2 Unix SMB/CIFS implementation.
3 Samba memory buffer functions
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Jeremy Allison 1999
7 Copyright (C) Andrew Bartlett 2003.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
30 * Dump a prs to a file: from the current location through to the end.
32 void prs_dump(char *name, int v, prs_struct *ps)
34 prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
39 * Dump from the start of the prs to the current location.
41 void prs_dump_before(char *name, int v, prs_struct *ps)
43 prs_dump_region(name, v, ps, 0, ps->data_offset);
48 * Dump everything from the start of the prs up to the current location.
50 void prs_dump_region(char *name, int v, prs_struct *ps,
51 int from_off, int to_off)
55 if (DEBUGLEVEL < 50) return;
58 slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
60 slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
62 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
63 if (fd != -1 || errno != EEXIST) break;
66 write(fd, ps->data_p + from_off, to_off - from_off);
68 DEBUG(0,("created %s\n", fname));
74 /*******************************************************************
75 debug output for parsing info.
77 XXXX side-effect of this function is to increase the debug depth XXXX
79 ********************************************************************/
80 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
82 DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
87 * Initialise an expandable parse structure.
89 * @param size Initial buffer size. If >0, a new buffer will be
90 * created with malloc().
92 * @return False if allocation fails, otherwise True.
94 BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
98 ps->bigendian_data = RPC_LITTLE_ENDIAN;
99 ps->align = RPC_PARSE_ALIGN;
100 ps->is_dynamic = False;
107 ps->buffer_size = size;
108 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
109 DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
112 memset(ps->data_p, '\0', (size_t)size);
113 ps->is_dynamic = True; /* We own this memory. */
119 /*******************************************************************
120 Delete the memory in a parse structure - if we own it.
121 ********************************************************************/
123 void prs_mem_free(prs_struct *ps)
126 SAFE_FREE(ps->data_p);
127 ps->is_dynamic = False;
132 /*******************************************************************
133 Clear the memory in a parse structure.
134 ********************************************************************/
136 void prs_mem_clear(prs_struct *ps)
139 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
142 /*******************************************************************
143 Allocate memory when unmarshalling... Always zero clears.
144 ********************************************************************/
146 #if defined(PARANOID_MALLOC_CHECKER)
147 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
149 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
155 /* We can't call the type-safe version here. */
156 ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs");
161 /*******************************************************************
162 Return the current talloc context we're using.
163 ********************************************************************/
165 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
170 /*******************************************************************
171 Hand some already allocated memory to a prs_struct.
172 ********************************************************************/
174 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
176 ps->is_dynamic = is_dynamic;
178 ps->buffer_size = size;
181 /*******************************************************************
182 Take some memory back from a prs_struct.
183 ********************************************************************/
185 char *prs_take_memory(prs_struct *ps, uint32 *psize)
187 char *ret = ps->data_p;
189 *psize = ps->buffer_size;
190 ps->is_dynamic = False;
195 /*******************************************************************
196 Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
197 ********************************************************************/
199 BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
201 if (newsize > ps->buffer_size)
202 return prs_force_grow(ps, newsize - ps->buffer_size);
204 if (newsize < ps->buffer_size) {
205 char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
206 /* if newsize is zero, Realloc acts like free() & returns NULL*/
207 if (new_data_p == NULL && newsize != 0) {
208 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
209 (unsigned int)newsize));
210 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
213 ps->data_p = new_data_p;
214 ps->buffer_size = newsize;
220 /*******************************************************************
221 Attempt, if needed, to grow a data buffer.
222 Also depends on the data stream mode (io).
223 ********************************************************************/
225 BOOL prs_grow(prs_struct *ps, uint32 extra_space)
230 ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
232 if(ps->data_offset + extra_space <= ps->buffer_size)
236 * We cannot grow the buffer if we're not reading
237 * into the prs_struct, or if we don't own the memory.
240 if(UNMARSHALLING(ps) || !ps->is_dynamic) {
241 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
242 (unsigned int)extra_space));
247 * Decide how much extra space we really need.
250 extra_space -= (ps->buffer_size - ps->data_offset);
251 if(ps->buffer_size == 0) {
253 * Ensure we have at least a PDU's length, or extra_space, whichever
257 new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
259 if((new_data = SMB_MALLOC(new_size)) == NULL) {
260 DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
263 memset(new_data, '\0', (size_t)new_size );
266 * If the current buffer size is bigger than the space needed, just
267 * double it, else add extra_space.
269 new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
271 if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
272 DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
273 (unsigned int)new_size));
277 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
279 ps->buffer_size = new_size;
280 ps->data_p = new_data;
285 /*******************************************************************
286 Attempt to force a data buffer to grow by len bytes.
287 This is only used when appending more data onto a prs_struct
288 when reading an rpc reply, before unmarshalling it.
289 ********************************************************************/
291 BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
293 uint32 new_size = ps->buffer_size + extra_space;
296 if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
297 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
298 (unsigned int)extra_space));
302 if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
303 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
304 (unsigned int)new_size));
308 memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
310 ps->buffer_size = new_size;
311 ps->data_p = new_data;
316 /*******************************************************************
317 Get the data pointer (external interface).
318 ********************************************************************/
320 char *prs_data_p(prs_struct *ps)
325 /*******************************************************************
326 Get the current data size (external interface).
327 ********************************************************************/
329 uint32 prs_data_size(prs_struct *ps)
331 return ps->buffer_size;
334 /*******************************************************************
335 Fetch the current offset (external interface).
336 ********************************************************************/
338 uint32 prs_offset(prs_struct *ps)
340 return ps->data_offset;
343 /*******************************************************************
344 Set the current offset (external interface).
345 ********************************************************************/
347 BOOL prs_set_offset(prs_struct *ps, uint32 offset)
349 if(offset <= ps->data_offset) {
350 ps->data_offset = offset;
354 if(!prs_grow(ps, offset - ps->data_offset))
357 ps->data_offset = offset;
361 /*******************************************************************
362 Append the data from one parse_struct into another.
363 ********************************************************************/
365 BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
367 if (prs_offset(src) == 0)
370 if(!prs_grow(dst, prs_offset(src)))
373 memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
374 dst->data_offset += prs_offset(src);
379 /*******************************************************************
380 Append some data from one parse_struct into another.
381 ********************************************************************/
383 BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
388 if(!prs_grow(dst, len))
391 memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
392 dst->data_offset += len;
397 /*******************************************************************
398 Append the data from a buffer into a parse_struct.
399 ********************************************************************/
401 BOOL prs_copy_data_in(prs_struct *dst, char *src, uint32 len)
406 if(!prs_grow(dst, len))
409 memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
410 dst->data_offset += len;
415 /*******************************************************************
416 Copy some data from a parse_struct into a buffer.
417 ********************************************************************/
419 BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
424 if(!prs_mem_get(src, len))
427 memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
428 src->data_offset += len;
433 /*******************************************************************
434 Copy all the data from a parse_struct into a buffer.
435 ********************************************************************/
437 BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
439 uint32 len = prs_offset(src);
444 prs_set_offset(src, 0);
445 return prs_copy_data_out(dst, src, len);
448 /*******************************************************************
449 Set the data as X-endian (external interface).
450 ********************************************************************/
452 void prs_set_endian_data(prs_struct *ps, BOOL endian)
454 ps->bigendian_data = endian;
457 /*******************************************************************
458 Align a the data_len to a multiple of align bytes - filling with
460 ********************************************************************/
462 BOOL prs_align(prs_struct *ps)
464 uint32 mod = ps->data_offset & (ps->align-1);
466 if (ps->align != 0 && mod != 0) {
467 uint32 extra_space = (ps->align - mod);
468 if(!prs_grow(ps, extra_space))
470 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
471 ps->data_offset += extra_space;
477 /******************************************************************
478 Align on a 2 byte boundary
479 *****************************************************************/
481 BOOL prs_align_uint16(prs_struct *ps)
484 uint8 old_align = ps->align;
488 ps->align = old_align;
493 /******************************************************************
494 Align on a 8 byte boundary
495 *****************************************************************/
497 BOOL prs_align_uint64(prs_struct *ps)
500 uint8 old_align = ps->align;
504 ps->align = old_align;
509 /*******************************************************************
510 Align only if required (for the unistr2 string mainly)
511 ********************************************************************/
513 BOOL prs_align_needed(prs_struct *ps, uint32 needed)
518 return prs_align(ps);
521 /*******************************************************************
522 Ensure we can read/write to a given offset.
523 ********************************************************************/
525 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
527 if(UNMARSHALLING(ps)) {
529 * If reading, ensure that we can read the requested size item.
531 if (ps->data_offset + extra_size > ps->buffer_size) {
532 DEBUG(0,("prs_mem_get: reading data of size %u would overrun buffer.\n",
533 (unsigned int)extra_size ));
538 * Writing - grow the buffer if needed.
540 if(!prs_grow(ps, extra_size))
543 return &ps->data_p[ps->data_offset];
546 /*******************************************************************
547 Change the struct type.
548 ********************************************************************/
550 void prs_switch_type(prs_struct *ps, BOOL io)
552 if ((ps->io ^ io) == True)
556 /*******************************************************************
557 Force a prs_struct to be dynamic even when it's size is 0.
558 ********************************************************************/
560 void prs_force_dynamic(prs_struct *ps)
565 /*******************************************************************
567 ********************************************************************/
569 BOOL prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
571 char *q = prs_mem_get(ps, 1);
575 if (UNMARSHALLING(ps))
580 DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
582 ps->data_offset += 1;
587 /*******************************************************************
588 Stream a uint16* (allocate memory if unmarshalling)
589 ********************************************************************/
591 BOOL prs_pointer( const char *name, prs_struct *ps, int depth,
592 void **data, size_t data_size,
593 BOOL(*prs_fn)(const char*, prs_struct*, int, void*) )
597 /* caputure the pointer value to stream */
599 data_p = (uint32) *data;
601 if ( !prs_uint32("ptr", ps, depth, &data_p ))
604 /* we're done if there is no data */
609 if (UNMARSHALLING(ps)) {
610 if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
614 return prs_fn(name, ps, depth, *data);
618 /*******************************************************************
620 ********************************************************************/
622 BOOL prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
624 char *q = prs_mem_get(ps, sizeof(uint16));
628 if (UNMARSHALLING(ps)) {
629 if (ps->bigendian_data)
630 *data16 = RSVAL(q,0);
634 if (ps->bigendian_data)
640 DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
642 ps->data_offset += sizeof(uint16);
647 /*******************************************************************
649 ********************************************************************/
651 BOOL prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
653 char *q = prs_mem_get(ps, sizeof(uint32));
657 if (UNMARSHALLING(ps)) {
658 if (ps->bigendian_data)
659 *data32 = RIVAL(q,0);
663 if (ps->bigendian_data)
669 DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
671 ps->data_offset += sizeof(uint32);
676 /*******************************************************************
678 ********************************************************************/
680 BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
682 char *q = prs_mem_get(ps, sizeof(uint32));
686 if (UNMARSHALLING(ps)) {
687 if (ps->bigendian_data)
688 *status = NT_STATUS(RIVAL(q,0));
690 *status = NT_STATUS(IVAL(q,0));
692 if (ps->bigendian_data)
693 RSIVAL(q,0,NT_STATUS_V(*status));
695 SIVAL(q,0,NT_STATUS_V(*status));
698 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
699 nt_errstr(*status)));
701 ps->data_offset += sizeof(uint32);
706 /*******************************************************************
708 ********************************************************************/
710 BOOL prs_werror(const char *name, prs_struct *ps, int depth, WERROR *status)
712 char *q = prs_mem_get(ps, sizeof(uint32));
716 if (UNMARSHALLING(ps)) {
717 if (ps->bigendian_data)
718 *status = W_ERROR(RIVAL(q,0));
720 *status = W_ERROR(IVAL(q,0));
722 if (ps->bigendian_data)
723 RSIVAL(q,0,W_ERROR_V(*status));
725 SIVAL(q,0,W_ERROR_V(*status));
728 DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name,
729 dos_errstr(*status)));
731 ps->data_offset += sizeof(uint32);
737 /******************************************************************
738 Stream an array of uint8s. Length is number of uint8s.
739 ********************************************************************/
741 BOOL prs_uint8s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
744 char *q = prs_mem_get(ps, len);
748 if (UNMARSHALLING(ps)) {
749 for (i = 0; i < len; i++)
750 data8s[i] = CVAL(q,i);
752 for (i = 0; i < len; i++)
753 SCVAL(q, i, data8s[i]);
756 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
758 print_asc(5, (unsigned char*)data8s, len);
760 for (i = 0; i < len; i++)
761 DEBUG(5,("%02x ", data8s[i]));
765 ps->data_offset += len;
770 /******************************************************************
771 Stream an array of uint16s. Length is number of uint16s.
772 ********************************************************************/
774 BOOL prs_uint16s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
777 char *q = prs_mem_get(ps, len * sizeof(uint16));
781 if (UNMARSHALLING(ps)) {
782 if (ps->bigendian_data) {
783 for (i = 0; i < len; i++)
784 data16s[i] = RSVAL(q, 2*i);
786 for (i = 0; i < len; i++)
787 data16s[i] = SVAL(q, 2*i);
790 if (ps->bigendian_data) {
791 for (i = 0; i < len; i++)
792 RSSVAL(q, 2*i, data16s[i]);
794 for (i = 0; i < len; i++)
795 SSVAL(q, 2*i, data16s[i]);
799 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
801 print_asc(5, (unsigned char*)data16s, 2*len);
803 for (i = 0; i < len; i++)
804 DEBUG(5,("%04x ", data16s[i]));
808 ps->data_offset += (len * sizeof(uint16));
813 /******************************************************************
814 Start using a function for streaming unicode chars. If unmarshalling,
815 output must be little-endian, if marshalling, input must be little-endian.
816 ********************************************************************/
818 static void dbg_rw_punival(BOOL charmode, const char *name, int depth, prs_struct *ps,
819 char *in_buf, char *out_buf, int len)
823 if (UNMARSHALLING(ps)) {
824 if (ps->bigendian_data) {
825 for (i = 0; i < len; i++)
826 SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
828 for (i = 0; i < len; i++)
829 SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
832 if (ps->bigendian_data) {
833 for (i = 0; i < len; i++)
834 RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
836 for (i = 0; i < len; i++)
837 SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
841 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
843 print_asc(5, (unsigned char*)out_buf, 2*len);
845 for (i = 0; i < len; i++)
846 DEBUG(5,("%04x ", out_buf[i]));
851 /******************************************************************
852 Stream a unistr. Always little endian.
853 ********************************************************************/
855 BOOL prs_uint16uni(BOOL charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
857 char *q = prs_mem_get(ps, len * sizeof(uint16));
861 dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
862 ps->data_offset += (len * sizeof(uint16));
867 /******************************************************************
868 Stream an array of uint32s. Length is number of uint32s.
869 ********************************************************************/
871 BOOL prs_uint32s(BOOL charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
874 char *q = prs_mem_get(ps, len * sizeof(uint32));
878 if (UNMARSHALLING(ps)) {
879 if (ps->bigendian_data) {
880 for (i = 0; i < len; i++)
881 data32s[i] = RIVAL(q, 4*i);
883 for (i = 0; i < len; i++)
884 data32s[i] = IVAL(q, 4*i);
887 if (ps->bigendian_data) {
888 for (i = 0; i < len; i++)
889 RSIVAL(q, 4*i, data32s[i]);
891 for (i = 0; i < len; i++)
892 SIVAL(q, 4*i, data32s[i]);
896 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
898 print_asc(5, (unsigned char*)data32s, 4*len);
900 for (i = 0; i < len; i++)
901 DEBUG(5,("%08x ", data32s[i]));
905 ps->data_offset += (len * sizeof(uint32));
910 /******************************************************************
911 Stream an array of unicode string, length/buffer specified separately,
912 in uint16 chars. The unicode string is already in little-endian format.
913 ********************************************************************/
915 BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str)
918 char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
922 if (UNMARSHALLING(ps)) {
923 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
924 if (str->buffer == NULL)
928 /* If the string is empty, we don't have anything to stream */
932 p = (char *)str->buffer;
934 dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
936 ps->data_offset += (str->buf_len * sizeof(uint16));
941 /******************************************************************
942 Stream a "not" unicode string, length/buffer specified separately,
943 in byte chars. String is in little-endian format.
944 ********************************************************************/
946 BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf)
949 char *q = prs_mem_get(ps, buf->buf_len);
953 if (UNMARSHALLING(ps)) {
954 if (buf->buf_len > buf->buf_max_len) {
957 if ( buf->buf_max_len ) {
958 buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
959 if ( buf->buffer == NULL )
964 p = (char *)buf->buffer;
966 dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2);
967 ps->data_offset += buf->buf_len;
972 /******************************************************************
973 Stream a string, length/buffer specified separately,
975 ********************************************************************/
977 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
980 char *q = prs_mem_get(ps, str->str_str_len);
984 if (UNMARSHALLING(ps)) {
985 if (str->str_str_len > str->str_max_len) {
988 str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
989 if (str->buffer == NULL)
993 if (UNMARSHALLING(ps)) {
994 for (i = 0; i < str->str_str_len; i++)
995 str->buffer[i] = CVAL(q,i);
997 for (i = 0; i < str->str_str_len; i++)
998 SCVAL(q, i, str->buffer[i]);
1001 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1003 print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
1005 for (i = 0; i < str->str_str_len; i++)
1006 DEBUG(5,("%02x ", str->buffer[i]));
1010 ps->data_offset += str->str_str_len;
1015 /******************************************************************
1016 Stream a unicode string, length/buffer specified separately,
1017 in uint16 chars. The unicode string is already in little-endian format.
1018 ********************************************************************/
1020 BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str)
1023 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1027 /* If the string is empty, we don't have anything to stream */
1028 if (str->uni_str_len==0)
1031 if (UNMARSHALLING(ps)) {
1032 if (str->uni_str_len > str->uni_max_len) {
1035 str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
1036 if (str->buffer == NULL)
1040 p = (char *)str->buffer;
1042 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1044 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1049 /******************************************************************
1050 Stream a unicode string, length/buffer specified separately,
1051 in uint16 chars. The unicode string is already in little-endian format.
1052 ********************************************************************/
1054 BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth)
1057 char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
1061 if (UNMARSHALLING(ps)) {
1062 str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1063 if (str->str.buffer == NULL)
1067 p = (char *)str->str.buffer;
1069 dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
1070 ps->data_offset += (str->uni_str_len * sizeof(uint16));
1075 /*******************************************************************
1076 Stream a unicode null-terminated string. As the string is already
1077 in little-endian format then do it as a stream of bytes.
1078 ********************************************************************/
1080 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
1082 unsigned int len = 0;
1083 unsigned char *p = (unsigned char *)str->buffer;
1089 if (MARSHALLING(ps)) {
1091 for(len = 0; str->buffer[len] != 0; len++)
1094 q = prs_mem_get(ps, (len+1)*2);
1100 for(len = 0; str->buffer[len] != 0; len++) {
1101 if(ps->bigendian_data) {
1102 /* swap bytes - p is little endian, q is big endian. */
1118 * even if the string is 'empty' (only an \0 char)
1119 * at this point the leading \0 hasn't been parsed.
1129 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1130 print_asc(5, (unsigned char*)start, 2*len);
1133 else { /* unmarshalling */
1135 uint32 alloc_len = 0;
1136 q = ps->data_p + prs_offset(ps);
1139 * Work out how much space we need and talloc it.
1141 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
1143 /* the test of the value of *ptr helps to catch the circumstance
1144 where we have an emtpty (non-existent) string in the buffer */
1145 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
1149 if (alloc_len < max_len)
1152 /* should we allocate anything at all? */
1153 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1154 if ((str->buffer == NULL) && (alloc_len > 0))
1157 p = (unsigned char *)str->buffer;
1160 /* the (len < alloc_len) test is to prevent us from overwriting
1161 memory that is not ours...if we get that far, we have a non-null
1162 terminated string in the buffer and have messed up somewhere */
1163 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
1164 if(ps->bigendian_data)
1166 /* swap bytes - q is big endian, p is little endian. */
1167 p[0] = (unsigned char)q[1];
1168 p[1] = (unsigned char)q[0];
1173 p[0] = (unsigned char)q[0];
1174 p[1] = (unsigned char)q[1];
1181 if (len < alloc_len) {
1182 /* NULL terminate the UNISTR */
1183 str->buffer[len++] = '\0';
1186 DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
1187 print_asc(5, (unsigned char*)str->buffer, 2*len);
1191 /* set the offset in the prs_struct; 'len' points to the
1192 terminiating NULL in the UNISTR so we need to go one more
1194 ps->data_offset += (len)*2;
1200 /*******************************************************************
1201 Stream a null-terminated string. len is strlen, and therefore does
1202 not include the null-termination character.
1203 ********************************************************************/
1205 BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1211 if (UNMARSHALLING(ps))
1212 len = strlen(&ps->data_p[ps->data_offset]);
1216 len = MIN(len, (max_buf_size-1));
1218 q = prs_mem_get(ps, len+1);
1222 for(i = 0; i < len; i++) {
1223 if (UNMARSHALLING(ps))
1229 /* The terminating null. */
1232 if (MARSHALLING(ps)) {
1236 ps->data_offset += len+1;
1238 dump_data(5+depth, q, len);
1243 /*******************************************************************
1244 prs_uint16 wrapper. Call this and it sets up a pointer to where the
1245 uint16 should be stored, or gets the size if reading.
1246 ********************************************************************/
1248 BOOL prs_uint16_pre(const char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
1250 *offset = ps->data_offset;
1251 if (UNMARSHALLING(ps)) {
1253 return prs_uint16(name, ps, depth, data16);
1255 char *q = prs_mem_get(ps, sizeof(uint16));
1258 ps->data_offset += sizeof(uint16);
1263 /*******************************************************************
1264 prs_uint16 wrapper. call this and it retrospectively stores the size.
1265 does nothing on reading, as that is already handled by ...._pre()
1266 ********************************************************************/
1268 BOOL prs_uint16_post(const char *name, prs_struct *ps, int depth, uint16 *data16,
1269 uint32 ptr_uint16, uint32 start_offset)
1271 if (MARSHALLING(ps)) {
1273 * Writing - temporarily move the offset pointer.
1275 uint16 data_size = ps->data_offset - start_offset;
1276 uint32 old_offset = ps->data_offset;
1278 ps->data_offset = ptr_uint16;
1279 if(!prs_uint16(name, ps, depth, &data_size)) {
1280 ps->data_offset = old_offset;
1283 ps->data_offset = old_offset;
1285 ps->data_offset = start_offset + (uint32)(*data16);
1290 /*******************************************************************
1291 prs_uint32 wrapper. Call this and it sets up a pointer to where the
1292 uint32 should be stored, or gets the size if reading.
1293 ********************************************************************/
1295 BOOL prs_uint32_pre(const char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
1297 *offset = ps->data_offset;
1298 if (UNMARSHALLING(ps) && (data32 != NULL)) {
1300 return prs_uint32(name, ps, depth, data32);
1302 ps->data_offset += sizeof(uint32);
1307 /*******************************************************************
1308 prs_uint32 wrapper. call this and it retrospectively stores the size.
1309 does nothing on reading, as that is already handled by ...._pre()
1310 ********************************************************************/
1312 BOOL prs_uint32_post(const char *name, prs_struct *ps, int depth, uint32 *data32,
1313 uint32 ptr_uint32, uint32 data_size)
1315 if (MARSHALLING(ps)) {
1317 * Writing - temporarily move the offset pointer.
1319 uint32 old_offset = ps->data_offset;
1320 ps->data_offset = ptr_uint32;
1321 if(!prs_uint32(name, ps, depth, &data_size)) {
1322 ps->data_offset = old_offset;
1325 ps->data_offset = old_offset;
1330 /* useful function to store a structure in rpc wire format */
1331 int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
1333 TDB_DATA kbuf, dbuf;
1335 kbuf.dsize = strlen(keystr)+1;
1336 dbuf.dptr = ps->data_p;
1337 dbuf.dsize = prs_offset(ps);
1338 return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
1341 /* useful function to fetch a structure into rpc wire format */
1342 int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
1344 TDB_DATA kbuf, dbuf;
1346 kbuf.dsize = strlen(keystr)+1;
1348 dbuf = tdb_fetch(tdb, kbuf);
1352 prs_init(ps, 0, mem_ctx, UNMARSHALL);
1353 prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
1358 /*******************************************************************
1360 ********************************************************************/
1362 BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
1369 #ifdef DEBUG_PASSWORD
1370 DEBUG(100, ("prs_hash1\n"));
1371 dump_data(100, sess_key, 16);
1372 dump_data(100, q, len);
1374 SamOEMhash((uchar *) q, sess_key, len);
1376 #ifdef DEBUG_PASSWORD
1377 dump_data(100, q, len);
1383 /*******************************************************************
1384 Create a digest over the entire packet (including the data), and
1385 MD5 it with the session key.
1386 ********************************************************************/
1388 static void netsec_digest(struct netsec_auth_struct *a,
1390 RPC_AUTH_NETSEC_CHK * verf,
1391 char *data, size_t data_len,
1392 uchar digest_final[16])
1394 uchar whole_packet_digest[16];
1395 static uchar zeros[4];
1396 struct MD5Context ctx3;
1398 /* verfiy the signature on the packet by MD5 over various bits */
1400 /* use our sequence number, which ensures the packet is not
1402 MD5Update(&ctx3, zeros, sizeof(zeros));
1403 MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
1404 if (auth_flags & AUTH_PIPE_SEAL) {
1405 MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
1407 MD5Update(&ctx3, (const unsigned char *)data, data_len);
1408 MD5Final(whole_packet_digest, &ctx3);
1409 dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1411 /* MD5 this result and the session key, to prove that
1412 only a valid client could had produced this */
1413 hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1416 /*******************************************************************
1417 Calculate the key with which to encode the data payload
1418 ********************************************************************/
1420 static void netsec_get_sealing_key(struct netsec_auth_struct *a,
1421 RPC_AUTH_NETSEC_CHK *verf,
1422 uchar sealing_key[16])
1424 static uchar zeros[4];
1429 for (i = 0; i < sizeof(sess_kf0); i++) {
1430 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1433 dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1435 /* MD5 of sess_kf0 and 4 zero bytes */
1436 hmac_md5(sess_kf0, zeros, 0x4, digest2);
1437 dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1439 /* MD5 of the above result, plus 8 bytes of sequence number */
1440 hmac_md5(digest2, verf->seq_num, sizeof(verf->seq_num), sealing_key);
1441 dump_data_pw("sealing_key:\n", sealing_key, 16);
1444 /*******************************************************************
1445 Encode or Decode the sequence number (which is symmetric)
1446 ********************************************************************/
1448 static void netsec_deal_with_seq_num(struct netsec_auth_struct *a,
1449 RPC_AUTH_NETSEC_CHK *verf)
1451 static uchar zeros[4];
1452 uchar sequence_key[16];
1455 hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1456 dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1458 hmac_md5(digest1, verf->packet_digest, 8, sequence_key);
1460 dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1462 dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
1463 SamOEMhash(verf->seq_num, sequence_key, 8);
1464 dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
1467 /*******************************************************************
1468 creates an RPC_AUTH_NETSEC_CHK structure.
1469 ********************************************************************/
1471 static BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk,
1473 const uchar packet_digest[8],
1474 const uchar seq_num[8], const uchar confounder[8])
1479 memcpy(chk->sig, sig, sizeof(chk->sig));
1480 memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
1481 memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
1482 memcpy(chk->confounder, confounder, sizeof(chk->confounder));
1487 /*******************************************************************
1488 Encode a blob of data using the netsec (schannel) alogrithm, also produceing
1489 a checksum over the original data. We currently only support
1490 signing and sealing togeather - the signing-only code is close, but not
1491 quite compatible with what MS does.
1492 ********************************************************************/
1494 void netsec_encode(struct netsec_auth_struct *a, int auth_flags,
1495 enum netsec_direction direction,
1496 RPC_AUTH_NETSEC_CHK * verf,
1497 char *data, size_t data_len)
1499 uchar digest_final[16];
1500 uchar confounder[8];
1502 static const uchar nullbytes[8];
1504 static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
1505 static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
1506 const uchar *netsec_sig = NULL;
1508 DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1510 if (auth_flags & AUTH_PIPE_SEAL) {
1511 netsec_sig = netsec_seal_sig;
1512 } else if (auth_flags & AUTH_PIPE_SIGN) {
1513 netsec_sig = netsec_sign_sig;
1516 /* fill the 'confounder' with random data */
1517 generate_random_buffer(confounder, sizeof(confounder));
1519 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1521 RSIVAL(seq_num, 0, a->seq_num);
1523 switch (direction) {
1524 case SENDER_IS_INITIATOR:
1525 SIVAL(seq_num, 4, 0x80);
1527 case SENDER_IS_ACCEPTOR:
1528 SIVAL(seq_num, 4, 0x0);
1532 dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
1534 init_rpc_auth_netsec_chk(verf, netsec_sig, nullbytes,
1535 seq_num, confounder);
1537 /* produce a digest of the packet to prove it's legit (before we seal it) */
1538 netsec_digest(a, auth_flags, verf, data, data_len, digest_final);
1539 memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
1541 if (auth_flags & AUTH_PIPE_SEAL) {
1542 uchar sealing_key[16];
1544 /* get the key to encode the data with */
1545 netsec_get_sealing_key(a, verf, sealing_key);
1547 /* encode the verification data */
1548 dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
1549 SamOEMhash(verf->confounder, sealing_key, 8);
1551 dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
1553 /* encode the packet payload */
1554 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1555 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1556 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1559 /* encode the sequence number (key based on packet digest) */
1560 /* needs to be done after the sealing, as the original version
1561 is used in the sealing stuff... */
1562 netsec_deal_with_seq_num(a, verf);
1567 /*******************************************************************
1568 Decode a blob of data using the netsec (schannel) alogrithm, also verifiying
1569 a checksum over the original data. We currently can verify signed messages,
1570 as well as decode sealed messages
1571 ********************************************************************/
1573 BOOL netsec_decode(struct netsec_auth_struct *a, int auth_flags,
1574 enum netsec_direction direction,
1575 RPC_AUTH_NETSEC_CHK * verf, char *data, size_t data_len)
1577 uchar digest_final[16];
1579 static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
1580 static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
1581 const uchar *netsec_sig = NULL;
1585 DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1587 if (auth_flags & AUTH_PIPE_SEAL) {
1588 netsec_sig = netsec_seal_sig;
1589 } else if (auth_flags & AUTH_PIPE_SIGN) {
1590 netsec_sig = netsec_sign_sig;
1593 /* Create the expected sequence number for comparison */
1594 RSIVAL(seq_num, 0, a->seq_num);
1596 switch (direction) {
1597 case SENDER_IS_INITIATOR:
1598 SIVAL(seq_num, 4, 0x80);
1600 case SENDER_IS_ACCEPTOR:
1601 SIVAL(seq_num, 4, 0x0);
1605 DEBUG(10,("SCHANNEL: netsec_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1606 dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1608 dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1610 /* extract the sequence number (key based on supplied packet digest) */
1611 /* needs to be done before the sealing, as the original version
1612 is used in the sealing stuff... */
1613 netsec_deal_with_seq_num(a, verf);
1615 if (memcmp(verf->seq_num, seq_num, sizeof(seq_num))) {
1616 /* don't even bother with the below if the sequence number is out */
1617 /* The sequence number is MD5'ed with a key based on the whole-packet
1618 digest, as supplied by the client. We check that it's a valid
1619 checksum after the decode, below
1621 DEBUG(2, ("netsec_decode: FAILED: packet sequence number:\n"));
1622 dump_data(2, (const char*)verf->seq_num, sizeof(verf->seq_num));
1623 DEBUG(2, ("should be:\n"));
1624 dump_data(2, (const char*)seq_num, sizeof(seq_num));
1629 if (memcmp(verf->sig, netsec_sig, sizeof(verf->sig))) {
1630 /* Validate that the other end sent the expected header */
1631 DEBUG(2, ("netsec_decode: FAILED: packet header:\n"));
1632 dump_data(2, (const char*)verf->sig, sizeof(verf->sig));
1633 DEBUG(2, ("should be:\n"));
1634 dump_data(2, (const char*)netsec_sig, sizeof(netsec_sig));
1638 if (auth_flags & AUTH_PIPE_SEAL) {
1639 uchar sealing_key[16];
1641 /* get the key to extract the data with */
1642 netsec_get_sealing_key(a, verf, sealing_key);
1644 /* extract the verification data */
1645 dump_data_pw("verf->confounder:\n", verf->confounder,
1646 sizeof(verf->confounder));
1647 SamOEMhash(verf->confounder, sealing_key, 8);
1649 dump_data_pw("verf->confounder_dec:\n", verf->confounder,
1650 sizeof(verf->confounder));
1652 /* extract the packet payload */
1653 dump_data_pw("data :\n", (const unsigned char *)data, data_len);
1654 SamOEMhash((unsigned char *)data, sealing_key, data_len);
1655 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
1658 /* digest includes 'data' after unsealing */
1659 netsec_digest(a, auth_flags, verf, data, data_len, digest_final);
1661 dump_data_pw("Calculated digest:\n", digest_final,
1662 sizeof(digest_final));
1663 dump_data_pw("verf->packet_digest:\n", verf->packet_digest,
1664 sizeof(verf->packet_digest));
1666 /* compare - if the client got the same result as us, then
1667 it must know the session key */
1668 return (memcmp(digest_final, verf->packet_digest,
1669 sizeof(verf->packet_digest)) == 0);