1/* 2 * Unix SMB/CIFS implementation. 3 * RPC Pipe client / server routines 4 * Copyright (C) Andrew Tridgell 1992-1997, 5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, 6 * Copyright (C) Paul Ashton 1997. 7 * Copyright (C) Jeremy Allison 1999. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 */ 23 24#include "includes.h" 25 26#undef DBGC_CLASS 27#define DBGC_CLASS DBGC_RPC_PARSE 28 29/******************************************************************* 30interface/version dce/rpc pipe identification 31********************************************************************/ 32 33#define TRANS_SYNT_V2 \ 34{ \ 35 { \ 36 0x8a885d04, 0x1ceb, 0x11c9, \ 37 { 0x9f, 0xe8 }, \ 38 { 0x08, 0x00, \ 39 0x2b, 0x10, 0x48, 0x60 } \ 40 }, 0x02 \ 41} 42 43#define SYNT_NETLOGON_V2 \ 44{ \ 45 { \ 46 0x8a885d04, 0x1ceb, 0x11c9, \ 47 { 0x9f, 0xe8 }, \ 48 { 0x08, 0x00, \ 49 0x2b, 0x10, 0x48, 0x60 } \ 50 }, 0x02 \ 51} 52 53#define SYNT_WKSSVC_V1 \ 54{ \ 55 { \ 56 0x6bffd098, 0xa112, 0x3610, \ 57 { 0x98, 0x33 }, \ 58 { 0x46, 0xc3, \ 59 0xf8, 0x7e, 0x34, 0x5a } \ 60 }, 0x01 \ 61} 62 63#define SYNT_SRVSVC_V3 \ 64{ \ 65 { \ 66 0x4b324fc8, 0x1670, 0x01d3, \ 67 { 0x12, 0x78 }, \ 68 { 0x5a, 0x47, \ 69 0xbf, 0x6e, 0xe1, 0x88 } \ 70 }, 0x03 \ 71} 72 73#define SYNT_LSARPC_V0 \ 74{ \ 75 { \ 76 0x12345778, 0x1234, 0xabcd, \ 77 { 0xef, 0x00 }, \ 78 { 0x01, 0x23, \ 79 0x45, 0x67, 0x89, 0xab } \ 80 }, 0x00 \ 81} 82 83#define SYNT_LSARPC_V0_DS \ 84{ \ 85 { \ 86 0x3919286a, 0xb10c, 0x11d0, \ 87 { 0x9b, 0xa8 }, \ 88 { 0x00, 0xc0, \ 89 0x4f, 0xd9, 0x2e, 0xf5 } \ 90 }, 0x00 \ 91} 92 93#define SYNT_SAMR_V1 \ 94{ \ 95 { \ 96 0x12345778, 0x1234, 0xabcd, \ 97 { 0xef, 0x00 }, \ 98 { 0x01, 0x23, \ 99 0x45, 0x67, 0x89, 0xac } \ 100 }, 0x01 \ 101} 102 103#define SYNT_NETLOGON_V1 \ 104{ \ 105 { \ 106 0x12345678, 0x1234, 0xabcd, \ 107 { 0xef, 0x00 }, \ 108 { 0x01, 0x23, \ 109 0x45, 0x67, 0xcf, 0xfb } \ 110 }, 0x01 \ 111} 112 113#define SYNT_WINREG_V1 \ 114{ \ 115 { \ 116 0x338cd001, 0x2244, 0x31f1, \ 117 { 0xaa, 0xaa }, \ 118 { 0x90, 0x00, \ 119 0x38, 0x00, 0x10, 0x03 } \ 120 }, 0x01 \ 121} 122 123#define SYNT_SPOOLSS_V1 \ 124{ \ 125 { \ 126 0x12345678, 0x1234, 0xabcd, \ 127 { 0xef, 0x00 }, \ 128 { 0x01, 0x23, \ 129 0x45, 0x67, 0x89, 0xab } \ 130 }, 0x01 \ 131} 132 133#define SYNT_NONE_V0 \ 134{ \ 135 { \ 136 0x0, 0x0, 0x0, \ 137 { 0x00, 0x00 }, \ 138 { 0x00, 0x00, \ 139 0x00, 0x00, 0x00, 0x00 } \ 140 }, 0x00 \ 141} 142 143#define SYNT_NETDFS_V3 \ 144{ \ 145 { \ 146 0x4fc742e0, 0x4a10, 0x11cf, \ 147 { 0x82, 0x73 }, \ 148 { 0x00, 0xaa, \ 149 0x00, 0x4a, 0xe6, 0x73 } \ 150 }, 0x03 \ 151} 152 153#define SYNT_ECHO_V1 \ 154{ \ 155 { \ 156 0x60a15ec5, 0x4de8, 0x11d7, \ 157 { 0xa6, 0x37 }, \ 158 { 0x00, 0x50, \ 159 0x56, 0xa2, 0x01, 0x82 } \ 160 }, 0x01 \ 161} 162 163#define SYNT_SHUTDOWN_V1 \ 164{ \ 165 { \ 166 0x894de0c0, 0x0d55, 0x11d3, \ 167 { 0xa3, 0x22 }, \ 168 { 0x00, 0xc0, \ 169 0x4f, 0xa3, 0x21, 0xa1 } \ 170 }, 0x01 \ 171} 172 173/* 174 * IMPORTANT!! If you update this structure, make sure to 175 * update the index #defines in smb.h. 176 */ 177 178const struct pipe_id_info pipe_names [] = 179{ 180 /* client pipe , abstract syntax , server pipe , transfer syntax */ 181 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 }, 182 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 }, 183 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 }, 184 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 }, 185 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 186 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 }, 187 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 }, 188 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 }, 189 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 }, 190 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 }, 191 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 }, 192 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } 193}; 194 195/******************************************************************* 196 Inits an RPC_HDR structure. 197********************************************************************/ 198 199void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags, 200 uint32 call_id, int data_len, int auth_len) 201{ 202 hdr->major = 5; /* RPC version 5 */ 203 hdr->minor = 0; /* minor version 0 */ 204 hdr->pkt_type = pkt_type; /* RPC packet type */ 205 hdr->flags = flags; /* dce/rpc flags */ 206 hdr->pack_type[0] = 0x10; /* little-endian data representation */ 207 hdr->pack_type[1] = 0; /* packed data representation */ 208 hdr->pack_type[2] = 0; /* packed data representation */ 209 hdr->pack_type[3] = 0; /* packed data representation */ 210 hdr->frag_len = data_len; /* fragment length, fill in later */ 211 hdr->auth_len = auth_len; /* authentication length */ 212 hdr->call_id = call_id; /* call identifier - match incoming RPC */ 213} 214 215/******************************************************************* 216 Reads or writes an RPC_HDR structure. 