1 2/* 3 * Unix SMB/Netbios implementation. 4 * Version 1.9. 5 * RPC Pipe client / server routines 6 * Copyright (C) Andrew Tridgell 1992-1997, 7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, 8 * Copyright (C) Paul Ashton 1997. 9 * Copyright (C) Jeremy Allison 1999. 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 24 */ 25 26 27#include "includes.h" 28 29extern int DEBUGLEVEL; 30 31 32/******************************************************************* 33interface/version dce/rpc pipe identification 34********************************************************************/ 35 36#define TRANS_SYNT_V2 \ 37{ \ 38 { \ 39 0x8a885d04, 0x1ceb, 0x11c9, \ 40 { 0x9f, 0xe8, 0x08, 0x00, \ 41 0x2b, 0x10, 0x48, 0x60 } \ 42 }, 0x02 \ 43} 44 45#define SYNT_NETLOGON_V2 \ 46{ \ 47 { \ 48 0x8a885d04, 0x1ceb, 0x11c9, \ 49 { 0x9f, 0xe8, 0x08, 0x00, \ 50 0x2b, 0x10, 0x48, 0x60 } \ 51 }, 0x02 \ 52} 53 54#define SYNT_WKSSVC_V1 \ 55{ \ 56 { \ 57 0x6bffd098, 0xa112, 0x3610, \ 58 { 0x98, 0x33, 0x46, 0xc3, \ 59 0xf8, 0x7e, 0x34, 0x5a } \ 60 }, 0x01 \ 61} 62 63#define SYNT_SRVSVC_V3 \ 64{ \ 65 { \ 66 0x4b324fc8, 0x1670, 0x01d3, \ 67 { 0x12, 0x78, 0x5a, 0x47, \ 68 0xbf, 0x6e, 0xe1, 0x88 } \ 69 }, 0x03 \ 70} 71 72#define SYNT_LSARPC_V0 \ 73{ \ 74 { \ 75 0x12345778, 0x1234, 0xabcd, \ 76 { 0xef, 0x00, 0x01, 0x23, \ 77 0x45, 0x67, 0x89, 0xab } \ 78 }, 0x00 \ 79} 80 81#define SYNT_SAMR_V1 \ 82{ \ 83 { \ 84 0x12345778, 0x1234, 0xabcd, \ 85 { 0xef, 0x00, 0x01, 0x23, \ 86 0x45, 0x67, 0x89, 0xac } \ 87 }, 0x01 \ 88} 89 90#define SYNT_NETLOGON_V1 \ 91{ \ 92 { \ 93 0x12345678, 0x1234, 0xabcd, \ 94 { 0xef, 0x00, 0x01, 0x23, \ 95 0x45, 0x67, 0xcf, 0xfb } \ 96 }, 0x01 \ 97} 98 99#define SYNT_WINREG_V1 \ 100{ \ 101 { \ 102 0x338cd001, 0x2244, 0x31f1, \ 103 { 0xaa, 0xaa, 0x90, 0x00, \ 104 0x38, 0x00, 0x10, 0x03 } \ 105 }, 0x01 \ 106} 107 108#define SYNT_NONE_V0 \ 109{ \ 110 { \ 111 0x0, 0x0, 0x0, \ 112 { 0x00, 0x00, 0x00, 0x00, \ 113 0x00, 0x00, 0x00, 0x00 } \ 114 }, 0x00 \ 115} 116 117/* pipe string names */ 118#define PIPE_SRVSVC "\\PIPE\\srvsvc" 119#define PIPE_SAMR "\\PIPE\\samr" 120#define PIPE_WINREG "\\PIPE\\winreg" 121#define PIPE_WKSSVC "\\PIPE\\wkssvc" 122#define PIPE_NETLOGON "\\PIPE\\NETLOGON" 123#define PIPE_NTLSA "\\PIPE\\ntlsa" 124#define PIPE_NTSVCS "\\PIPE\\ntsvcs" 125#define PIPE_LSASS "\\PIPE\\lsass" 126#define PIPE_LSARPC "\\PIPE\\lsarpc" 127 128struct pipe_id_info pipe_names [] = 129{ 130 /* client pipe , abstract syntax , server pipe , transfer syntax */ 131 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 }, 132 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 }, 133 { PIPE_NETLOGON, SYNT_NETLOGON_V1, PIPE_LSASS , TRANS_SYNT_V2 }, 134 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 135 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 136 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 }, 137 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } 138}; 139 140/******************************************************************* 141 Inits an RPC_HDR structure. 142********************************************************************/ 143 144void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags, 145 uint32 call_id, int data_len, int auth_len) 146{ 147 hdr->major = 5; /* RPC version 5 */ 148 hdr->minor = 0; /* minor version 0 */ 149 hdr->pkt_type = pkt_type; /* RPC packet type */ 150 hdr->flags = flags; /* dce/rpc flags */ 151 hdr->pack_type[0] = 0x10; /* little-endian data representation */ 152 hdr->pack_type[1] = 0; /* packed data representation */ 153 hdr->pack_type[2] = 0; /* packed data representation */ 154 hdr->pack_type[3] = 0; /* packed data representation */ 155 hdr->frag_len = data_len; /* fragment length, fill in later */ 156 hdr->auth_len = auth_len; /* authentication length */ 157 hdr->call_id = call_id; /* call identifier - match incoming RPC */ 158} 159 160/******************************************************************* 161 Reads or writes an RPC_HDR structure. 162********************************************************************/ 163 164BOOL smb_io_rpc_hdr(char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) 165{ 166 if (rpc == NULL) 167 return False; 168 169 prs_debug(ps, depth, desc, "smb_io_rpc_hdr"); 170 depth++; 171 172 if(!prs_uint8 ("major ", ps, depth, &rpc->major)) 173 return False; 174 175 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor)) 176 return False; 177 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type)) 178 return False; 179 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags)) 180 return False; 181 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0])) 182 return False; 183 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1])) 184 return False; 185 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2])) 186 return False; 187 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3])) 188 return False; 189 190 /* 191 * If reading and pack_type[0] == 0 then the data is in big-endian 192 * format. Set the flag in the prs_struct to specify reverse-endainness. 