2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
30 * Dump a prs to a file: from the current location through to the end.
32 void prs_dump(char *name, int v, prs_struct *ps)
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
38 * Dump from the start of the prs to the current location.
40 void prs_dump_before(char *name, int v, prs_struct *ps)
42 prs_dump_region(name, v, ps, 0, ps->data_offset);
46 * Dump everything from the start of the prs up to the current location.
48 void prs_dump_region(char *name, int v, prs_struct *ps,
49 int from_off, int to_off)
54 if (DEBUGLEVEL < 50) return;
57 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
59 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
61 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
62 if (fd != -1 || errno != EEXIST) break;
65 sz = write(fd, ps->data_p + from_off, to_off - from_off);
67 if ( (sz != to_off-from_off) || (i != 0) ) {
68 DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
70 DEBUG(0,("created %s\n", fname));
75 /*******************************************************************
76 Debug output for parsing info
78 XXXX side-effect of this function is to increase the debug depth XXXX.
80 ********************************************************************/
82 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
84 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
88 * Initialise an expandable parse structure.
90 * @param size Initial buffer size. If >0, a new buffer will be
91 * created with malloc().
93 * @return False if allocation fails, otherwise True.
96 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
100 ps->bigendian_data = RPC_LITTLE_ENDIAN;
101 ps->align = RPC_PARSE_ALIGN;
102 ps->is_dynamic = False;
109 ps->buffer_size = size;
110 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
111 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
114 memset(ps->data_p, '\0', (size_t)size);
115 ps->is_dynamic = True; /* We own this memory. */
116 } else if (MARSHALLING(ps)) {
117 /* If size is zero and we're marshalling we should allocate memory on demand. */
118 ps->is_dynamic = True;
124 /*******************************************************************
125 Delete the memory in a parse structure - if we own it.
126 ********************************************************************/
128 void prs_mem_free(prs_struct *ps)
131 SAFE_FREE(ps->data_p);
132 ps->is_dynamic = False;
137 /*******************************************************************
138 Clear the memory in a parse structure.
139 ********************************************************************/
141 void prs_mem_clear(prs_struct *ps)
144 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
147 /*******************************************************************
148 Allocate memory when unmarshalling... Always zero clears.
149 ********************************************************************/
151 #if defined(PARANOID_MALLOC_CHECKER)
152 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
154 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
160 /* We can't call the type-safe version here. */
161 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
166 /*******************************************************************
167 Return the current talloc context we're using.
168 ********************************************************************/
170 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
175 /*******************************************************************
176 Hand some already allocated memory to a prs_struct.
177 ********************************************************************/
179 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
181 ps->is_dynamic = is_dynamic;
183 ps->buffer_size = size;
186 /*******************************************************************
187 Take some memory back from a prs_struct.
188 ********************************************************************/
190 char *prs_take_memory(prs_struct *ps, uint32 *psize)
192 char *ret = ps->data_p;
194 *psize = ps->buffer_size;
195 ps->is_dynamic = False;
200 /*******************************************************************
201 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
202 ********************************************************************/
204 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
206 if (newsize > ps->buffer_size)
207 return prs_force_grow(ps, newsize - ps->buffer_size);
209 if (newsize < ps->buffer_size) {
210 char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
211 /* if newsize is zero, Realloc acts like free() & returns NULL*/
212 if (new_data_p == NULL && newsize != 0) {
213 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
214 (unsigned int)newsize));
215 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
218 ps->data_p = new_data_p;
219 ps->buffer_size = newsize;
225 /*******************************************************************
226 Attempt, if needed, to grow a data buffer.
227 Also depends on the data stream mode (io).
228 ********************************************************************/
230 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
235 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
237 if(ps->data_offset + extra_space <= ps->buffer_size)
241 * We cannot grow the buffer if we're not reading
242 * into the prs_struct, or if we don't own the memory.
245 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
246 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
247 (unsigned int)extra_space));
252 * Decide how much extra space we really need.
255 extra_space -= (ps->buffer_size - ps->data_offset);
256 if(ps->buffer_size == 0) {
258 * Ensure we have at least a PDU's length, or extra_space, whichever
262 new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
264 if((new_data = SMB_MALLOC(new_size)) == NULL) {
265 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
268 memset(new_data, '\0', (size_t)new_size );
271 * If the current buffer size is bigger than the space needed, just
272 * double it, else add extra_space.
274 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
276 if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
277 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
278 (unsigned int)new_size));
282 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
284 ps->buffer_size = new_size;
285 ps->data_p = new_data;
290 /*******************************************************************
291 Attempt to force a data buffer to grow by len bytes.
292 This is only used when appending more data onto a prs_struct
293 when reading an rpc reply, before unmarshalling it.
294 ********************************************************************/
296 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
298 uint32 new_size = ps->buffer_size + extra_space;
301 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
302 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
303 (unsigned int)extra_space));
307 if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
308 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
309 (unsigned int)new_size));
313 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
315 ps->buffer_size = new_size;
316 ps->data_p = new_data;
321 /*******************************************************************
322 Get the data pointer (external interface).
323 ********************************************************************/
325 char *prs_data_p(prs_struct *ps)
330 /*******************************************************************
331 Get the current data size (external interface).
332 ********************************************************************/
334 uint32 prs_data_size(prs_struct *ps)
336 return ps->buffer_size;
339 /*******************************************************************
340 Fetch the current offset (external interface).
341 ********************************************************************/
343 uint32 prs_offset(prs_struct *ps)
345 return ps->data_offset;
348 /*******************************************************************
349 Set the current offset (external interface).
350 ********************************************************************/
352 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
354 if(offset <= ps->data_offset) {
355 ps->data_offset = offset;
359 if(!prs_grow(ps, offset - ps->data_offset))
362 ps->data_offset = offset;
366 /*******************************************************************
367 Append the data from one parse_struct into another.
368 ********************************************************************/
370 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
372 if (prs_offset(src) == 0)
375 if(!prs_grow(dst, prs_offset(src)))
378 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
379 dst->data_offset += prs_offset(src);
384 /*******************************************************************
385 Append some data from one parse_struct into another.
386 ********************************************************************/
388 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
393 if(!prs_grow(dst, len))
396 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
397 dst->data_offset += len;
402 /*******************************************************************
403 Append the data from a buffer into a parse_struct.
404 ********************************************************************/
406 BOOL prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
411 if(!prs_grow(dst, len))
414 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
415 dst->data_offset += len;
420 /*******************************************************************
421 Copy some data from a parse_struct into a buffer.
422 ********************************************************************/
424 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
429 if(!prs_mem_get(src, len))
432 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
433 src->data_offset += len;
438 /*******************************************************************
439 Copy all the data from a parse_struct into a buffer.
440 ********************************************************************/
442 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
444 uint32 len = prs_offset(src);
449 prs_set_offset(src, 0);
450 return prs_copy_data_out(dst, src, len);
453 /*******************************************************************
454 Set the data as X-endian (external interface).
455 ********************************************************************/
457 void prs_set_endian_data(prs_struct *ps, BOOL endian)
459 ps->bigendian_data = endian;
462 /*******************************************************************
463 Align a the data_len to a multiple of align bytes - filling with
465 ********************************************************************/
467 BOOL prs_align(prs_struct *ps)
469 uint32 mod = ps->data_offset & (ps->align-1);
471 if (ps->align != 0 && mod != 0) {
472 uint32 extra_space = (ps->align - mod);
473 if(!prs_grow(ps, extra_space))
475 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
476 ps->data_offset += extra_space;
482 /******************************************************************
483 Align on a 2 byte boundary
484 *****************************************************************/
486 BOOL prs_align_uint16(prs_struct *ps)
489 uint8 old_align = ps->align;
493 ps->align = old_align;
498 /******************************************************************
499 Align on a 8 byte boundary
500 *****************************************************************/
502 BOOL prs_align_uint64(prs_struct *ps)
505 uint8 old_align = ps->align;
509 ps->align = old_align;
514 /******************************************************************
515 Align on a specific byte boundary
516 *****************************************************************/
518 BOOL prs_align_custom(prs_struct *ps, uint8 boundary)
521 uint8 old_align = ps->align;
523 ps->align = boundary;
525 ps->align = old_align;
532 /*******************************************************************
533 Align only if required (for the unistr2 string mainly)
534 ********************************************************************/
536 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
541 return prs_align(ps);
544 /*******************************************************************
545 Ensure we can read/write to a given offset.
546 ********************************************************************/
548 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
550 if(UNMARSHALLING(ps)) {
552 * If reading, ensure that we can read the requested size item.
554 if (ps->data_offset + extra_size > ps->buffer_size) {
555 DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
556 "buffer by %u bytes.\n",
557 (unsigned int)extra_size,
558 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
563 * Writing - grow the buffer if needed.
565 if(!prs_grow(ps, extra_size))
568 return &ps->data_p[ps->data_offset];
571 /*******************************************************************
572 Change the struct type.
573 ********************************************************************/
575 void prs_switch_type(prs_struct *ps, BOOL io)
577 if ((ps->io ^ io) == True)
581 /*******************************************************************
582 Force a prs_struct to be dynamic even when it's size is 0.
583 ********************************************************************/
585 void prs_force_dynamic(prs_struct *ps)
590 /*******************************************************************
591 Associate a session key with a parse struct.
592 ********************************************************************/
594 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
596 ps->sess_key = sess_key;
599 /*******************************************************************
601 ********************************************************************/
603 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
605 char *q = prs_mem_get(ps, 1);
609 if (UNMARSHALLING(ps))
614 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
616 ps->data_offset += 1;
621 /*******************************************************************
622 Stream a uint16* (allocate memory if unmarshalling)
623 ********************************************************************/
625 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
626 void **data, size_t data_size,
627 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
631 /* output f000baaa to stream if the pointer is non-zero. */
633 data_p = *data ? 0xf000baaa : 0;
635 if ( !prs_uint32("ptr", ps, depth, &data_p ))
638 /* we're done if there is no data */
643 if (UNMARSHALLING(ps)) {
644 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
648 return prs_fn(name, ps, depth, *data);
652 /*******************************************************************
654 ********************************************************************/
656 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
658 char *q = prs_mem_get(ps, sizeof(uint16));
662 if (UNMARSHALLING(ps)) {
663 if (ps->bigendian_data)
664 *data16 = RSVAL(q,0);
668 if (ps->bigendian_data)
674 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
676 ps->data_offset += sizeof(uint16);
681 /*******************************************************************
683 ********************************************************************/
685 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
687 char *q = prs_mem_get(ps, sizeof(uint32));
691 if (UNMARSHALLING(ps)) {
692 if (ps->bigendian_data)
693 *data32 = RIVAL(q,0);
697 if (ps->bigendian_data)
703 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
705 ps->data_offset += sizeof(uint32);
710 /*******************************************************************
712 ********************************************************************/
714 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
716 char *q = prs_mem_get(ps, sizeof(uint32));
720 if (UNMARSHALLING(ps)) {
721 if (ps->bigendian_data)
722 *status = NT_STATUS(RIVAL(q,0));
724 *status = NT_STATUS(IVAL(q,0));
726 if (ps->bigendian_data)
727 RSIVAL(q,0,NT_STATUS_V(*status));
729 SIVAL(q,0,NT_STATUS_V(*status));
732 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
733 nt_errstr(*status)));
735 ps->data_offset += sizeof(uint32);
740 /*******************************************************************
742 ********************************************************************/
744 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
746 char *q = prs_mem_get(ps, sizeof(uint32));
750 if (UNMARSHALLING(ps)) {
751 if (ps->bigendian_data)
752 *status = W_ERROR(RIVAL(q,0));
754 *status = W_ERROR(IVAL(q,0));
756 if (ps->bigendian_data)
757 RSIVAL(q,0,W_ERROR_V(*status));
759 SIVAL(q,0,W_ERROR_V(*status));
762 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
763 dos_errstr(*status)));
765 ps->data_offset += sizeof(uint32);
