************************************* 956 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure. 957 958 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 959 *** lkclXXXX the actual offset is at the start of the auth verifier *** 960********************************************************************/ 961 962BOOL smb_io_rpc_auth_ntlmssp_resp(const char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth) 963{ 964 if (rsp == NULL) 965 return False; 966 967 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp"); 968 depth++; 969 970 if (ps->io) { 971 uint32 old_offset; 972 973 /* reading */ 974 975 ZERO_STRUCTP(rsp); 976 977 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 978 return False; 979 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 980 return False; 981 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 982 return False; 983 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 984 return False; 985 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 986 return False; 987 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 988 return False; 989 990 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 991 return False; 992 993 old_offset = prs_offset(ps); 994 995 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc)) 996 return False; 997 998 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 999 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 1000 return False; 1001 1002 old_offset += rsp->hdr_domain.str_str_len; 1003 1004 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc)) 1005 return False; 1006 1007 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 1008 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 1009 return False; 1010 1011 old_offset += rsp->hdr_usr.str_str_len; 1012 1013 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc)) 1014 return False; 1015 1016 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks, 1017 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 1018 return False; 1019 1020 old_offset += rsp->hdr_wks.str_str_len; 1021 1022 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc)) 1023 return False; 1024 1025 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 1026 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp )))) 1027 return False; 1028 1029 old_offset += rsp->hdr_lm_resp.str_str_len; 1030 1031 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc)) 1032 return False; 1033 1034 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 1035 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp )))) 1036 return False; 1037 1038 old_offset += rsp->hdr_nt_resp.str_str_len; 1039 1040 if (rsp->hdr_sess_key.str_str_len != 0) { 1041 1042 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10)) 1043 return False; 1044 1045 old_offset += rsp->hdr_sess_key.str_str_len; 1046 1047 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 1048 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 1049 return False; 1050 } 1051 1052 if(!prs_set_offset(ps, old_offset)) 1053 return False; 1054 } else { 1055 /* writing */ 1056 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 1057 return False; 1058 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 1059 return False; 1060 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 1061 return False; 1062 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 1063 return False; 1064 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 1065 return False; 1066 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 1067 return False; 1068 1069 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 1070 return False; 1071 1072 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 1073 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 1074 return False; 1075 1076 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 1077 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 1078 return False; 1079 1080 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks, 1081 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 1082 return False; 1083 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 1084 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp)))) 1085 return False; 1086 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 1087 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )))) 1088 return False; 1089 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 1090 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 1091 return False; 1092 } 1093 1094 return True; 1095} 1096 1097/******************************************************************* 1098 Checks an RPC_AUTH_NTLMSSP_CHK structure. 1099********************************************************************/ 1100 1101BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num) 1102{ 1103 if (chk == NULL) 1104 return False; 1105 1106 if (chk->crc32 != crc32 || 1107 chk->ver != NTLMSSP_SIGN_VERSION || 1108 chk->seq_num != seq_num) 1109 { 1110 DEBUG(5,("verify failed - crc %x ver %x seq %d\n", 1111 chk->crc32, chk->ver, chk->seq_num)); 1112 1113 DEBUG(5,("verify expect - crc %x ver %x seq %d\n", 1114 crc32, NTLMSSP_SIGN_VERSION, seq_num)); 1115 return False; 1116 } 1117 return True; 1118} 1119 1120/******************************************************************* 1121 Inits an RPC_AUTH_NTLMSSP_CHK structure. 1122********************************************************************/ 1123 1124void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, 1125 uint32 ver, uint32 crc32, uint32 seq_num) 1126{ 1127 chk->ver = ver; 1128 chk->reserved = 0x0; 1129 chk->crc32 = crc32; 1130 chk->seq_num = seq_num; 1131} 1132 1133/******************************************************************* 1134 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure. 1135********************************************************************/ 1136 1137BOOL smb_io_rpc_auth_ntlmssp_chk(const char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth) 1138{ 1139 if (chk == NULL) 1140 return False; 1141 1142 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk"); 1143 depth++; 1144 1145 if(!prs_align(ps)) 1146 return False; 1147 1148 if(!prs_uint32("ver ", ps, depth, &chk->ver)) 1149 return False; 1150 if(!prs_uint32("reserved", ps, depth, &chk->reserved)) 1151 return False; 1152 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32)) 1153 return False; 1154 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num)) 1155 return False; 1156 1157 return True; 1158} 1159 1160/******************************************************************* 1161creates an RPC_AUTH_NETSEC_NEG structure. 1162********************************************************************/ 1163void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg, 1164 const char *domain, const char *myname) 1165{ 1166 neg->type1 = 0; 1167 neg->type2 = 0x3; 1168 fstrcpy(neg->domain, domain); 1169 fstrcpy(neg->myname, myname); 1170} 1171 1172/******************************************************************* 1173 Reads or writes an RPC_AUTH_NETSEC_NEG structure. 1174********************************************************************/ 1175 1176BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg, 1177 prs_struct *ps, int depth) 1178{ 1179 if (neg == NULL) 1180 return False; 1181 1182 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg"); 1183 depth++; 1184 1185 if(!prs_align(ps)) 1186 return False; 1187 1188 if(!prs_uint32("type1", ps, depth, &neg->type1)) 1189 return False; 1190 if(!prs_uint32("type2", ps, depth, &neg->type2)) 1191 return False; 1192 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain))) 1193 return False; 1194 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname))) 1195 return False; 1196 1197 return True; 1198} 1199 1200/******************************************************************* 1201reads or writes an RPC_AUTH_NETSEC_CHK structure. 1202********************************************************************/ 1203BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk, 1204 prs_struct *ps, int depth) 1205{ 1206 if (chk == NULL) 1207 return False; 1208 1209 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk"); 1210 depth++; 1211 1212 prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)); 1213 prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)); 1214 prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)); 1215 prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)); 1216 1217 return True; 1218} 1219 1220