193 */ 194 195 if (ps->io && rpc->pack_type[0] == 0) { 196 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n")); 197 prs_set_bigendian_data(ps); 198 } 199 200 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len)) 201 return False; 202 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len)) 203 return False; 204 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id)) 205 return False; 206 return True; 207} 208 209/******************************************************************* 210 Reads or writes an RPC_IFACE structure. 211********************************************************************/ 212 213static BOOL smb_io_rpc_iface(char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth) 214{ 215 if (ifc == NULL) 216 return False; 217 218 prs_debug(ps, depth, desc, "smb_io_rpc_iface"); 219 depth++; 220 221 if(!prs_align(ps)) 222 return False; 223 224 if(!prs_uint32 ("data ", ps, depth, &ifc->uuid.time_low)) 225 return False; 226 if(!prs_uint16 ("data ", ps, depth, &ifc->uuid.time_mid)) 227 return False; 228 if(!prs_uint16 ("data ", ps, depth, &ifc->uuid.time_hi_and_version)) 229 return False; 230 231 if(!prs_uint8s (False, "data ", ps, depth, ifc->uuid.remaining, sizeof(ifc->uuid.remaining))) 232 return False; 233 if(!prs_uint32 ( "version", ps, depth, &(ifc->version))) 234 return False; 235 236 return True; 237} 238 239/******************************************************************* 240 Inits an RPC_ADDR_STR structure. 241********************************************************************/ 242 243static void init_rpc_addr_str(RPC_ADDR_STR *str, char *name) 244{ 245 str->len = strlen(name) + 1; 246 fstrcpy(str->str, name); 247} 248 249/******************************************************************* 250 Reads or writes an RPC_ADDR_STR structure. 251********************************************************************/ 252 253static BOOL smb_io_rpc_addr_str(char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth) 254{ 255 if (str == NULL) 256 return False; 257 258 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str"); 259 depth++; 260 if(!prs_align(ps)) 261 return False; 262 263 if(!prs_uint16 ( "len", ps, depth, &str->len)) 264 return False; 265 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) )) 266 return False; 267 return True; 268} 269 270/******************************************************************* 271 Inits an RPC_HDR_BBA structure. 272********************************************************************/ 273 274static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid) 275{ 276 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 277 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 278 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */ 279} 280 281/******************************************************************* 282 Reads or writes an RPC_HDR_BBA structure. 283********************************************************************/ 284 285static BOOL smb_io_rpc_hdr_bba(char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth) 286{ 287 if (rpc == NULL) 288 return False; 289 290 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba"); 291 depth++; 292 293 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize)) 294 return False; 295 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize)) 296 return False; 297 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid)) 298 return False; 299 return True; 300} 301 302/******************************************************************* 303 Inits an RPC_HDR_RB structure. 304********************************************************************/ 305 306void init_rpc_hdr_rb(RPC_HDR_RB *rpc, 307 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 308 uint32 num_elements, uint16 context_id, uint8 num_syntaxes, 309 RPC_IFACE *abstract, RPC_IFACE *transfer) 310{ 311 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid); 312 313 rpc->num_elements = num_elements ; /* the number of elements (0x1) */ 314 rpc->context_id = context_id ; /* presentation context identifier (0x0) */ 315 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */ 316 317 /* num and vers. of interface client is using */ 318 rpc->abstract = *abstract; 319 320 /* num and vers. of interface to use for replies */ 321 rpc->transfer = *transfer; 322} 323 324/******************************************************************* 325 Reads or writes an RPC_HDR_RB structure. 