771 /******************************************************************
772 Stream an array of uint8s. Length is number of uint8s.
773 ********************************************************************/
775 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
778 char *q = prs_mem_get(ps, len);
782 if (UNMARSHALLING(ps)) {
783 for (i = 0; i < len; i++)
784 data8s[i] = CVAL(q,i);
786 for (i = 0; i < len; i++)
787 SCVAL(q, i, data8s[i]);
790 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
792 print_asc(5, (unsigned char*)data8s, len);
794 for (i = 0; i < len; i++)
795 DEBUG(5,("%02x ", data8s[i]));
799 ps->data_offset += len;
804 /******************************************************************
805 Stream an array of uint16s. Length is number of uint16s.
806 ********************************************************************/
808 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
811 char *q = prs_mem_get(ps, len * sizeof(uint16));
815 if (UNMARSHALLING(ps)) {
816 if (ps->bigendian_data) {
817 for (i = 0; i < len; i++)
818 data16s[i] = RSVAL(q, 2*i);
820 for (i = 0; i < len; i++)
821 data16s[i] = SVAL(q, 2*i);
824 if (ps->bigendian_data) {
825 for (i = 0; i < len; i++)
826 RSSVAL(q, 2*i, data16s[i]);
828 for (i = 0; i < len; i++)
829 SSVAL(q, 2*i, data16s[i]);
833 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
835 print_asc(5, (unsigned char*)data16s, 2*len);
837 for (i = 0; i < len; i++)
838 DEBUG(5,("%04x ", data16s[i]));
842 ps->data_offset += (len * sizeof(uint16));
847 /******************************************************************
848 Start using a function for streaming unicode chars. If unmarshalling,
849 output must be little-endian, if marshalling, input must be little-endian.
850 ********************************************************************/
852 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
853 char *in_buf, char *out_buf, int len)
857 if (UNMARSHALLING(ps)) {
858 if (ps->bigendian_data) {
859 for (i = 0; i < len; i++)
860 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
862 for (i = 0; i < len; i++)
863 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
866 if (ps->bigendian_data) {
867 for (i = 0; i < len; i++)
868 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
870 for (i = 0; i < len; i++)
871 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
875 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
877 print_asc(5, (unsigned char*)out_buf, 2*len);
879 for (i = 0; i < len; i++)
880 DEBUG(5,("%04x ", out_buf[i]));
885 /******************************************************************
886 Stream a unistr. Always little endian.
887 ********************************************************************/
889 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
891 char *q = prs_mem_get(ps, len * sizeof(uint16));
895 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
896 ps->data_offset += (len * sizeof(uint16));
901 /******************************************************************
902 Stream an array of uint32s. Length is number of uint32s.
903 ********************************************************************/
905 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
908 char *q = prs_mem_get(ps, len * sizeof(uint32));
912 if (UNMARSHALLING(ps)) {
913 if (ps->bigendian_data) {
914 for (i = 0; i < len; i++)
915 data32s[i] = RIVAL(q, 4*i);
917 for (i = 0; i < len; i++)
918 data32s[i] = IVAL(q, 4*i);
921 if (ps->bigendian_data) {
922 for (i = 0; i < len; i++)
923 RSIVAL(q, 4*i, data32s[i]);
925 for (i = 0; i < len; i++)
926 SIVAL(q, 4*i, data32s[i]);
930 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
932 print_asc(5, (unsigned char*)data32s, 4*len);
934 for (i = 0; i < len; i++)
935 DEBUG(5,("%08x ", data32s[i]));
939 ps->data_offset += (len * sizeof(uint32));
944 /******************************************************************
945 Stream an array of unicode string, length/buffer specified separately,
946 in uint16 chars. The unicode string is already in little-endian format.
947 ********************************************************************/
949 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
952 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
956 if (UNMARSHALLING(ps)) {
957 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
958 if (str->buffer == NULL)
962 /* If the string is empty, we don't have anything to stream */
966 p = (char *)str->buffer;
968 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
970 ps->data_offset += (str->buf_len * sizeof(uint16));
975 /******************************************************************
976 Stream a "not" unicode string, length/buffer specified separately,
977 in byte chars. String is in little-endian format.
978 ********************************************************************/
980 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
983 char *q = prs_mem_get(ps, buf->buf_len);
987 if (UNMARSHALLING(ps)) {
988 if (buf->buf_len > buf->buf_max_len) {
991 if ( buf->buf_max_len ) {
992 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
993 if ( buf->buffer == NULL )
998 p = (char *)buf->buffer;
1000 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
1001 ps->data_offset += buf->buf_len;
1006 /******************************************************************
1007 Stream a string, length/buffer specified separately,
1009 ********************************************************************/
1011 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
1014 char *q = prs_mem_get(ps, str->str_str_len);
1018 if (UNMARSHALLING(ps)) {
1019 if (str->str_str_len > str->str_max_len) {
1022 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
1023 if (str->buffer == NULL)
1027 if (UNMARSHALLING(ps)) {
1028 for (i = 0; i < str->str_str_len; i++)
1029 str->buffer[i] = CVAL(q,i);
1031 for (i = 0; i < str->str_str_len; i++)
1032 SCVAL(q, i, str->buffer[i]);
1035 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1037 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1039 for (i = 0; i < str->str_str_len; i++)
1040 DEBUG(5,("%02x ", str->buffer[i]));
1044 ps->data_offset += str->str_str_len;
1049 /******************************************************************
1050 Stream a unicode string, length/buffer specified separately,
1051 in uint16 chars. The unicode string is already in little-endian format.
1052 ********************************************************************/
1054 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1057 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1061 /* If the string is empty, we don't have anything to stream */
1062 if (str->uni_str_len==0)
1065 if (UNMARSHALLING(ps)) {
1066 if (str->uni_str_len > str->uni_max_len) {
1069 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1070 if (str->buffer == NULL)
1074 p = (char *)str->buffer;
1076 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1078 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1083 /******************************************************************
1084 Stream a unicode string, length/buffer specified separately,
1085 in uint16 chars. The unicode string is already in little-endian format.
1086 ********************************************************************/
1088 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1091 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1095 if (UNMARSHALLING(ps)) {
1096 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1097 if (str->str.buffer == NULL)
1101 p = (char *)str->str.buffer;
1103 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1104 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1109 /*******************************************************************
1110 Stream a unicode null-terminated string. As the string is already
1111 in little-endian format then do it as a stream of bytes.
1112 ********************************************************************/
1114 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1116 unsigned int len = 0;
1117 unsigned char *p = (unsigned char *)str->buffer;
1123 if (MARSHALLING(ps)) {
1125 for(len = 0; str->buffer[len] != 0; len++)
1128 q = prs_mem_get(ps, (len+1)*2);
1134 for(len = 0; str->buffer[len] != 0; len++) {
1135 if(ps->bigendian_data) {
1136 /* swap bytes - p is little endian, q is big endian. */
1152 * even if the string is 'empty' (only an \0 char)
1153 * at this point the leading \0 hasn't been parsed.
1163 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1164 print_asc(5, (unsigned char*)start, 2*len);
1167 else { /* unmarshalling */
1169 uint32 alloc_len = 0;
1170 q = ps->data_p + prs_offset(ps);
1173 * Work out how much space we need and talloc it.
1175 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1177 /* the test of the value of *ptr helps to catch the circumstance
1178 where we have an emtpty (non-existent) string in the buffer */
1179 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1183 if (alloc_len < max_len)
1186 /* should we allocate anything at all? */
1187 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1188 if ((str->buffer == NULL) && (alloc_len > 0))
1191 p = (unsigned char *)str->buffer;
1194 /* the (len < alloc_len) test is to prevent us from overwriting
1195 memory that is not ours...if we get that far, we have a non-null
1196 terminated string in the buffer and have messed up somewhere */
1197 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1198 if(ps->bigendian_data)
1200 /* swap bytes - q is big endian, p is little endian. */
1201 p[0] = (unsigned char)q[1];
1202 p[1] = (unsigned char)q[0];
1207 p[0] = (unsigned char)q[0];
1208 p[1] = (unsigned char)q[1];
1215 if (len < alloc_len) {
1216 /* NULL terminate the UNISTR */
1217 str->buffer[len++] = '\0';
1220 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1221 print_asc(5, (unsigned char*)str->buffer, 2*len);
1225 /* set the offset in the prs_struct; 'len' points to the
1226 terminiating NULL in the UNISTR so we need to go one more
1228 ps->data_offset += (len)*2;
1234 /*******************************************************************
1235 Stream a null-terminated string. len is strlen, and therefore does
1236 not include the null-termination character.
1237 ********************************************************************/
1239 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1245 if (UNMARSHALLING(ps))
1246 len = strlen(&ps->data_p[ps->data_offset]);
1250 len = MIN(len, (max_buf_size-1));
1252 q = prs_mem_get(ps, len+1);
1256 for(i = 0; i < len; i++) {
1257 if (UNMARSHALLING(ps))
1263 /* The terminating null. */
1266 if (MARSHALLING(ps)) {
1270 ps->data_offset += len+1;
1272 dump_data(5+depth, q, len);
1277 BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth,
1283 if (UNMARSHALLING(ps))
1284 len = strlen(&ps->data_p[ps->data_offset]);
1288 tmp_str = PRS_ALLOC_MEM(ps, char, len+1);
1290 if (tmp_str == NULL)
1293 if (MARSHALLING(ps))
1294 strncpy(tmp_str, *str, len);
1296 if (!prs_string(name, ps, depth, tmp_str, len+1))
1303 /*******************************************************************
1304 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1305 uint16 should be stored, or gets the size if reading.
1306 ********************************************************************/
1308 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1310 *offset = ps->data_offset;
1311 if (UNMARSHALLING(ps)) {
1313 return prs_uint16(name, ps, depth, data16);
1315 char *q = prs_mem_get(ps, sizeof(uint16));
1318 ps->data_offset += sizeof(uint16);
1323 /*******************************************************************
1324 prs_uint16 wrapper. call this and it retrospectively stores the size.
1325 does nothing on reading, as that is already handled by ...._pre()
1326 ********************************************************************/
1328 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1329 uint32 ptr_uint16, uint32 start_offset)
1331 if (MARSHALLING(ps)) {
1333 * Writing - temporarily move the offset pointer.
1335 uint16 data_size = ps->data_offset - start_offset;
1336 uint32 old_offset = ps->data_offset;
1338 ps->data_offset = ptr_uint16;
1339 if(!prs_uint16(name, ps, depth, &data_size)) {
1340 ps->data_offset = old_offset;
1343 ps->data_offset = old_offset;
1345 ps->data_offset = start_offset + (uint32)(*data16);
1350 /*******************************************************************
1351 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1352 uint32 should be stored, or gets the size if reading.
1353 ********************************************************************/
1355 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1357 *offset = ps->data_offset;
1358 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1360 return prs_uint32(name, ps, depth, data32);
1362 ps->data_offset += sizeof(uint32);
1367 /*******************************************************************
1368 prs_uint32 wrapper. call this and it retrospectively stores the size.
1369 does nothing on reading, as that is already handled by ...._pre()
1370 ********************************************************************/
1372 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1373 uint32 ptr_uint32, uint32 data_size)
1375 if (MARSHALLING(ps)) {
1377 * Writing - temporarily move the offset pointer.
1379 uint32 old_offset = ps->data_offset;
1380 ps->data_offset = ptr_uint32;
1381 if(!prs_uint32(name, ps, depth, &data_size)) {
1382 ps->data_offset = old_offset;
1385 ps->data_offset = old_offset;
1390 /* useful function to store a structure in rpc wire format */
1391 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1393 TDB_DATA kbuf, dbuf;
1395 kbuf.dsize = strlen(keystr)+1;
1396 dbuf.dptr = ps->data_p;
1397 dbuf.dsize = prs_offset(ps);
1398 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1401 /* useful function to fetch a structure into rpc wire format */
1402 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1404 TDB_DATA kbuf, dbuf;
1406 kbuf.dsize = strlen(keystr)+1;
1408 dbuf = tdb_fetch(tdb, kbuf);
1412 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1413 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1418 /*******************************************************************
1420 ********************************************************************/
1422 BOOL prs_hash1(prs_struct *ps, uint32 offset, int len)
1429 #ifdef DEBUG_PASSWORD
1430 DEBUG(100, ("prs_hash1\n"));
1431 dump_data(100, ps->sess_key, 16);
1432 dump_data(100, q, len);
1434 SamOEMhash((uchar *) q, ps->sess_key, len);
1436 #ifdef DEBUG_PASSWORD
1437 dump_data(100, q, len);
1443 /*******************************************************************
1444 Create a digest over the entire packet (including the data), and
1445 MD5 it with the session key.
1446 ********************************************************************/
1448 static void schannel_digest(struct schannel_auth_struct *a,
1449 enum pipe_auth_level auth_level,
1450 RPC_AUTH_SCHANNEL_CHK * verf,
1451 char *data, size_t data_len,
1452 uchar digest_final[16])
1454 uchar whole_packet_digest[16];
1455 static uchar zeros[4];
1456 struct MD5Context ctx3;
1458 /* verfiy the signature on the packet by MD5 over various bits */
1460 /* use our sequence number, which ensures the packet is not
1462 MD5Update(&ctx3, zeros, sizeof(zeros));
1463 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1464 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1465 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1467 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1468 MD5Final(whole_packet_digest, &ctx3);
1469 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1471 /* MD5 this result and the session key, to prove that
1472 only a valid client could had produced this */
1473 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1476 /*******************************************************************
1477 Calculate the key with which to encode the data payload
1478 ********************************************************************/
1480 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1481 RPC_AUTH_SCHANNEL_CHK *verf,
1482 uchar sealing_key[16])
1484 static uchar zeros[4];
1489 for (i = 0; i < sizeof(sess_kf0); i++) {
1490 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1493 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1495 /* MD5 of sess_kf0 and 4 zero bytes */
1496 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1497 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1499 /* MD5 of the above result, plus 8 bytes of sequence number */
1500 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1501 dump_data_pw("sealing_key:\n", sealing_key, 16);
1504 /*******************************************************************
1505 Encode or Decode the sequence number (which is symmetric)
1506 ********************************************************************/
1508 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1509 RPC_AUTH_SCHANNEL_CHK *verf)
1511 static uchar zeros[4];
1512 uchar sequence_key[16];
1515 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1516 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1518 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1520 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1522 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1523 SamOEMhash(verf->seq_num, sequence_key, 8);
1524 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1527 /*******************************************************************
1528 creates an RPC_AUTH_SCHANNEL_CHK structure.
1529 ********************************************************************/
1531 static BOOL init_rpc_auth_schannel_chk(RPC_AUTH_SCHANNEL_CHK * chk,
1533 const uchar packet_digest[8],
1534 const uchar seq_num[8], const uchar confounder[8])
1539 memcpy(chk->sig, sig, sizeof(chk->sig));
1540 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1541 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1542 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1547 /*******************************************************************
1548 Encode a blob of data using the schannel alogrithm, also produceing
1549 a checksum over the original data. We currently only support
1550 signing and sealing togeather - the signing-only code is close, but not
1551 quite compatible with what MS does.
1552 ********************************************************************/
1554 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1555 enum schannel_direction direction,
1556 RPC_AUTH_SCHANNEL_CHK * verf,
1557 char *data, size_t data_len)
1559 uchar digest_final[16];
1560 uchar confounder[8];
1562 static const uchar nullbytes[8];
1564 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1565 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1566 const uchar *schannel_sig = NULL;
1568 DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1570 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1571 schannel_sig = schannel_seal_sig;
1573 schannel_sig = schannel_sign_sig;
1576 /* fill the 'confounder' with random data */
1577 generate_random_buffer(confounder, sizeof(confounder));
1579 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1581 RSIVAL(seq_num, 0, a->seq_num);
1583 switch (direction) {
1584 case SENDER_IS_INITIATOR:
1585 SIVAL(seq_num, 4, 0x80);
1587 case SENDER_IS_ACCEPTOR:
1588 SIVAL(seq_num, 4, 0x0);
1592 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1594 init_rpc_auth_schannel_chk(verf, schannel_sig, nullbytes,
1595 seq_num, confounder);
1597 /* produce a digest of the packet to prove it's legit (before we seal it) */
1598 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1599 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1601 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1602 uchar sealing_key[16];
1604 /* get the key to encode the data with */
1605 schannel_get_sealing_key(a, verf, sealing_key);
1607 /* encode the verification data */
1608 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1609 SamOEMhash(verf->confounder, sealing_key, 8);
1611 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1613 /* encode the packet payload */
1614 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1615 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1616 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1619 /* encode the sequence number (key based on packet digest) */
1620 /* needs to be done after the sealing, as the original version
1621 is used in the sealing stuff... */
1622 schannel_deal_with_seq_num(a, verf);
1627 /*******************************************************************
1628 Decode a blob of data using the schannel alogrithm, also verifiying
1629 a checksum over the original data. We currently can verify signed messages,
1630 as well as decode sealed messages
1631 ********************************************************************/
1633 BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1634 enum schannel_direction direction,
1635 RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
1637 uchar digest_final[16];
1639 static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1640 static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1641 const uchar *schannel_sig = NULL;
1645 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1647 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1648 schannel_sig = schannel_seal_sig;
1650 schannel_sig = schannel_sign_sig;
1653 /* Create the expected sequence number for comparison */
1654 RSIVAL(seq_num, 0, a->seq_num);
1656 switch (direction) {
1657 case SENDER_IS_INITIATOR:
1658 SIVAL(seq_num, 4, 0x80);
1660 case SENDER_IS_ACCEPTOR:
1661 SIVAL(seq_num, 4, 0x0);
1665 DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1666 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1668 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1670 /* extract the sequence number (key based on supplied packet digest) */
1671 /* needs to be done before the sealing, as the original version
1672 is used in the sealing stuff... */
1673 schannel_deal_with_seq_num(a, verf);
1675 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1676 /* don't even bother with the below if the sequence number is out */
1677 /* The sequence number is MD5'ed with a key based on the whole-packet
1678 digest, as supplied by the client. We check that it's a valid
1679 checksum after the decode, below
1681 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1682 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1683 DEBUG(2, ("should be:\n"));
1684 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1689 if (memcmp(verf->sig, schannel_sig, sizeof(verf->sig))) {
1690 /* Validate that the other end sent the expected header */
1691 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1692 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1693 DEBUG(2, ("should be:\n"));
1694 dump_data(2, (const char*)schannel_sig, sizeof(schannel_sig));
1698 if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1699 uchar sealing_key[16];
1701 /* get the key to extract the data with */
1702 schannel_get_sealing_key(a, verf, sealing_key);
1704 /* extract the verification data */
1705 dump_data_pw("verf->confounder:\n", verf->confounder,
1706 sizeof(verf->confounder));
1707 SamOEMhash(verf->confounder, sealing_key, 8);
1709 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1710 sizeof(verf->confounder));
1712 /* extract the packet payload */
1713 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1714 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1715 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1718 /* digest includes 'data' after unsealing */
1719 schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1721 dump_data_pw("Calculated digest:\n", digest_final,
1722 sizeof(digest_final));
1723 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1724 sizeof(verf->packet_digest));
1726 /* compare - if the client got the same result as us, then
1727 it must know the session key */
1728 return (memcmp(digest_final, verf->packet_digest,
1729 sizeof(verf->packet_digest)) == 0);