217********************************************************************/ 218 219BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) 220{ 221 if (rpc == NULL) 222 return False; 223 224 prs_debug(ps, depth, desc, "smb_io_rpc_hdr"); 225 depth++; 226 227 if(!prs_uint8 ("major ", ps, depth, &rpc->major)) 228 return False; 229 230 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor)) 231 return False; 232 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type)) 233 return False; 234 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags)) 235 return False; 236 237 /* We always marshall in little endian format. */ 238 if (MARSHALLING(ps)) 239 rpc->pack_type[0] = 0x10; 240 241 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0])) 242 return False; 243 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1])) 244 return False; 245 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2])) 246 return False; 247 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3])) 248 return False; 249 250 /* 251 * If reading and pack_type[0] == 0 then the data is in big-endian 252 * format. Set the flag in the prs_struct to specify reverse-endainness. 253 */ 254 255 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) { 256 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n")); 257 prs_set_endian_data(ps, RPC_BIG_ENDIAN); 258 } 259 260 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len)) 261 return False; 262 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len)) 263 return False; 264 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id)) 265 return False; 266 return True; 267} 268 269/******************************************************************* 270 Reads or writes an RPC_IFACE structure. 271********************************************************************/ 272 273static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth) 274{ 275 if (ifc == NULL) 276 return False; 277 278 prs_debug(ps, depth, desc, "smb_io_rpc_iface"); 279 depth++; 280 281 if (!prs_align(ps)) 282 return False; 283 284 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth)) 285 return False; 286 287 if(!prs_uint32 ("version", ps, depth, &ifc->version)) 288 return False; 289 290 return True; 291} 292 293/******************************************************************* 294 Inits an RPC_ADDR_STR structure. 295********************************************************************/ 296 297static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name) 298{ 299 str->len = strlen(name) + 1; 300 fstrcpy(str->str, name); 301} 302 303/******************************************************************* 304 Reads or writes an RPC_ADDR_STR structure. 305********************************************************************/ 306 307static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth) 308{ 309 if (str == NULL) 310 return False; 311 312 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str"); 313 depth++; 314 if(!prs_align(ps)) 315 return False; 316 317 if(!prs_uint16 ( "len", ps, depth, &str->len)) 318 return False; 319 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) )) 320 return False; 321 return True; 322} 323 324/******************************************************************* 325 Inits an RPC_HDR_BBA structure. 326********************************************************************/ 327 328static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid) 329{ 330 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 331 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 332 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */ 333} 334 335/******************************************************************* 336 Reads or writes an RPC_HDR_BBA structure. 337********************************************************************/ 338 339static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth) 340{ 341 if (rpc == NULL) 342 return False; 343 344 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba"); 345 depth++; 346 347 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize)) 348 return False; 349 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize)) 350 return False; 351 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid)) 352 return False; 353 return True; 354} 355 356/******************************************************************* 357 Inits an RPC_HDR_RB structure. 358********************************************************************/ 359 360void init_rpc_hdr_rb(RPC_HDR_RB *rpc, 361 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 362 uint32 num_elements, uint16 context_id, uint8 num_syntaxes, 363 RPC_IFACE *abstract, RPC_IFACE *transfer) 364{ 365 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid); 366 367 rpc->num_elements = num_elements ; /* the number of elements (0x1) */ 368 rpc->context_id = context_id ; /* presentation context identifier (0x0) */ 369 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */ 370 371 /* num and vers. of interface client is using */ 372 rpc->abstract = *abstract; 373 374 /* num and vers. of interface to use for replies */ 375 rpc->transfer = *transfer; 376} 377 378/******************************************************************* 379 Reads or writes an RPC_HDR_RB structure. 380********************************************************************/ 381 382BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth) 383{ 384 if (rpc == NULL) 385 return False; 386 387 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb"); 388 depth++; 389 390 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 391 return False; 392 393 if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements)) 394 return False; 395 if(!prs_uint16("context_id ", ps, depth, &rpc->context_id )) 396 return False; 397 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes)) 398 return False; 399 400 if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth)) 401 return False; 402 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 403 return False; 404 405 return True; 406} 407 408/******************************************************************* 409 Inits an RPC_RESULTS structure. 410 411 lkclXXXX only one reason at the moment! 412********************************************************************/ 413 414static void init_rpc_results(RPC_RESULTS *res, 415 uint8 num_results, uint16 result, uint16 reason) 416{ 417 res->num_results = num_results; /* the number of results (0x01) */ 418 res->result = result ; /* result (0x00 = accept) */ 419 res->reason = reason ; /* reason (0x00 = no reason specified) */ 420} 421 422/******************************************************************* 423 Reads or writes an RPC_RESULTS structure. 424 425 lkclXXXX only one reason at the moment! 426********************************************************************/ 427 428static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth) 429{ 430 if (res == NULL) 431 return False; 432 433 prs_debug(ps, depth, desc, "smb_io_rpc_results"); 434 depth++; 435 436 if(!prs_align(ps)) 437 return False; 438 439 if(!prs_uint8 ("num_results", ps, depth, &res->num_results)) 440 return False; 441 442 if(!prs_align(ps)) 443 return False; 444 445 if(!prs_uint16("result ", ps, depth, &res->result)) 446 return False; 447 if(!prs_uint16("reason ", ps, depth, &res->reason)) 448 return False; 449 return True; 450} 451 452/******************************************************************* 453 Init an RPC_HDR_BA structure. 454 455 lkclXXXX only one reason at the moment! 456 457********************************************************************/ 458 459void init_rpc_hdr_ba(RPC_HDR_BA *rpc, 460 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid, 461 const char *pipe_addr, 462 uint8 num_results, uint16 result, uint16 reason, 463 RPC_IFACE *transfer) 464{ 465 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid); 466 init_rpc_addr_str(&rpc->addr, pipe_addr); 467 init_rpc_results (&rpc->res, num_results, result, reason); 468 469 /* the transfer syntax from the request */ 470 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer)); 471} 472 473/******************************************************************* 474 Reads or writes an RPC_HDR_BA structure. 475********************************************************************/ 476 477BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth) 478{ 479 if (rpc == NULL) 480 return False; 481 482 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba"); 483 depth++; 484 485 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth)) 486 return False; 487 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth)) 488 return False; 489 if(!smb_io_rpc_results("", &rpc->res, ps, depth)) 490 return False; 491 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth)) 492 return False; 493 return True; 494} 495 496/******************************************************************* 497 Init an RPC_HDR_REQ structure. 498********************************************************************/ 499 500void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum) 501{ 502 hdr->alloc_hint = alloc_hint; /* allocation hint */ 503 hdr->context_id = 0; /* presentation context identifier */ 504 hdr->opnum = opnum; /* opnum */ 505} 506 507/******************************************************************* 508 Reads or writes an RPC_HDR_REQ structure. 509********************************************************************/ 510 511BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth) 512{ 513 if (rpc == NULL) 514 return False; 515 516 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req"); 517 depth++; 518 519 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 520 return False; 521 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 522 return False; 523 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum)) 524 return False; 525 return True; 526} 527 528/******************************************************************* 529 Reads or writes an RPC_HDR_RESP structure. 530********************************************************************/ 531 532BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth) 533{ 534 if (rpc == NULL) 535 return False; 536 537 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp"); 538 depth++; 539 540 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint)) 541 return False; 542 if(!prs_uint16("context_id", ps, depth, &rpc->context_id)) 543 return False; 544 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count)) 545 return False; 546 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved)) 547 return False; 548 return True; 549} 550 551/******************************************************************* 552 Reads or writes an RPC_HDR_FAULT structure. 553********************************************************************/ 554 555BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth) 556{ 557 if (rpc == NULL) 558 return False; 559 560 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault"); 561 depth++; 562 563 if(!prs_ntstatus("status ", ps, depth, &rpc->status)) 564 return False; 565 if(!prs_uint32("reserved", ps, depth, &rpc->reserved)) 566 return False; 567 568 return True; 569} 570 571/******************************************************************* 572 Init an RPC_HDR_AUTHA structure. 573********************************************************************/ 574 575void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai, 576 uint16 max_tsize, uint16 max_rsize, 577 uint8 auth_type, uint8 auth_level, 578 uint8 stub_type_len) 579{ 580 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */ 581 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */ 582 583 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 584 rai->auth_level = auth_level; /* 0x06 */ 585 rai->stub_type_len = stub_type_len; /* 0x00 */ 586 rai->padding = 0; /* padding 0x00 */ 587 588 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */ 589} 590 591/******************************************************************* 592 Reads or writes an RPC_HDR_AUTHA structure. 593********************************************************************/ 594 595BOOL smb_io_rpc_hdr_autha(const char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth) 596{ 597 if (rai == NULL) 598 return False; 599 600 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha"); 601 depth++; 602 603 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize)) 604 return False; 605 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize)) 606 return False; 607 608 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 609 return False; 610 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 611 return False; 612 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len)) 613 return False; 614 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 615 return False; 616 617 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */ 618 return False; 619 620 return True; 621} 622 623/******************************************************************* 624 Inits an RPC_HDR_AUTH structure. 625********************************************************************/ 626 627void init_rpc_hdr_auth(RPC_HDR_AUTH *rai, 628 uint8 auth_type, uint8 auth_level, 629 uint8 padding, 630 uint32 ptr) 631{ 632 rai->auth_type = auth_type; /* nt lm ssp 0x0a */ 633 rai->auth_level = auth_level; /* 0x06 */ 634 rai->padding = padding; 635 rai->reserved = 0; 636 637 rai->auth_context = ptr; /* non-zero pointer to something */ 638} 639 640/******************************************************************* 641 Reads or writes an RPC_HDR_AUTH structure. 642********************************************************************/ 643 644BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth) 645{ 646 if (rai == NULL) 647 return False; 648 649 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth"); 650 depth++; 651 652 if(!prs_align(ps)) 653 return False; 654 655 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */ 656 return False; 657 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */ 658 return False; 659 if(!prs_uint8 ("padding ", ps, depth, &rai->padding)) 660 return False; 661 if(!prs_uint8 ("reserved ", ps, depth, &rai->reserved)) 662 return False; 663 if(!prs_uint32("auth_context ", ps, depth, &rai->auth_context)) 664 return False; 665 666 return True; 667} 668 669/******************************************************************* 670 Checks an RPC_AUTH_VERIFIER structure. 671********************************************************************/ 672 673BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav, 674 const char *signature, uint32 msg_type) 675{ 676 return (strequal(rav->signature, signature) && rav->msg_type == msg_type); 677} 678 679/******************************************************************* 680 Inits an RPC_AUTH_VERIFIER structure. 681********************************************************************/ 682 683void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, 684 const char *signature, uint32 msg_type) 685{ 686 fstrcpy(rav->signature, signature); /* "NTLMSSP" */ 687 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ 688} 689 690/******************************************************************* 691 Reads or writes an RPC_AUTH_VERIFIER structure. 692********************************************************************/ 693 694BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) 695{ 696 if (rav == NULL) 697 return False; 698 699 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); 700 depth++; 701 702 /* "NTLMSSP" */ 703 if(!prs_string("signature", ps, depth, rav->signature, 704 sizeof(rav->signature))) 705 return False; 706 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */ 707 return False; 708 709 return True; 710} 711 712/******************************************************************* 713 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think 714 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong. 715 I have to look at that later... 716********************************************************************/ 717 718BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) 719{ 720 if (rav == NULL) 721 return False; 722 723 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); 724 depth++; 725 726 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature))) 727 return False; 728 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) 729 return False; 730 731 return True; 732} 733 734/******************************************************************* 735 Inits an RPC_AUTH_NTLMSSP_NEG structure. 736********************************************************************/ 737 738void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg, 739 uint32 neg_flgs, 740 const char *myname, const char *domain) 741{ 742 int len_myname = strlen(myname); 743 int len_domain = strlen(domain); 744 745 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */ 746 747 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname); 748 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 749 750 fstrcpy(neg->myname, myname); 751 fstrcpy(neg->domain, domain); 752} 753 754/******************************************************************* 755 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure. 756 757 *** lkclXXXX HACK ALERT! *** 758********************************************************************/ 759 760BOOL smb_io_rpc_auth_ntlmssp_neg(const char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth) 761{ 762 uint32 start_offset = prs_offset(ps); 763 if (neg == NULL) 764 return False; 765 766 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg"); 767 depth++; 768 769 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs)) 770 return False; 771 772 if (ps->io) { 773 uint32 old_offset; 774 uint32 old_neg_flags = neg->neg_flgs; 775 776 /* reading */ 777 778 ZERO_STRUCTP(neg); 779 780 neg->neg_flgs = old_neg_flags; 781 782 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 783 return False; 784 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 785 return False; 786 787 old_offset = prs_offset(ps); 788 789 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12)) 790 return False; 791 792 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 793 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 794 return False; 795 796 old_offset += neg->hdr_myname.str_str_len; 797 798 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12)) 799 return False; 800 801 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 802 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 803 return False; 804 805 old_offset += neg->hdr_domain .str_str_len; 806 807 if(!prs_set_offset(ps, old_offset)) 808 return False; 809 } else { 810 /* writing */ 811 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth)) 812 return False; 813 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth)) 814 return False; 815 816 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 817 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname)))) 818 return False; 819 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 820 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain )))) 821 return False; 822 } 823 824 return True; 825} 826 827/******************************************************************* 828creates an RPC_AUTH_NTLMSSP_CHAL structure. 829********************************************************************/ 830 831void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl, 832 uint32 neg_flags, 833 uint8 challenge[8]) 834{ 835 chl->unknown_1 = 0x0; 836 chl->unknown_2 = 0x00000028; 837 chl->neg_flags = neg_flags; /* 0x0082b1 */ 838 839 memcpy(chl->challenge, challenge, sizeof(chl->challenge)); 840 memset((char *)chl->reserved , '\0', sizeof(chl->reserved)); 841} 842 843/******************************************************************* 844 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure. 845********************************************************************/ 846 847BOOL smb_io_rpc_auth_ntlmssp_chal(const char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth) 848{ 849 if (chl == NULL) 850 return False; 851 852 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal"); 853 depth++; 854 855 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */ 856 return False; 857 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */ 858 return False; 859 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */ 860 return False; 861 862 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge))) 863 return False; 864 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved ))) 865 return False; 866 867 return True; 868} 869 870/******************************************************************* 871 Inits an RPC_AUTH_NTLMSSP_RESP structure. 872 873 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 874 *** lkclXXXX the actual offset is at the start of the auth verifier *** 875********************************************************************/ 876 877void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, 878 uchar lm_resp[24], uchar nt_resp[24], 879 const char *domain, const char *user, const char *wks, 880 uint32 neg_flags) 881{ 882 uint32 offset; 883 int dom_len = strlen(domain); 884 int wks_len = strlen(wks); 885 int usr_len = strlen(user); 886 int lm_len = (lm_resp != NULL) ? 24 : 0; 887 int nt_len = (nt_resp != NULL) ? 24 : 0; 888 889 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n")); 890 891#ifdef DEBUG_PASSWORD 892 DEBUG(100,("lm_resp\n")); 893 dump_data(100, (char *)lm_resp, 24); 894 DEBUG(100,("nt_resp\n")); 895 dump_data(100, (char *)nt_resp, 24); 896#endif 897 898 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n", 899 domain, user, wks, neg_flags)); 900 901 offset = 0x40; 902 903 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { 904 dom_len *= 2; 905 wks_len *= 2; 906 usr_len *= 2; 907 } 908 909 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset); 910 offset += dom_len; 911 912 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset); 913 offset += usr_len; 914 915 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset); 916 offset += wks_len; 917 918 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset); 919 offset += lm_len; 920 921 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset); 922 offset += nt_len; 923 924 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset); 925 926 rsp->neg_flags = neg_flags; 927 928 memcpy(rsp->lm_resp, lm_resp, 24); 929 memcpy(rsp->nt_resp, nt_resp, 24); 930 931 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { 932 rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0); 933 rpcstr_push(rsp->user, user, sizeof(rsp->user), 0); 934 rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0); 935 } else { 936 fstrcpy(rsp->domain, domain); 937 fstrcpy(rsp->user, user); 938 fstrcpy(rsp->wks, wks); 939 } 940 941 rsp->sess_key[0] = 0; 942} 943 944/******************************************************************* 945 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure. 946 947 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) *** 948 *** lkclXXXX the actual offset is at the start of the auth verifier *** 949********************************************************************/ 950 951BOOL smb_io_rpc_auth_ntlmssp_resp(const char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth) 952{ 953 if (rsp == NULL) 954 return False; 955 956 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp"); 957 depth++; 958 959 if (ps->io) { 960 uint32 old_offset; 961 962 /* reading */ 963 964 ZERO_STRUCTP(rsp); 965 966 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 967 return False; 968 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 969 return False; 970 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 971 return False; 972 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 973 return False; 974 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 975 return False; 976 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 977 return False; 978 979 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 980 return False; 981 982 old_offset = prs_offset(ps); 983 984 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc)) 985 return False; 986 987 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 988 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 989 return False; 990 991 old_offset += rsp->hdr_domain.str_str_len; 992 993 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc)) 994 return False; 995 996 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 997 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 998 return False; 999 1000 old_offset += rsp->hdr_usr.str_str_len; 1001 1002 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc)) 1003 return False; 1004 1005 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks, 1006 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 1007 return False; 1008 1009 old_offset += rsp->hdr_wks.str_str_len; 1010 1011 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc)) 1012 return False; 1013 1014 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 1015 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp )))) 1016 return False; 1017 1018 old_offset += rsp->hdr_lm_resp.str_str_len; 1019 1020 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc)) 1021 return False; 1022 1023 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 1024 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp )))) 1025 return False; 1026 1027 old_offset += rsp->hdr_nt_resp.str_str_len; 1028 1029 if (rsp->hdr_sess_key.str_str_len != 0) { 1030 1031 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10)) 1032 return False; 1033 1034 old_offset += rsp->hdr_sess_key.str_str_len; 1035 1036 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 1037 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 1038 return False; 1039 } 1040 1041 if(!prs_set_offset(ps, old_offset)) 1042 return False; 1043 } else { 1044 /* writing */ 1045 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth)) 1046 return False; 1047 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth)) 1048 return False; 1049 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth)) 1050 return False; 1051 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth)) 1052 return False; 1053 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth)) 1054 return False; 1055 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth)) 1056 return False; 1057 1058 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */ 1059 return False; 1060 1061 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain, 1062 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain)))) 1063 return False; 1064 1065 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user, 1066 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user)))) 1067 return False; 1068 1069 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks, 1070 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks)))) 1071 return False; 1072 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp, 1073 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp)))) 1074 return False; 1075 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp, 1076 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )))) 1077 return False; 1078 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, 1079 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)))) 1080 return False; 1081 } 1082 1083 return True; 1084} 1085 1086/******************************************************************* 1087 Checks an RPC_AUTH_NTLMSSP_CHK structure. 1088********************************************************************/ 1089 1090BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num) 1091{ 1092 if (chk == NULL) 1093 return False; 1094 1095 if (chk->crc32 != crc32 || 1096 chk->ver != NTLMSSP_SIGN_VERSION || 1097 chk->seq_num != seq_num) 1098 { 1099 DEBUG(5,("verify failed - crc %x ver %x seq %d\n", 1100 chk->crc32, chk->ver, chk->seq_num)); 1101 1102 DEBUG(5,("verify expect - crc %x ver %x seq %d\n", 1103 crc32, NTLMSSP_SIGN_VERSION, seq_num)); 1104 return False; 1105 } 1106 return True; 1107} 1108 1109/******************************************************************* 1110 Inits an RPC_AUTH_NTLMSSP_CHK structure. 1111********************************************************************/ 1112 1113void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, 1114 uint32 ver, uint32 crc32, uint32 seq_num) 1115{ 1116 chk->ver = ver; 1117 chk->reserved = 0x0; 1118 chk->crc32 = crc32; 1119 chk->seq_num = seq_num; 1120} 1121 1122/******************************************************************* 1123 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure. 1124********************************************************************/ 1125 1126BOOL smb_io_rpc_auth_ntlmssp_chk(const char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth) 1127{ 1128 if (chk == NULL) 1129 return False; 1130 1131 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk"); 1132 depth++; 1133 1134 if(!prs_align(ps)) 1135 return False; 1136 1137 if(!prs_uint32("ver ", ps, depth, &chk->ver)) 1138 return False; 1139 if(!prs_uint32("reserved", ps, depth, &chk->reserved)) 1140 return False; 1141 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32)) 1142 return False; 1143 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num)) 1144 return False; 1145 1146 return True; 1147} 1148 1149/******************************************************************* 1150creates an RPC_AUTH_NETSEC_NEG structure. 1151********************************************************************/ 1152void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg, 1153 const char *domain, const char *myname) 1154{ 1155 neg->type1 = 0; 1156 neg->type2 = 0x3; 1157 fstrcpy(neg->domain, domain); 1158 fstrcpy(neg->myname, myname); 1159} 1160 1161/******************************************************************* 1162 Reads or writes an RPC_AUTH_NETSEC_NEG structure. 1163********************************************************************/ 1164 1165BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg, 1166 prs_struct *ps, int depth) 1167{ 1168 if (neg == NULL) 1169 return False; 1170 1171 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg"); 1172 depth++; 1173 1174 if(!prs_align(ps)) 1175 return False; 1176 1177 if(!prs_uint32("type1", ps, depth, &neg->type1)) 1178 return False; 1179 if(!prs_uint32("type2", ps, depth, &neg->type2)) 1180 return False; 1181 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain))) 1182 return False; 1183 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname))) 1184 return False; 1185 1186 return True; 1187} 1188 1189/******************************************************************* 1190reads or writes an RPC_AUTH_NETSEC_CHK structure. 1191********************************************************************/ 1192BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len, 1193 RPC_AUTH_NETSEC_CHK * chk, 1194 prs_struct *ps, int depth) 1195{ 1196 if (chk == NULL) 1197 return False; 1198 1199 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk"); 1200 depth++; 1201 1202 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) ) 1203 return False; 1204 1205 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) ) 1206 return False; 1207 1208 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) ) 1209 return False; 1210 1211 if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) { 1212 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) ) 1213 return False; 1214 } 1215 1216 return True; 1217} 1218 1219