326********************************************************************/ 327 328BOOL smb_io_rpc_hdr_rb(char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth) 329{ 330 RPC_HDR_RB rpc2; 331 int i; 332 333 if (rpc == NULL) 334 return False; 335 336 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb"); 337 depth++; 338 339 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 340 return False; 341 342 if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements)) 343 return False; 344 if(!prs_uint16("context_id ", ps, depth, &rpc->context_id )) 345 return False; 346 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes)) 347 return False; 348 349 if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth)) 350 return False; 351 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 352 return False; 353 354 /* just chew through extra context id's for now */ 355 356 for ( i=1; i<rpc->num_elements; i++ ) { 357 if(!prs_uint16("context_id ", ps, depth, &rpc2.context_id )) 358 return False; 359 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc2.num_syntaxes)) 360 return False; 361 362 if(!smb_io_rpc_iface("", &rpc2.abstract, ps, depth)) 363 return False; 364 if(!smb_io_rpc_iface("", &rpc2.transfer, ps, depth)) 365 return False; 366 } 367 368 return True; 369} 370 371/******************************************************************* 372 Inits an RPC_RESULTS structure. 373 374 lkclXXXX only one reason at the moment! 375********************************************************************/ 376 377static void init_rpc_results(RPC_RESULTS *res, 378 uint8 num_results, uint16 result, uint16 reason) 379{ 380 res->num_results = num_results; /* the number of results (0x01) */ 381 res->result = result ; /* result (0x00 = accept) */ 382 res->reason = reason ; /* reason (0x00 = no reason specified) */ 383} 384 385/******************************************************************* 386 Reads or writes an RPC_RESULTS structure. 387 388 lkclXXXX only one reason at the moment! 389********************************************************************/ 390 391static BOOL smb_io_rpc_results(char *desc, RPC_RESULTS *res, prs_struct *ps, int depth) 392{ 393 if (res == NULL) 394 return False; 395 396 prs_debug(ps, depth, desc, "smb_io_rpc_results"); 397 depth++; 398 399 if(!prs_align(ps)) 400 return False; 401 402 if(!prs_uint8 ("num_results", ps, depth, &res->num_results)) 403 return False; 404 405 if(!prs_align(ps)) 406 return False; 407 408 if(!prs_uint16("result ", ps, depth, &res->result)) 409 return False; 410 if(!prs_uint16("reason ", ps, depth, &res->reason)) 411 return False; 412 return True; 413} 414 415/******************************************************************* 416 Init an RPC_HDR_BA structure. 417 418 lkclXXXX only one reason at the moment! 419 420********************************************************************/ 421 422void init_rpc_hdr_ba(RPC_HDR_BA *rpc, 423 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 424 char *pipe_addr, 425 uint8 num_results, uint16 result, uint16 reason, 426 RPC_IFACE *transfer) 427{ 428 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid); 429 init_rpc_addr_str(&rpc->addr, pipe_addr); 430 init_rpc_results (&rpc->res, num_results, result, reason); 431 432 /* the transfer syntax from the request */ 433 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer)); 434} 435 436/******************************************************************* 437 Reads or writes an RPC_HDR_BA structure. 438********************************************************************/ 439 440BOOL smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth) 441{ 442 if (rpc == NULL) 443 return False; 444 445 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba"); 446 depth++; 447 448 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 449 return False; 450 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth)) 451 return False; 452 if(!smb_io_rpc_results("", &rpc->res, ps, depth)) 453 return False; 454 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 455 return False; 456 return True; 457} 458 459/******************************************************************* 460 Init an RPC_HDR_REQ structure. 461********************************************************************/ 462 463void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum) 464{ 465 hdr->alloc_hint = alloc_hint; /* allocation hint */ 466 hdr->context_id = 0; /* presentation context identifier */ 467 hdr->opnum = opnum; /* opnum */ 468} 469 470/******************************************************************* 471 Reads or writes an RPC_HDR_REQ structure. 472********************************************************************/ 473 474BOOL smb_io_rpc_hdr_req(char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth) 475{ 476 if (rpc == NULL) 477 return False; 478 479 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req"); 480 depth++; 481 482 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 483 return False; 484 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 485 return False; 486 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum)) 487 return False; 488 return True; 489} 490 491/******************************************************************* 492 Reads or writes an RPC_HDR_RESP structure. 493********************************************************************/ 494 495BOOL smb_io_rpc_hdr_resp(char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth) 496{ 497 if (rpc == NULL) 498 return False; 499 500 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp"); 501 depth++; 502 503 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 504 return False; 505 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 506 return False; 507 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count)) 508 return False; 509 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved)) 510 return False; 511 return True; 512} 513 514/******************************************************************* 515 Reads or writes an RPC_HDR_FAULT structure. 516********************************************************************/ 517 518BOOL smb_io_rpc_hdr_fault(char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth) 519{ 520 if (rpc == NULL) 521 return False; 522 523 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault"); 524 depth++; 525 526 if(!prs_uint32("status ", ps, depth, &rpc->status)) 527 return False; 528 if(!prs_uint32("reserved", ps, depth, &rpc->reserved)) 529 return False; 530 531 return True; 532} 533 534/******************************************************************* 535 Init an RPC_HDR_AUTHA structure. 536********************************************************************/ 537 538void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai, 539 uint16 max_tsize, uint16 max_rsize, 540 uint8 auth_type, uint8 auth_level, 541 uint8 stub_type_len) 542{ 543 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 544 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 545 546 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 547 rai->auth_level = auth_level; /* 0x06 */ 548 rai->stub_type_len = stub_type_len; /* 0x00 */ 549 rai->padding = 0; /* padding 0x00 */ 550 551 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */ 552} 553 554/******************************************************************* 555 Reads or writes an RPC_HDR_AUTHA structure. 556********************************************************************/ 557 558BOOL smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth) 559{ 560 if (rai == NULL) 561 return False; 562 563 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha"); 564 depth++; 565 566 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize)) 567 return False; 568 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize)) 569 return False; 570 571 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 572 return False; 573 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 574 return False; 575 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len)) 576 return False; 577 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 578 return False; 579 580 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */ 581 return False; 582 583 return True; 584} 585 586/******************************************************************* 587 Checks an RPC_HDR_AUTH structure. 588********************************************************************/ 589 590BOOL rpc_hdr_auth_chk(RPC_HDR_AUTH *rai) 591{ 592 return (rai->auth_type == NTLMSSP_AUTH_TYPE && rai->auth_level == NTLMSSP_AUTH_LEVEL); 593} 594 595/******************************************************************* 596 Inits an RPC_HDR_AUTH structure. 597********************************************************************/ 598 599void init_rpc_hdr_auth(RPC_HDR_AUTH *rai, 600 uint8 auth_type, uint8 auth_level, 601 uint8 stub_type_len, 602 uint32 ptr) 603{ 604 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 605 rai->auth_level = auth_level; /* 0x06 */ 606 rai->stub_type_len = stub_type_len; /* 0x00 */ 607 rai->padding = 0; /* padding 0x00 */ 608 609 rai->unknown = ptr; /* non-zero pointer to something */ 610} 611 612/******************************************************************* 613 Reads or writes an RPC_HDR_AUTH structure. 614********************************************************************/ 615 616BOOL smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth) 617{ 618 if (rai == NULL) 619 return False; 620 621 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth"); 622 depth++; 623 624 if(!prs_align(ps)) 625 return False; 626 627 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 628 return False; 629 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 630 return False; 631 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len)) 632 return False; 633 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 634 return False; 635 636 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */ 637 return False; 638 639 return True; 640} 641 642/******************************************************************* 643 Checks an RPC_AUTH_VERIFIER structure. 644********************************************************************/ 645 646BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav, 647 char *signature, uint32 msg_type) 648{ 649 return (strequal(rav->signature, signature) && rav->msg_type == msg_type); 650} 651 652/******************************************************************* 653 Inits an RPC_AUTH_VERIFIER structure. 654********************************************************************/ 655 656void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, 657 char *signature, uint32 msg_type) 658{ 659 fstrcpy(rav->signature, signature); /* "NTLMSSP" */ 660 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ 661} 662 663/******************************************************************* 664 Reads or writes an RPC_AUTH_VERIFIER structure. 665********************************************************************/ 666 667BOOL smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) 668{ 669 if (rav == NULL) 670 return False; 671 672 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); 673 depth++; 674 675 /* "NTLMSSP" */ 676 if(!prs_string("signature", ps, depth, rav->signature, strlen("NTLMSSP"), 677 sizeof(rav->signature))) 678 return False; 679 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */ 680 return False; 681 682 return True; 683} 684 685/******************************************************************* 686 Inits an RPC_AUTH_NTLMSSP_NEG structure. 687********************************************************************/ 688 689void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg, 690 uint32 neg_flgs, 691 fstring myname, fstring domain) 692{ 693 int len_myname = strlen(myname); 694 int len_domain = strlen(domain); 695 696 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */ 697 698 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname); 699 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 700 701 fstrcpy(neg->myname, myname); 702 fstrcpy(neg->domain, domain); 703} 704 705/******************************************************************* 706 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure. 707 708 *** lkclXXXX HACK ALERT! *** 709********************************************************************/ 710 711BOOL smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth) 712{ 713 uint32 start_offset = prs_offset(ps); 714 if (neg == NULL) 715 return False; 716 717 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg"); 718 depth++; 719 720 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs)) 721 return False; 722 723 if (ps->io) { 724 uint32 old_offset; 725 uint32 old_neg_flags = neg->neg_flgs; 726 727 /* reading */ 728 729 ZERO_STRUCTP(neg); 730 731 neg->neg_flgs = old_neg_flags; 732 733 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 734 return False; 735 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 736 return False; 737 738 old_offset = prs_offset(ps); 739 740 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12)) 741 return False; 742 743 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 744 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 745 return False; 746 747 old_offset += neg->hdr_myname.str_str_len; 748 749 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12)) 750 return False; 751 752 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 753 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 754 return False; 755 756 old_offset += neg->hdr_domain .str_str_len; 757 758 if(!prs_set_offset(ps, old_offset)) 759 return False; 760 } else { 761 /* writing */ 762 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 763 return False; 764 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 765 return False; 766 767 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 768 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 769 return False; 770 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 771 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 772 return False; 773 } 774 775 return True; 776} 777 778/******************************************************************* 779creates an RPC_AUTH_NTLMSSP_CHAL structure. 780********************************************************************/ 781 782void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl, 783 uint32 neg_flags, 784 uint8 challenge[8]) 785{ 786 chl->unknown_1 = 0x0; 787 chl->unknown_2 = 0x00000028; 788 chl->neg_flags = neg_flags; /* 0x0082b1 */ 789 790 memcpy(chl->challenge, challenge, sizeof(chl->challenge)); 791 memset((char *)chl->reserved , '\0', sizeof(chl->reserved)); 792} 793 794/******************************************************************* 795 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure. 796********************************************************************/ 797 798BOOL smb_io_rpc_auth_ntlmssp_chal(char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth) 799{ 800 if (chl == NULL) 801 return False; 802 803 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal"); 804 depth++; 805 806 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */ 807 return False; 808 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */ 809 return False; 810 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */ 811 return False; 812 813 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge))) 814 return False; 815 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved ))) 816 return False; 817 818 return True; 819} 820 821/******************************************************************* 822 Inits an RPC_AUTH_NTLMSSP_RESP structure. 823 824 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 825 *** lkclXXXX the actual offset is at the start of the auth verifier *** 826********************************************************************/ 827 828void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, 829 uchar lm_resp[24], uchar nt_resp[24], 830 char *domain, char *user, char *wks, 831 uint32 neg_flags) 832{ 833 uint32 offset; 834 int dom_len = strlen(domain); 835 int wks_len = strlen(wks); 836 int usr_len = strlen(user); 837 int lm_len = (lm_resp != NULL) ? 24 : 0; 838 int nt_len = (nt_resp != NULL) ? 24 : 0; 839 840 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n")); 841 842#ifdef DEBUG_PASSWORD 843 DEBUG(100,("lm_resp\n")); 844 dump_data(100, (char *)lm_resp, 24); 845 DEBUG(100,("nt_resp\n")); 846 dump_data(100, (char *)nt_resp, 24); 847#endif 848 849 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n", 850 domain, user, wks, neg_flags)); 851 852 offset = 0x40; 853 854 if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) 855 { 856 dom_len *= 2; 857 wks_len *= 2; 858 usr_len *= 2; 859 } 860 861 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset); 862 offset += dom_len; 863 864 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset); 865 offset += usr_len; 866 867 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset); 868 offset += wks_len; 869 870 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset); 871 offset += lm_len; 872 873 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset); 874 offset += nt_len; 875 876 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset); 877 878 rsp->neg_flags = neg_flags; 879 880 memcpy(rsp->lm_resp, lm_resp, 24); 881 memcpy(rsp->nt_resp, nt_resp, 24); 882 883 if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) { 884 dos_struni2(rsp->domain, domain, sizeof(rsp->domain)); 885 dos_struni2(rsp->user, user, sizeof(rsp->user)); 886 dos_struni2(rsp->wks, wks, sizeof(rsp->wks)); 887 } else { 888 fstrcpy(rsp->domain, domain); 889 fstrcpy(rsp->user, user); 890 fstrcpy(rsp->wks, wks); 891 } 892 rsp->sess_key[0] = 0; 893} 894 895/******************************************************************* 896 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure. 897 898 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 899 *** lkclXXXX the actual offset is at the start of the auth verifier *** 900********************************************************************/ 901 902BOOL smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth) 903{ 904 if (rsp == NULL) 905 return False; 906 907 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp"); 908 depth++; 909 910 if (ps->io) { 911 uint32 old_offset; 912 913 /* reading */ 914 915 ZERO_STRUCTP(rsp); 916 917 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 918 return False; 919 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 920 return False; 921 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 922 return False; 923 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 924 return False; 925 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 926 return False; 927 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 928 return False; 929 930 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 931 return False; 932 933 old_offset = prs_offset(ps); 934 935 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc)) 936 return False; 937 938 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 939 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 940 return False; 941 942 old_offset += rsp->hdr_domain.str_str_len; 943 944 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc)) 945 return False; 946 947 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 948 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 949 return False; 950 951 old_offset += rsp->hdr_usr.str_str_len; 952 953 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc)) 954 return False; 955 956 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks, 957 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 958 return False; 959 960 old_offset += rsp->hdr_wks.str_str_len; 961 962 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc)) 963 return False; 964 965 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 966 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp )))) 967 return False; 968 969 old_offset += rsp->hdr_lm_resp.str_str_len; 970 971 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc)) 972 return False; 973 974 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 975 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp )))) 976 return False; 977 978 old_offset += rsp->hdr_nt_resp.str_str_len; 979 980 if (rsp->hdr_sess_key.str_str_len != 0) { 981 982 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10)) 983 return False; 984 985 old_offset += rsp->hdr_sess_key.str_str_len; 986 987 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 988 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 989 return False; 990 } 991 992 if(!prs_set_offset(ps, old_offset)) 993 return False; 994 } else { 995 /* writing */ 996 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 997 return False; 998 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 999 return False; 1000 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 1001 return False; 1002 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 1003 return False; 1004 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 1005 return False; 1006 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 1007 return False; 1008 1009 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 1010 return False; 1011 1012 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 1013 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 1014 return False; 1015 1016 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 1017 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 1018 return False; 1019 1020 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks, 1021 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 1022 return False; 1023 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 1024 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp)))) 1025 return False; 1026 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 1027 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )))) 1028 return False; 1029 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 1030 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 1031 return False; 1032 } 1033 1034 return True; 1035} 1036 1037/******************************************************************* 1038 Checks an RPC_AUTH_NTLMSSP_CHK structure. 1039********************************************************************/ 1040 1041BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num) 1042{ 1043 if (chk == NULL) 1044 return False; 1045 1046 if (chk->crc32 != crc32 || 1047 chk->ver != NTLMSSP_SIGN_VERSION || 1048 chk->seq_num != seq_num) 1049 { 1050 DEBUG(5,("verify failed - crc %x ver %x seq %d\n", 1051 crc32, NTLMSSP_SIGN_VERSION, seq_num)); 1052 DEBUG(5,("verify expect - crc %x ver %x seq %d\n", 1053 chk->crc32, chk->ver, chk->seq_num)); 1054 return False; 1055 } 1056 return True; 1057} 1058 1059/******************************************************************* 1060 Inits an RPC_AUTH_NTLMSSP_CHK structure. 1061********************************************************************/ 1062 1063void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, 1064 uint32 ver, uint32 crc32, uint32 seq_num) 1065{ 1066 chk->ver = ver; 1067 chk->reserved = 0x0; 1068 chk->crc32 = crc32; 1069 chk->seq_num = seq_num; 1070} 1071 1072/******************************************************************* 1073 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure. 1074********************************************************************/ 1075 1076BOOL smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth) 1077{ 1078 if (chk == NULL) 1079 return False; 1080 1081 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk"); 1082 depth++; 1083 1084 if(!prs_align(ps)) 1085 return False; 1086 1087 if(!prs_uint32("ver ", ps, depth, &chk->ver)) 1088 return False; 1089 if(!prs_uint32("reserved", ps, depth, &chk->reserved)) 1090 return False; 1091 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32)) 1092 return False; 1093 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num)) 1094 return False; 1095 1096 return True; 1097} 1098