2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
39 0x2b, 0x10, 0x48, 0x60 } \
43 #define SYNT_NETLOGON_V2 \
46 0x8a885d04, 0x1ceb, 0x11c9, \
49 0x2b, 0x10, 0x48, 0x60 } \
53 #define SYNT_WKSSVC_V1 \
56 0x6bffd098, 0xa112, 0x3610, \
59 0xf8, 0x7e, 0x34, 0x5a } \
63 #define SYNT_SRVSVC_V3 \
66 0x4b324fc8, 0x1670, 0x01d3, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
73 #define SYNT_LSARPC_V0 \
76 0x12345778, 0x1234, 0xabcd, \
79 0x45, 0x67, 0x89, 0xab } \
83 #define SYNT_LSARPC_V0_DS \
86 0x3919286a, 0xb10c, 0x11d0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
93 #define SYNT_SAMR_V1 \
96 0x12345778, 0x1234, 0xabcd, \
99 0x45, 0x67, 0x89, 0xac } \
103 #define SYNT_NETLOGON_V1 \
106 0x12345678, 0x1234, 0xabcd, \
109 0x45, 0x67, 0xcf, 0xfb } \
113 #define SYNT_WINREG_V1 \
116 0x338cd001, 0x2244, 0x31f1, \
119 0x38, 0x00, 0x10, 0x03 } \
123 #define SYNT_SPOOLSS_V1 \
126 0x12345678, 0x1234, 0xabcd, \
129 0x45, 0x67, 0x89, 0xab } \
133 #define SYNT_NONE_V0 \
139 0x00, 0x00, 0x00, 0x00 } \
143 #define SYNT_NETDFS_V3 \
146 0x4fc742e0, 0x4a10, 0x11cf, \
149 0x00, 0x4a, 0xe6, 0x73 } \
153 #define SYNT_ECHO_V1 \
156 0x60a15ec5, 0x4de8, 0x11d7, \
159 0x56, 0xa2, 0x01, 0x82 } \
163 #define SYNT_SHUTDOWN_V1 \
166 0x894de0c0, 0x0d55, 0x11d3, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
173 #define SYNT_SVCCTL_V2 \
176 0x367abb81, 0x9844, 0x35f1, \
179 0x38, 0x00, 0x10, 0x03 } \
184 #define SYNT_EVENTLOG_V0 \
187 0x82273fdc, 0xe32a, 0x18c3, \
190 0x29, 0xdc, 0x23, 0xea } \
195 * IMPORTANT!! If you update this structure, make sure to
196 * update the index #defines in smb.h.
199 const struct pipe_id_info pipe_names [] =
201 /* client pipe , abstract syntax , server pipe , transfer syntax */
202 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 },
203 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 },
204 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
205 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
206 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
207 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
208 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
209 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
210 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
211 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 },
212 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 },
213 { PIPE_SVCCTL , SYNT_SVCCTL_V2 , PIPE_NTSVCS , TRANS_SYNT_V2 },
214 { PIPE_EVENTLOG, SYNT_EVENTLOG_V0 , PIPE_EVENTLOG , TRANS_SYNT_V2 },
215 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
218 /*******************************************************************
219 Inits an RPC_HDR structure.
220 ********************************************************************/
222 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
223 uint32 call_id, int data_len, int auth_len)
225 hdr->major = 5; /* RPC version 5 */
226 hdr->minor = 0; /* minor version 0 */
227 hdr->pkt_type = pkt_type; /* RPC packet type */
228 hdr->flags = flags; /* dce/rpc flags */
229 hdr->pack_type[0] = 0x10; /* little-endian data representation */
230 hdr->pack_type[1] = 0; /* packed data representation */
231 hdr->pack_type[2] = 0; /* packed data representation */
232 hdr->pack_type[3] = 0; /* packed data representation */
233 hdr->frag_len = data_len; /* fragment length, fill in later */
234 hdr->auth_len = auth_len; /* authentication length */
235 hdr->call_id = call_id; /* call identifier - match incoming RPC */
238 /*******************************************************************
239 Reads or writes an RPC_HDR structure.
240 ********************************************************************/
242 BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
247 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
250 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
253 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
255 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
257 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
260 /* We always marshall in little endian format. */
262 rpc->pack_type[0] = 0x10;
264 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
266 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
268 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
270 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
274 * If reading and pack_type[0] == 0 then the data is in big-endian
275 * format. Set the flag in the prs_struct to specify reverse-endainness.
278 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
279 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
280 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
283 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
285 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
287 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
292 /*******************************************************************
293 Reads or writes an RPC_IFACE structure.
294 ********************************************************************/
296 static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
301 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
307 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
310 if(!prs_uint32 ("version", ps, depth, &ifc->version))
316 /*******************************************************************
317 Inits an RPC_ADDR_STR structure.
318 ********************************************************************/
320 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
322 str->len = strlen(name) + 1;
323 fstrcpy(str->str, name);
326 /*******************************************************************
327 Reads or writes an RPC_ADDR_STR structure.
328 ********************************************************************/
330 static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
335 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
340 if(!prs_uint16 ( "len", ps, depth, &str->len))
342 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
347 /*******************************************************************
348 Inits an RPC_HDR_BBA structure.
349 ********************************************************************/
351 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
353 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
354 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
355 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
358 /*******************************************************************
359 Reads or writes an RPC_HDR_BBA structure.
360 ********************************************************************/
362 static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
367 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
370 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
372 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
374 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
379 /*******************************************************************
380 Inits an RPC_CONTEXT structure.
381 Note the transfer pointer must remain valid until this is marshalled.
382 ********************************************************************/
384 void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id, RPC_IFACE *abstract, RPC_IFACE *transfer)
386 rpc_ctx->context_id = context_id ; /* presentation context identifier (0x0) */
387 rpc_ctx->num_transfer_syntaxes = 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
389 /* num and vers. of interface client is using */
390 rpc_ctx->abstract = *abstract;
392 /* vers. of interface to use for replies */
393 rpc_ctx->transfer = transfer;
396 /*******************************************************************
397 Inits an RPC_HDR_RB structure.
398 Note the context pointer must remain valid until this is marshalled.
399 ********************************************************************/
401 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
402 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
403 RPC_CONTEXT *context)
405 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
407 rpc->num_contexts = 1;
408 rpc->rpc_context = context;
411 /*******************************************************************
412 Reads or writes an RPC_CONTEXT structure.
413 ********************************************************************/
415 BOOL smb_io_rpc_context(const char *desc, RPC_CONTEXT *rpc_ctx, prs_struct *ps, int depth)
424 if(!prs_uint16("context_id ", ps, depth, &rpc_ctx->context_id ))
426 if(!prs_uint8 ("num_transfer_syntaxes", ps, depth, &rpc_ctx->num_transfer_syntaxes))
429 /* num_transfer_syntaxes must not be zero. */
430 if (rpc_ctx->num_transfer_syntaxes == 0)
433 if(!smb_io_rpc_iface("", &rpc_ctx->abstract, ps, depth))
436 if (UNMARSHALLING(ps)) {
437 if (!(rpc_ctx->transfer = PRS_ALLOC_MEM(ps, RPC_IFACE, rpc_ctx->num_transfer_syntaxes))) {
442 for (i = 0; i < rpc_ctx->num_transfer_syntaxes; i++ ) {
443 if (!smb_io_rpc_iface("", &rpc_ctx->transfer[i], ps, depth))
449 /*******************************************************************
450 Reads or writes an RPC_HDR_RB structure.
451 ********************************************************************/
453 BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
460 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
463 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
466 if(!prs_uint32("num_contexts", ps, depth, &rpc->num_contexts))
469 rpc->num_contexts &= 0xff; /* Actually a 1 byte field.. */
471 /* num_contexts must not be zero. */
472 if (rpc->num_contexts == 0)
475 if (UNMARSHALLING(ps)) {
476 if (!(rpc->rpc_context = PRS_ALLOC_MEM(ps, RPC_CONTEXT, rpc->num_contexts))) {
481 for (i = 0; i < rpc->num_contexts; i++ ) {
482 if (!smb_io_rpc_context("", &rpc->rpc_context[i], ps, depth))
489 /*******************************************************************
490 Inits an RPC_RESULTS structure.
492 lkclXXXX only one reason at the moment!
493 ********************************************************************/
495 static void init_rpc_results(RPC_RESULTS *res,
496 uint8 num_results, uint16 result, uint16 reason)
498 res->num_results = num_results; /* the number of results (0x01) */
499 res->result = result ; /* result (0x00 = accept) */
500 res->reason = reason ; /* reason (0x00 = no reason specified) */
503 /*******************************************************************
504 Reads or writes an RPC_RESULTS structure.
506 lkclXXXX only one reason at the moment!
507 ********************************************************************/
509 static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
514 prs_debug(ps, depth, desc, "smb_io_rpc_results");
520 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
526 if(!prs_uint16("result ", ps, depth, &res->result))
528 if(!prs_uint16("reason ", ps, depth, &res->reason))
533 /*******************************************************************
534 Init an RPC_HDR_BA structure.
536 lkclXXXX only one reason at the moment!
538 ********************************************************************/
540 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
541 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
542 const char *pipe_addr,
543 uint8 num_results, uint16 result, uint16 reason,
546 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
547 init_rpc_addr_str(&rpc->addr, pipe_addr);
548 init_rpc_results (&rpc->res, num_results, result, reason);
550 /* the transfer syntax from the request */
551 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
554 /*******************************************************************
555 Reads or writes an RPC_HDR_BA structure.
556 ********************************************************************/
558 BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
563 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
566 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
568 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
570 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
572 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
577 /*******************************************************************
578 Init an RPC_HDR_REQ structure.
579 ********************************************************************/
581 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
583 hdr->alloc_hint = alloc_hint; /* allocation hint */
584 hdr->context_id = 0; /* presentation context identifier */
585 hdr->opnum = opnum; /* opnum */
588 /*******************************************************************
589 Reads or writes an RPC_HDR_REQ structure.
590 ********************************************************************/
592 BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
597 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
600 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
602 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
604 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
609 /*******************************************************************
610 Reads or writes an RPC_HDR_RESP structure.
611 ********************************************************************/
613 BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
618 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
621 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
623 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
625 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
627 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
632 /*******************************************************************
633 Reads or writes an RPC_HDR_FAULT structure.
634 ********************************************************************/
636 BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
641 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
644 if(!prs_ntstatus("status ", ps, depth, &rpc->status))
646 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
652 /*******************************************************************
653 Init an RPC_HDR_AUTHA structure.
654 ********************************************************************/
656 void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
657 uint16 max_tsize, uint16 max_rsize,
658 uint8 auth_type, uint8 auth_level,
661 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
662 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
664 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
665 rai->auth_level = auth_level; /* 0x06 */
666 rai->stub_type_len = stub_type_len; /* 0x00 */
667 rai->padding = 0; /* padding 0x00 */
669 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
672 /*******************************************************************
673 Reads or writes an RPC_HDR_AUTHA structure.
674 ********************************************************************/
676 BOOL smb_io_rpc_hdr_autha(const char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth)
681 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha");
684 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize))
686 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize))
689 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
691 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
693 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len))
695 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
698 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */
704 /*******************************************************************
705 Inits an RPC_HDR_AUTH structure.
706 ********************************************************************/
708 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
709 uint8 auth_type, uint8 auth_level,
713 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
714 rai->auth_level = auth_level; /* 0x06 */
715 rai->padding = padding;
718 rai->auth_context = ptr; /* non-zero pointer to something */
721 /*******************************************************************
722 Reads or writes an RPC_HDR_AUTH structure.
723 ********************************************************************/
725 BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
730 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
736 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
738 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
740 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
742 if(!prs_uint8 ("reserved ", ps, depth, &rai->reserved))
744 if(!prs_uint32("auth_context ", ps, depth, &rai->auth_context))
750 /*******************************************************************
751 Checks an RPC_AUTH_VERIFIER structure.
752 ********************************************************************/
754 BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
755 const char *signature, uint32 msg_type)
757 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
760 /*******************************************************************
761 Inits an RPC_AUTH_VERIFIER structure.
762 ********************************************************************/
764 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
765 const char *signature, uint32 msg_type)
767 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
768 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
771 /*******************************************************************
772 Reads or writes an RPC_AUTH_VERIFIER structure.
773 ********************************************************************/
775 BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
780 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
784 if(!prs_string("signature", ps, depth, rav->signature,
785 sizeof(rav->signature)))
787 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
793 /*******************************************************************
794 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
795 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
796 I have to look at that later...
797 ********************************************************************/
799 BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
804 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
807 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
809 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
815 /*******************************************************************
816 Inits an RPC_AUTH_NTLMSSP_NEG structure.
817 ********************************************************************/
819 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
821 const char *myname, const char *domain)
823 int len_myname = strlen(myname);
824 int len_domain = strlen(domain);
826 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
828 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
829 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
831 fstrcpy(neg->myname, myname);
832 fstrcpy(neg->domain, domain);
835 /*******************************************************************
836 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
838 *** lkclXXXX HACK ALERT! ***
839 ********************************************************************/
841 BOOL smb_io_rpc_auth_ntlmssp_neg(const char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
843 uint32 start_offset = prs_offset(ps);
847 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg");
850 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs))
855 uint32 old_neg_flags = neg->neg_flgs;
861 neg->neg_flgs = old_neg_flags;
863 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
865 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
868 old_offset = prs_offset(ps);
870 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12))
873 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
874 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
877 old_offset += neg->hdr_myname.str_str_len;
879 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12))
882 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
883 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
886 old_offset += neg->hdr_domain .str_str_len;
888 if(!prs_set_offset(ps, old_offset))
892 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
894 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
897 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
898 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
900 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
901 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
908 /*******************************************************************
909 creates an RPC_AUTH_NTLMSSP_CHAL structure.
910 ********************************************************************/
912 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
916 chl->unknown_1 = 0x0;
917 chl->unknown_2 = 0x00000028;
918 chl->neg_flags = neg_flags; /* 0x0082b1 */
920 memcpy(chl->challenge, challenge, sizeof(chl->challenge));
921 memset((char *)chl->reserved , '\0', sizeof(chl->reserved));
924 /*******************************************************************
925 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
926 ********************************************************************/
928 BOOL smb_io_rpc_auth_ntlmssp_chal(const char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth)
933 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal");
936 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */
938 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */
940 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */
943 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge)))
945 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved )))
951 /*******************************************************************
952 Inits an RPC_AUTH_NTLMSSP_RESP structure.
954 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
955 *** lkclXXXX the actual offset is at the start of the auth verifier ***
956 ********************************************************************/
958 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
959 uchar lm_resp[24], uchar nt_resp[24],
960 const char *domain, const char *user, const char *wks,
964 int dom_len = strlen(domain);
965 int wks_len = strlen(wks);
966 int usr_len = strlen(user);
967 int lm_len = (lm_resp != NULL) ? 24 : 0;
968 int nt_len = (nt_resp != NULL) ? 24 : 0;
970 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
972 #ifdef DEBUG_PASSWORD
973 DEBUG(100,("lm_resp\n"));
974 dump_data(100, (char *)lm_resp, 24);
975 DEBUG(100,("nt_resp\n"));
976 dump_data(100, (char *)nt_resp, 24);
979 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
980 domain, user, wks, neg_flags));
984 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
990 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset);
993 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset);
996 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset);
999 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
1002 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
1005 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
1007 rsp->neg_flags = neg_flags;
1009 memcpy(rsp->lm_resp, lm_resp, 24);
1010 memcpy(rsp->nt_resp, nt_resp, 24);
1012 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
1013 rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0);
1014 rpcstr_push(rsp->user, user, sizeof(rsp->user), 0);
1015 rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0);
1017 fstrcpy(rsp->domain, domain);
1018 fstrcpy(rsp->user, user);
1019 fstrcpy(rsp->wks, wks);
1022 rsp->sess_key[0] = 0;
1025 /*******************************************************************
1026 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
1028 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
1029 *** lkclXXXX the actual offset is at the start of the auth verifier ***
1030 ********************************************************************/
1032 BOOL smb_io_rpc_auth_ntlmssp_resp(const char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth)
1037 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
1047 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
1049 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
1051 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
1053 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
1055 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
1057 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
1060 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
1063 old_offset = prs_offset(ps);
1065 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc))
1068 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1069 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1072 old_offset += rsp->hdr_domain.str_str_len;
1074 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc))
1077 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1078 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1081 old_offset += rsp->hdr_usr.str_str_len;
1083 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc))
1086 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks,
1087 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1090 old_offset += rsp->hdr_wks.str_str_len;
1092 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc))
1095 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1096 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp ))))
1099 old_offset += rsp->hdr_lm_resp.str_str_len;
1101 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc))
1104 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1105 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp ))))
1108 old_offset += rsp->hdr_nt_resp.str_str_len;
1110 if (rsp->hdr_sess_key.str_str_len != 0) {
1112 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10))
1115 old_offset += rsp->hdr_sess_key.str_str_len;
1117 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1118 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1122 if(!prs_set_offset(ps, old_offset))
1126 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
1128 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
1130 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
1132 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
1134 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
1136 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
1139 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
1142 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1143 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1146 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1147 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1150 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks,
1151 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1153 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1154 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp))))
1156 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1157 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))))
1159 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1160 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1167 /*******************************************************************
1168 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1169 ********************************************************************/
1171 BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
1176 if (chk->crc32 != crc32 ||
1177 chk->ver != NTLMSSP_SIGN_VERSION ||
1178 chk->seq_num != seq_num)
1180 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1181 chk->crc32, chk->ver, chk->seq_num));
1183 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1184 crc32, NTLMSSP_SIGN_VERSION, seq_num));
1190 /*******************************************************************
1191 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1192 ********************************************************************/
1194 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
1195 uint32 ver, uint32 crc32, uint32 seq_num)
1198 chk->reserved = 0x0;
1200 chk->seq_num = seq_num;
1203 /*******************************************************************
1204 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1205 ********************************************************************/
1207 BOOL smb_io_rpc_auth_ntlmssp_chk(const char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
1212 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
1218 if(!prs_uint32("ver ", ps, depth, &chk->ver))
1220 if(!prs_uint32("reserved", ps, depth, &chk->reserved))
1222 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32))
1224 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num))
1230 /*******************************************************************
1231 creates an RPC_AUTH_NETSEC_NEG structure.
1232 ********************************************************************/
1233 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg,
1234 const char *domain, const char *myname)
1238 fstrcpy(neg->domain, domain);
1239 fstrcpy(neg->myname, myname);
1242 /*******************************************************************
1243 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1244 ********************************************************************/
1246 BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
1247 prs_struct *ps, int depth)
1252 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg");
1258 if(!prs_uint32("type1", ps, depth, &neg->type1))
1260 if(!prs_uint32("type2", ps, depth, &neg->type2))
1262 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
1264 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
1270 /*******************************************************************
1271 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1272 ********************************************************************/
1273 BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len,
1274 RPC_AUTH_NETSEC_CHK * chk,
1275 prs_struct *ps, int depth)
1280 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
1283 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
1286 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
1289 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
1292 if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) {
1293 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )