2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_RPC_PARSE
28 /*******************************************************************
29 interface/version dce/rpc pipe identification
30 ********************************************************************/
32 const struct ndr_syntax_id syntax_spoolss = {
34 0x12345678, 0x1234, 0xabcd,
37 0x45, 0x67, 0x89, 0xab }
42 * IMPORTANT!! If you update this structure, make sure to
43 * update the index #defines in smb.h.
46 const struct pipe_id_info pipe_names [] =
48 { PIPE_LSARPC , &ndr_table_lsarpc.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
49 { PIPE_LSARPC , &ndr_table_dssetup.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
50 { PIPE_SAMR , &ndr_table_samr.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
51 { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
52 { PIPE_SRVSVC , &ndr_table_srvsvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
53 { PIPE_WKSSVC , &ndr_table_wkssvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
54 { PIPE_WINREG , &ndr_table_winreg.syntax_id, PIPE_WINREG , &ndr_transfer_syntax },
55 { PIPE_SPOOLSS , &syntax_spoolss , PIPE_SPOOLSS , &ndr_transfer_syntax },
56 { PIPE_NETDFS , &ndr_table_netdfs.syntax_id, PIPE_NETDFS , &ndr_transfer_syntax },
57 { PIPE_ECHO , &ndr_table_rpcecho.syntax_id, PIPE_ECHO , &ndr_transfer_syntax },
58 { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id, PIPE_SHUTDOWN , &ndr_transfer_syntax },
59 { PIPE_SVCCTL , &ndr_table_svcctl.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
60 { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id, PIPE_EVENTLOG , &ndr_transfer_syntax },
61 { PIPE_NTSVCS , &ndr_table_ntsvcs.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
62 { PIPE_EPMAPPER , &ndr_table_epmapper.syntax_id, PIPE_EPMAPPER , &ndr_transfer_syntax },
63 { PIPE_DRSUAPI , &ndr_table_drsuapi.syntax_id, PIPE_DRSUAPI , &ndr_transfer_syntax },
64 { NULL , NULL , NULL , NULL }
67 /****************************************************************************
68 Return the pipe name from the index.
69 ****************************************************************************/
71 const char *cli_get_pipe_name(int pipe_idx)
73 return &pipe_names[pipe_idx].client_pipe[5];
76 /****************************************************************************
77 Return the pipe idx from the syntax.
78 ****************************************************************************/
79 int cli_get_pipe_idx(const RPC_IFACE *syntax)
82 for (i = 0; pipe_names[i].client_pipe; i++) {
83 if (ndr_syntax_id_equal(pipe_names[i].abstr_syntax, syntax)) {
91 /*******************************************************************
92 Inits an RPC_HDR structure.
93 ********************************************************************/
95 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
96 uint32 call_id, int data_len, int auth_len)
98 hdr->major = 5; /* RPC version 5 */
99 hdr->minor = 0; /* minor version 0 */
100 hdr->pkt_type = pkt_type; /* RPC packet type */
101 hdr->flags = flags; /* dce/rpc flags */
102 hdr->pack_type[0] = 0x10; /* little-endian data representation */
103 hdr->pack_type[1] = 0; /* packed data representation */
104 hdr->pack_type[2] = 0; /* packed data representation */
105 hdr->pack_type[3] = 0; /* packed data representation */
106 hdr->frag_len = data_len; /* fragment length, fill in later */
107 hdr->auth_len = auth_len; /* authentication length */
108 hdr->call_id = call_id; /* call identifier - match incoming RPC */
111 /*******************************************************************
112 Reads or writes an RPC_HDR structure.
113 ********************************************************************/
115 bool smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
120 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
123 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
126 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
128 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
130 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
133 /* We always marshall in little endian format. */
135 rpc->pack_type[0] = 0x10;
137 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
139 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
141 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
143 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
147 * If reading and pack_type[0] == 0 then the data is in big-endian
148 * format. Set the flag in the prs_struct to specify reverse-endainness.
151 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
152 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
153 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
156 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
158 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
160 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
165 /*******************************************************************
166 Reads or writes an RPC_IFACE structure.
167 ********************************************************************/
169 static bool smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
174 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
180 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
183 if(!prs_uint32 ("version", ps, depth, &ifc->if_version))
189 /*******************************************************************
190 Inits an RPC_ADDR_STR structure.
191 ********************************************************************/
193 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
195 str->len = strlen(name) + 1;
196 fstrcpy(str->str, name);
199 /*******************************************************************
200 Reads or writes an RPC_ADDR_STR structure.
201 ********************************************************************/
203 static bool smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
208 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
213 if(!prs_uint16 ( "len", ps, depth, &str->len))
215 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
220 /*******************************************************************
221 Inits an RPC_HDR_BBA structure.
222 ********************************************************************/
224 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
226 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
227 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
228 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
231 /*******************************************************************
232 Reads or writes an RPC_HDR_BBA structure.
233 ********************************************************************/
235 static bool smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
240 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
243 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
245 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
247 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
252 /*******************************************************************
253 Inits an RPC_CONTEXT structure.
254 Note the transfer pointer must remain valid until this is marshalled.
255 ********************************************************************/
257 void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id,
258 const RPC_IFACE *abstract, const RPC_IFACE *transfer)
260 rpc_ctx->context_id = context_id ; /* presentation context identifier (0x0) */
261 rpc_ctx->num_transfer_syntaxes = 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
263 /* num and vers. of interface client is using */
264 rpc_ctx->abstract = *abstract;
266 /* vers. of interface to use for replies */
267 rpc_ctx->transfer = CONST_DISCARD(RPC_IFACE *, transfer);
270 /*******************************************************************
271 Inits an RPC_HDR_RB structure.
272 Note the context pointer must remain valid until this is marshalled.
273 ********************************************************************/
275 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
276 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
277 RPC_CONTEXT *context)
279 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
281 rpc->num_contexts = 1;
282 rpc->rpc_context = context;
285 /*******************************************************************
286 Reads or writes an RPC_CONTEXT structure.
287 ********************************************************************/
289 bool smb_io_rpc_context(const char *desc, RPC_CONTEXT *rpc_ctx, prs_struct *ps, int depth)
298 if(!prs_uint16("context_id ", ps, depth, &rpc_ctx->context_id ))
300 if(!prs_uint8 ("num_transfer_syntaxes", ps, depth, &rpc_ctx->num_transfer_syntaxes))
303 /* num_transfer_syntaxes must not be zero. */
304 if (rpc_ctx->num_transfer_syntaxes == 0)
307 if(!smb_io_rpc_iface("", &rpc_ctx->abstract, ps, depth))
310 if (UNMARSHALLING(ps)) {
311 if (!(rpc_ctx->transfer = PRS_ALLOC_MEM(ps, RPC_IFACE, rpc_ctx->num_transfer_syntaxes))) {
316 for (i = 0; i < rpc_ctx->num_transfer_syntaxes; i++ ) {
317 if (!smb_io_rpc_iface("", &rpc_ctx->transfer[i], ps, depth))
323 /*******************************************************************
324 Reads or writes an RPC_HDR_RB structure.
325 ********************************************************************/
327 bool smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
334 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
337 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
340 if(!prs_uint8("num_contexts", ps, depth, &rpc->num_contexts))
343 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
345 /* num_contexts must not be zero. */
346 if (rpc->num_contexts == 0)
349 if (UNMARSHALLING(ps)) {
350 if (!(rpc->rpc_context = PRS_ALLOC_MEM(ps, RPC_CONTEXT, rpc->num_contexts))) {
355 for (i = 0; i < rpc->num_contexts; i++ ) {
356 if (!smb_io_rpc_context("", &rpc->rpc_context[i], ps, depth))
363 /*******************************************************************
364 Inits an RPC_RESULTS structure.
366 lkclXXXX only one reason at the moment!
367 ********************************************************************/
369 static void init_rpc_results(RPC_RESULTS *res,
370 uint8 num_results, uint16 result, uint16 reason)
372 res->num_results = num_results; /* the number of results (0x01) */
373 res->result = result ; /* result (0x00 = accept) */
374 res->reason = reason ; /* reason (0x00 = no reason specified) */
377 /*******************************************************************
378 Reads or writes an RPC_RESULTS structure.
380 lkclXXXX only one reason at the moment!
381 ********************************************************************/
383 static bool smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
388 prs_debug(ps, depth, desc, "smb_io_rpc_results");
394 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
400 if(!prs_uint16("result ", ps, depth, &res->result))
402 if(!prs_uint16("reason ", ps, depth, &res->reason))
407 /*******************************************************************
408 Init an RPC_HDR_BA structure.
410 lkclXXXX only one reason at the moment!
412 ********************************************************************/
414 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
415 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
416 const char *pipe_addr,
417 uint8 num_results, uint16 result, uint16 reason,
420 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
421 init_rpc_addr_str(&rpc->addr, pipe_addr);
422 init_rpc_results (&rpc->res, num_results, result, reason);
424 /* the transfer syntax from the request */
425 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
428 /*******************************************************************
429 Reads or writes an RPC_HDR_BA structure.
430 ********************************************************************/
432 bool smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
437 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
440 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
442 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
444 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
446 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
451 /*******************************************************************
452 Init an RPC_HDR_REQ structure.
453 ********************************************************************/
455 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
457 hdr->alloc_hint = alloc_hint; /* allocation hint */
458 hdr->context_id = 0; /* presentation context identifier */
459 hdr->opnum = opnum; /* opnum */
462 /*******************************************************************
463 Reads or writes an RPC_HDR_REQ structure.
464 ********************************************************************/
466 bool smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
471 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
474 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
476 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
478 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
483 /*******************************************************************
484 Reads or writes an RPC_HDR_RESP structure.
485 ********************************************************************/
487 bool smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
492 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
495 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
497 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
499 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
501 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
506 /*******************************************************************
507 Reads or writes an RPC_HDR_FAULT structure.
508 ********************************************************************/
510 bool smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
515 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
518 if(!prs_dcerpc_status("status ", ps, depth, &rpc->status))
520 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
526 /*******************************************************************
527 Inits an RPC_HDR_AUTH structure.
528 ********************************************************************/
530 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
531 uint8 auth_type, uint8 auth_level,
533 uint32 auth_context_id)
535 rai->auth_type = auth_type;
536 rai->auth_level = auth_level;
537 rai->auth_pad_len = auth_pad_len;
538 rai->auth_reserved = 0;
539 rai->auth_context_id = auth_context_id;
542 /*******************************************************************
543 Reads or writes an RPC_HDR_AUTH structure.
544 ********************************************************************/
546 bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
551 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
557 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type))
559 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level))
561 if(!prs_uint8 ("auth_pad_len ", ps, depth, &rai->auth_pad_len))
563 if(!prs_uint8 ("auth_reserved", ps, depth, &rai->auth_reserved))
565 if(!prs_uint32("auth_context_id", ps, depth, &rai->auth_context_id))
571 /*******************************************************************
572 Checks an RPC_AUTH_VERIFIER structure.
573 ********************************************************************/
575 bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
576 const char *signature, uint32 msg_type)
578 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
581 /*******************************************************************
582 Inits an RPC_AUTH_VERIFIER structure.
583 ********************************************************************/
585 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
586 const char *signature, uint32 msg_type)
588 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
589 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
592 /*******************************************************************
593 Reads or writes an RPC_AUTH_VERIFIER structure.
594 ********************************************************************/
596 bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
601 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
605 if(!prs_string("signature", ps, depth, rav->signature,
606 sizeof(rav->signature)))
608 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
614 /*******************************************************************
615 This parses an RPC_AUTH_VERIFIER for schannel. I think
616 ********************************************************************/
618 bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
623 prs_debug(ps, depth, desc, "smb_io_rpc_schannel_verifier");
626 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
628 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
634 /*******************************************************************
635 creates an RPC_AUTH_SCHANNEL_NEG structure.
636 ********************************************************************/
638 void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
639 const char *domain, const char *myname)
643 fstrcpy(neg->domain, domain);
644 fstrcpy(neg->myname, myname);
647 /*******************************************************************
648 Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
649 ********************************************************************/
651 bool smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
652 prs_struct *ps, int depth)
657 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_neg");
663 if(!prs_uint32("type1", ps, depth, &neg->type1))
665 if(!prs_uint32("type2", ps, depth, &neg->type2))
667 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
669 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
675 /*******************************************************************
676 reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
677 ********************************************************************/
679 bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
680 RPC_AUTH_SCHANNEL_CHK * chk,
681 prs_struct *ps, int depth)
686 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_chk");
689 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
692 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
695 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
698 if ( auth_len == RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ) {
699 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )