added mode for printing debug array data as chars not uint8/16/32s.
only really useful for (uint8) strings or (uint16) unicode strings
lsaparse.c smbparse.c smb.h :
rpc bind and rpc bind ack structures and parsing and creation functions.
ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c :
using rpc bind / bind ack parsing routines instead of incorrect use of
api_LsarpcTNP1 function.
ntclient.c :
creation of do_rpc_bind() function.
THAT'S IT, FOLKS!
return fnum;
}
+/****************************************************************************
+do an rpc bind
+****************************************************************************/
+static BOOL do_rpc_bind(uint16 fnum)
+{
+ char *rparam = NULL;
+ char *rdata = NULL;
+ char *p;
+ int rdrcnt,rprcnt;
+ int data_len;
+ pstring data; /* only 1024 bytes */
+ uint16 setup[2]; /* only need 2 uint16 setup parameters */
+
+ RPC_HDR hdr;
+
+ RPC_HDR_RB hdr_rb;
+ RPC_IFACE abstract;
+ RPC_IFACE transfer;
+
+ BOOL valid_ack = False;
+ int call_id = 0x1;
+ int i;
+
+ static char abs_data[16];
+ static char trn_data[16];
+
+ /* create and send a MSRPC command with api LSA_OPENPOLICY */
+
+ DEBUG(4,("LSA RPC Bind[%d]\n", fnum));
+
+ for (i = 0; i < sizeof(trn_data); i++)
+ {
+ trn_data[i] = 2 * i;
+ }
+
+ for (i = 0; i < sizeof(abs_data); i++)
+ {
+ abs_data[i] = i;
+ }
+
+ /* create interface UUIDs. */
+ make_rpc_iface(&abstract, abs_data, 0x0);
+ make_rpc_iface(&transfer, trn_data, 0x2);
+
+ /* create the request RPC_HDR_RB */
+ make_rpc_hdr_rb(&hdr_rb,
+ 0x1630, 0x1630, 0x0,
+ 0x1, 0x1, 0x1,
+ &abstract, &transfer);
+
+ /* stream the bind request data */
+ p = smb_io_rpc_hdr_rb(False, &hdr_rb, data + 0x10, data, 4, 0);
+
+ data_len = PTR_DIFF(p, data);
+
+ /* create the request RPC_HDR */
+ make_rpc_hdr(&hdr, RPC_BIND, call_id, PTR_DIFF(p, data + 0x10));
+
+ /* stream the header into data */
+ p = smb_io_rpc_hdr(False, &hdr, data, data, 4, 0);
+
+ /* create setup parameters. */
+ setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+
+ /* send the data on \PIPE\ */
+ if (cli_call_api("\\PIPE\\", 0, data_len, 2, 1024,
+ BUFFER_SIZE,
+ &rprcnt, &rdrcnt,
+ NULL, data, setup,
+ &rparam, &rdata))
+ {
+ RPC_HDR_BA hdr_ba;
+ int hdr_len;
+ int pkt_len;
+
+ DEBUG(5, ("cli_call_api: return OK\n"));
+
+ p = rdata;
+
+ if (p) p = smb_io_rpc_hdr(True, &hdr, p, rdata, 4, 0);
+ if (p) p = align_offset(p, rdata, 4); /* oh, what a surprise */
+
+ hdr_len = PTR_DIFF(p, rdata);
+
+ if (p) p = smb_io_rpc_hdr_ba(True, &hdr_ba, p, rdata, 4, 0);
+
+ pkt_len = PTR_DIFF(p, rdata);
+#if 0
+ if (p && hdr_len != hdr.hdr.frag_len - hdr.alloc_hint)
+ {
+ /* header length not same as calculated header length */
+ DEBUG(2,("do_lsa_open_policy: hdr_len %x != frag_len-alloc_hint %x\n",
+ hdr_len, hdr.hdr.frag_len - hdr.alloc_hint));
+ p = NULL;
+ }
+
+
+ if (p && pkt_len != hdr.hdr.frag_len)
+ {
+ /* packet data size not same as reported fragment length */
+ DEBUG(2,("do_lsa_open_policy: pkt_len %x != frag_len \n",
+ pkt_len, hdr.hdr.frag_len));
+ p = NULL;
+ }
+ if (p && r_o.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("LSA_OPENPOLICY: nt_status error %lx\n", r_o.status));
+ p = NULL;
+ }
+#endif
+ if (p)
+ {
+ /* ok, at last: we're happy. */
+ valid_ack = True;
+ }
+ }
+
+ if (rparam) free(rparam);
+ if (rdata) free(rdata);
+
+ return valid_ack;
+}
+
/****************************************************************************
do a LSA Open Policy
****************************************************************************/
return False;
}
+ /******************* bind request on \PIPE\lsarpc *****************/
+
+ if (!do_rpc_bind(fnum))
+ {
+ free(inbuf); free(outbuf);
+ return False;
+ }
+
/******************* Open Policy ********************/
fstrcpy(server_name, ("\\\\"));
return False;
}
+ /******************* bind request on \PIPE\NETLOGON *****************/
+
+ if (!do_rpc_bind(fnum))
+ {
+ free(inbuf); free(outbuf);
+ return False;
+ }
+
/******************* Request Challenge ********************/
fstrcpy(mach_acct, myhostname);
#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val))
#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val))
-#define DBG_RW_PCVAL(string,depth,base,read,inbuf,outbuf,len) \
+#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \
RW_PCVAL(read,inbuf,outbuf,len) \
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
+ if (charmode) print_asc(5, (char*)(outbuf), (len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", CVAL(&((outbuf)[idx]), 0))); } } \
DEBUG(5,("\n"));
-#define DBG_RW_PSVAL(string,depth,base,read,inbuf,outbuf,len) \
+#define DBG_RW_PSVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \
RW_PSVAL(read,inbuf,outbuf,len) \
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
+ if (charmode) print_asc(5, (char*)(outbuf), 2*(len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", SVAL(&((outbuf)[idx]), 0))); } } \
DEBUG(5,("\n"));
-#define DBG_RW_PIVAL(string,depth,base,read,inbuf,outbuf,len) \
+#define DBG_RW_PIVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \
RW_PIVAL(read,inbuf,outbuf,len) \
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
+ if (charmode) print_asc(5, (char*)(outbuf), 4*(len)); else \
{ int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", IVAL(&((outbuf)[idx]), 0))); } } \
DEBUG(5,("\n"));
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len);
-void LsarpcTNP1(char *data,char **rdata, int *rdata_len);
BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
char* smb_io_rpc_addr_str(BOOL io, RPC_ADDR_STR *str, char *q, char *base, int align, int depth);
void make_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid);
char* smb_io_rpc_hdr_bba(BOOL io, RPC_HDR_BBA *rpc, char *q, char *base, int align, int depth);
-void make_rpc_hdr_rb(RPC_HDR_RB *rpc, enum RPC_PKT_TYPE pkt_type,
- uint32 call_id, int data_len,
+void make_rpc_hdr_rb(RPC_HDR_RB *rpc,
uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
RPC_IFACE *abstract, RPC_IFACE *transfer);
void make_rpc_results(RPC_RESULTS *res,
uint8 num_results, uint16 result, uint16 reason);
char* smb_io_rpc_results(BOOL io, RPC_RESULTS *res, char *q, char *base, int align, int depth);
-void make_rpc_hdr_ba(RPC_HDR_BA *rpc, enum RPC_PKT_TYPE pkt_type,
- uint32 call_id, int data_len,
+void make_rpc_hdr_ba(RPC_HDR_BA *rpc,
uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
char *pipe_addr,
uint8 num_results, uint16 result, uint16 reason,
char *align4(char *q, char *base);
char *align2(char *q, char *base);
char *align_offset(char *q, char *base, int align_offset_len);
+void print_asc(int level, unsigned char *buf,int len);
void dump_data(int level,char *buf1,int len);
char *tab_depth(int depth);
} RPC_HDR_BBA;
-/* RPC_HDR_RB - ms req bind header */
-typedef struct rpc_hdr_rb_info
+/* RPC_BIND_REQ - ms req bind */
+typedef struct rpc_bind_req_info
{
- RPC_HDR hdr;
RPC_HDR_BBA bba;
uint32 num_elements; /* the number of elements (0x1) */
/* RPC_HDR_BA */
typedef struct rpc_hdr_ba_info
{
- RPC_HDR hdr;
RPC_HDR_BBA bba;
RPC_ADDR_STR addr ; /* the secondary address string, as described earlier */
return q;
}
-static void print_asc(int level, unsigned char *buf,int len)
+void print_asc(int level, unsigned char *buf,int len)
{
int i;
for (i=0;i<len;i++)
q = smb_io_dom_sid(io, &(q_s->dom_sids[i]), q, base, align, depth); /* domain SIDs to be looked up. */
}
- DBG_RW_PCVAL("undoc ", depth, base, io, q, q_s->undoc, 16); q += 16; /* completely undocumented 16 bytes */
+ DBG_RW_PCVAL(False, "undoc ", depth, base, io, q, q_s->undoc, 16); q += 16; /* completely undocumented 16 bytes */
return q;
}
q = smb_io_dom_name(io, &(q_r->lookup_name[i]), q, base, align, depth); /* names to be looked up */
}
- DBG_RW_PCVAL("undoc ", depth, base, io, q, q_r->undoc, UNKNOWN_LEN); q += UNKNOWN_LEN; /* completely undocumented bytes of unknown length */
+ DBG_RW_PCVAL(False, "undoc ", depth, base, io, q, q_r->undoc, UNKNOWN_LEN); q += UNKNOWN_LEN; /* completely undocumented bytes of unknown length */
return q;
}
q = align_offset(q, base, align);
q = smb_io_clnt_info(io, &(q_s->clnt_id), q, base, align, depth); /* client identification/authentication info */
- DBG_RW_PCVAL("pwd", depth, base, io, q, q_s->pwd, 16); q += 16; /* new password - undocumented */
+ DBG_RW_PCVAL(False, "pwd", depth, base, io, q, q_s->pwd, 16); q += 16; /* new password - undocumented */
return q;
}
DBG_RW_IVAL("buffer_groups ", depth, base, io, q, usr->buffer_groups); q += 4; /* undocumented buffer pointer to groups. */
DBG_RW_IVAL("user_flgs ", depth, base, io, q, usr->user_flgs ); q += 4; /* user flags */
- DBG_RW_PCVAL("user_sess_key", depth, base, io, q, usr->user_sess_key, 16); q += 16; /* unused user session key */
+ DBG_RW_PCVAL(False, "user_sess_key", depth, base, io, q, usr->user_sess_key, 16); q += 16; /* unused user session key */
q = smb_io_unihdr(io, &(usr->hdr_logon_srv), q, base, align, depth); /* logon server unicode string header */
q = smb_io_unihdr(io, &(usr->hdr_logon_dom), q, base, align, depth); /* logon domain unicode string header */
DBG_RW_IVAL("buffer_dom_id ", depth, base, io, q, usr->buffer_dom_id); q += 4; /* undocumented logon domain id pointer */
- DBG_RW_PCVAL("padding ", depth, base, io, q, usr->padding, 40); q += 40; /* unused padding bytes? */
+ DBG_RW_PCVAL(False, "padding ", depth, base, io, q, usr->padding, 40); q += 40; /* unused padding bytes? */
DBG_RW_IVAL("num_other_sids", depth, base, io, q, usr->num_other_sids); q += 4; /* 0 - num_sids */
DBG_RW_IVAL("buffer_other_sids", depth, base, io, q, usr->buffer_other_sids); q += 4; /* NULL - undocumented pointer to SIDs. */
smb_io_rpc_hdr_rr(True, &hdr, data, data, 4, 0);
- if (hdr.hdr.pkt_type == RPC_BIND) /* RPC BIND */
- {
- DEBUG(4,("netlogon rpc bind %x\n",hdr.hdr.pkt_type));
- LsarpcTNP1(data,rdata,rdata_len);
- return True;
- }
-
DEBUG(4,("netlogon TransactNamedPipe op %x\n",hdr.opnum));
if ((vuser = get_valid_user_struct(uid)) == NULL) return False;
smb_io_rpc_hdr_rr(True, &hdr, data, data, 4, 0);
- if (hdr.hdr.pkt_type == RPC_BIND) /* RPC BIND */
- {
- DEBUG(4,("lsarpc rpc bind %x\n", hdr.hdr.pkt_type));
- LsarpcTNP1(data,rdata,rdata_len);
- return True;
- }
-
DEBUG(4,("lsarpc TransactNamedPipe op %x\n",hdr.opnum));
switch (hdr.opnum)
smb_io_rpc_hdr_rr(True, &hdr, data, data, 4, 0);
- if (hdr.hdr.pkt_type == RPC_BIND) /* RPC BIND */
- {
- DEBUG(4,("srvsvc rpc bind %x\n",hdr.hdr.pkt_type));
- LsarpcTNP1(data,rdata,rdata_len);
- return True;
- }
-
DEBUG(4,("srvsvc TransactNamedPipe op %x\n",hdr.opnum));
switch (hdr.opnum)
int rdata_len = 0;
int rparam_len = 0;
- BOOL reply = False;
+ BOOL reply = False;
+ BOOL bind_req = False;
int i;
int fd;
rdata = (char *)malloc(1024); if (rdata ) bzero(rdata ,1024);
rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
- DEBUG(10,("calling api_fd_command\n"));
+#ifdef NTDOMAIN
+ if (api_fd_commands[i].subcommand != -1)
+ {
+ RPC_HDR hdr;
+ char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0);
+
+ if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND))))
+ {
+ RPC_HDR_RB hdr_rb;
+
+ char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0);
+
+ if ((bind_req = (p != NULL)))
+ {
+ RPC_HDR_BA hdr_ba;
+ make_rpc_hdr_ba(&hdr_ba,
+ hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid,
+ api_fd_commands[i].pipename,
+ 0x1, 0x0, 0x0,
+ &(hdr_rb.transfer));
+
+ p = smb_io_rpc_hdr_ba(False, &hdr_ba, rdata + 0x10, rdata, 4, 0);
+
+ rdata_len = PTR_DIFF(p, rdata);
+
+ make_rpc_hdr(&hdr, RPC_BINDACK, hdr.call_id, rdata_len);
- reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt,
+ p = smb_io_rpc_hdr(False, &hdr, rdata, rdata, 4, 0);
+
+ reply = (p != NULL);
+ }
+ }
+ }
+#endif
+
+ if (!bind_req)
+ {
+ DEBUG(10,("calling api_fd_command\n"));
+
+ reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
-
- DEBUG(10,("called api_fd_command\n"));
+ DEBUG(10,("called api_fd_command\n"));
+ }
if (rdata_len > mdrcnt || rparam_len > mprcnt)
{
TransactNamedPipe on \PIPE\lsarpc.
****************************************************************************/
-void LsarpcTNP1(char *data,char **rdata, int *rdata_len)
+static void LsarpcTNP1(char *data,char **rdata, int *rdata_len)
{
uint32 dword1, dword2;
char pname[] = "\\PIPE\\lsass";
/* oops! XXXX should really issue a warning here... */
if (sid->num_auths > MAXSUBAUTHS) sid->num_auths = MAXSUBAUTHS;
- DBG_RW_PIVAL("sub_auths ", depth, base, io, q, sid->sub_auths, sid->num_auths); q += sid->num_auths * 4;
+ DBG_RW_PIVAL(False, "sub_auths ", depth, base, io, q, sid->sub_auths, sid->num_auths); q += sid->num_auths * 4;
return q;
}
/* buffer advanced by indicated length of string
NOT by searching for null-termination */
- DBG_RW_PSVAL("buffer ", depth, base, io, q, uni2->buffer, uni2->uni_max_len); q += uni2->uni_max_len * 2;
+ DBG_RW_PSVAL(True, "buffer ", depth, base, io, q, uni2->buffer, uni2->uni_max_len); q += uni2->uni_max_len * 2;
return q;
}
DBG_RW_IVAL("data[0]", depth, base, io, q, chal->data[0]); q += 4;
DBG_RW_IVAL("data[1]", depth, base, io, q, chal->data[1]); q += 4;
/*
- DBG_RW_PCVAL("data", depth, base, io, q, chal->data, 8); q += 8;
+ DBG_RW_PCVAL(False, "data", depth, base, io, q, chal->data, 8); q += 8;
*/
return q;
}
q = align_offset(q, base, align);
- DBG_RW_PCVAL("data", depth, base, io, q, hash->data, 16); q += 16;
+ DBG_RW_PCVAL(False, "data", depth, base, io, q, hash->data, 16); q += 16;
return q;
}
q = align_offset(q, base, align);
- DBG_RW_SVAL ("version", depth, base, io, q, ifc->version); q += 2;
- DBG_RW_PCVAL("data ", depth, base, io, q, ifc->data, sizeof(ifc->data)); q += sizeof(ifc->data);
+ DBG_RW_PCVAL(False, "data ", depth, base, io, q, ifc->data, sizeof(ifc->data)); q += sizeof(ifc->data);
+ DBG_RW_IVAL ( "version", depth, base, io, q, ifc->version); q += 4;
return q;
}
q = align_offset(q, base, align);
- DBG_RW_IVAL ("len ", depth, base, io, q, str->len); q += 2;
- DBG_RW_PSVAL("addr", depth, base, io, q, str->addr, str->len); q += str->len;
+ DBG_RW_IVAL ( "len ", depth, base, io, q, str->len); q += 2;
+ DBG_RW_PCVAL(True, "addr", depth, base, io, q, str->addr, str->len); q += str->len;
return q;
}
/*******************************************************************
creates an RPC_HDR_RB structure.
********************************************************************/
-void make_rpc_hdr_rb(RPC_HDR_RB *rpc, enum RPC_PKT_TYPE pkt_type,
- uint32 call_id, int data_len,
+void make_rpc_hdr_rb(RPC_HDR_RB *rpc,
uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
RPC_IFACE *abstract, RPC_IFACE *transfer)
{
if (rpc == NULL) return;
- make_rpc_hdr (&(rpc->hdr), pkt_type, call_id, data_len);
make_rpc_hdr_bba(&(rpc->bba), max_tsize, max_rsize, assoc_gid);
rpc->num_elements = num_elements ; /* the number of elements (0x1) */
DEBUG(5,("%s%04x smb_io_rpc_hdr_bba\n", tab_depth(depth), PTR_DIFF(q, base)));
depth++;
- q = smb_io_rpc_hdr (io, &(rpc->hdr), q, base, align, depth);
q = smb_io_rpc_hdr_bba(io, &(rpc->bba), q, base, align, depth);
DBG_RW_IVAL("num_elements", depth, base, io, q, rpc->num_elements); q += 4;
lkclXXXX only one reason at the moment!
********************************************************************/
-void make_rpc_hdr_ba(RPC_HDR_BA *rpc, enum RPC_PKT_TYPE pkt_type,
- uint32 call_id, int data_len,
+void make_rpc_hdr_ba(RPC_HDR_BA *rpc,
uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
char *pipe_addr,
uint8 num_results, uint16 result, uint16 reason,
{
if (rpc == NULL || transfer == NULL || pipe_addr == NULL) return;
- make_rpc_hdr (&(rpc->hdr ), pkt_type, call_id, data_len);
make_rpc_hdr_bba (&(rpc->bba ), max_tsize, max_rsize, assoc_gid);
make_rpc_addr_str(&(rpc->addr), pipe_addr);
make_rpc_results (&(rpc->res ), num_results, result, reason);
DEBUG(5,("%s%04x smb_io_rpc_hdr_ba\n", tab_depth(depth), PTR_DIFF(q, base)));
depth++;
- q = smb_io_rpc_hdr (io, &(rpc->hdr) , q, base, align, depth);
q = smb_io_rpc_hdr_bba (io, &(rpc->bba) , q, base, align, depth);
q = smb_io_rpc_addr_str(io, &(rpc->addr) , q, base, align, depth);
q = smb_io_rpc_results (io, &(rpc->res) , q, base, align, depth);
+ q = smb_io_rpc_iface (io, &(rpc->transfer), q, base, align, depth);
return q;
}
q = align_offset(q, base, align);
- DBG_RW_PCVAL("data", depth, base, io, q, pol->data, POL_HND_SIZE); q += POL_HND_SIZE;
+ DBG_RW_PCVAL(False, "data", depth, base, io, q, pol->data, POL_HND_SIZE); q += POL_HND_SIZE;
return q;
}
git.samba.org / samba.git / commitdiff