3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1999,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1999,
8 * Copyright (C) Paul Ashton 1997-1999.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 extern int DEBUGLEVEL;
31 /*******************************************************************
32 interface/version dce/rpc pipe identification
33 ********************************************************************/
35 #define TRANS_SYNT_V2 \
38 0x04, 0x5d, 0x88, 0x8a, \
39 0xeb, 0x1c, 0xc9, 0x11, \
40 0x9f, 0xe8, 0x08, 0x00, \
41 0x2b, 0x10, 0x48, 0x60 \
45 #define SYNT_SVCCTL_V2 \
48 0x81, 0xbb, 0x7a, 0x36, \
49 0x44, 0x98, 0xf1, 0x35, \
50 0xad, 0x32, 0x98, 0xf0, \
51 0x38, 0x00, 0x10, 0x03 \
55 #define SYNT_BROWSER_V0 \
58 0x98, 0xd0, 0xff, 0x6b, \
59 0x12, 0xa1, 0x10, 0x36, \
60 0x98, 0x33, 0x01, 0x28, \
61 0x92, 0x02, 0x01, 0x62 \
65 #define SYNT_NETLOGON_V2 \
68 0x04, 0x5d, 0x88, 0x8a, \
69 0xeb, 0x1c, 0xc9, 0x11, \
70 0x9f, 0xe8, 0x08, 0x00, \
71 0x2b, 0x10, 0x48, 0x60 \
75 #define SYNT_WKSSVC_V1 \
78 0x98, 0xd0, 0xff, 0x6b, \
79 0x12, 0xa1, 0x10, 0x36, \
80 0x98, 0x33, 0x46, 0xc3, \
81 0xf8, 0x7e, 0x34, 0x5a \
85 #define SYNT_SRVSVC_V3 \
88 0xc8, 0x4f, 0x32, 0x4b, \
89 0x70, 0x16, 0xd3, 0x01, \
90 0x12, 0x78, 0x5a, 0x47, \
91 0xbf, 0x6e, 0xe1, 0x88 \
95 #define SYNT_LSARPC_V0 \
98 0x78, 0x57, 0x34, 0x12, \
99 0x34, 0x12, 0xcd, 0xab, \
100 0xef, 0x00, 0x01, 0x23, \
101 0x45, 0x67, 0x89, 0xab \
105 #define SYNT_SAMR_V1 \
108 0x78, 0x57, 0x34, 0x12, \
109 0x34, 0x12, 0xcd, 0xab, \
110 0xef, 0x00, 0x01, 0x23, \
111 0x45, 0x67, 0x89, 0xac \
115 #define SYNT_NETLOGON_V1 \
118 0x78, 0x56, 0x34, 0x12, \
119 0x34, 0x12, 0xcd, 0xab, \
120 0xef, 0x00, 0x01, 0x23, \
121 0x45, 0x67, 0xcf, 0xfb \
125 #define SYNT_WINREG_V1 \
128 0x01, 0xd0, 0x8c, 0x33, \
129 0x44, 0x22, 0xf1, 0x31, \
130 0xaa, 0xaa, 0x90, 0x00, \
131 0x38, 0x00, 0x10, 0x03 \
135 #define SYNT_ATSVC_V1 \
138 0x82, 0x06, 0xf7, 0x1f, \
139 0x51, 0x0a, 0xe8, 0x30, \
140 0x07, 0x6d, 0x74, 0x0b, \
141 0xe8, 0xce, 0xe9, 0x8b \
145 #define SYNT_SPOOLSS_V1 \
148 0x78, 0x56, 0x34, 0x12, \
149 0x34, 0x12, 0xcd, 0xab, \
150 0xef, 0x00, 0x01, 0x23, \
151 0x45, 0x67, 0x89, 0xab \
155 #define SYNT_NONE_V0 \
158 0x00, 0x00, 0x00, 0x00, \
159 0x00, 0x00, 0x00, 0x00, \
160 0x00, 0x00, 0x00, 0x00, \
161 0x00, 0x00, 0x00, 0x00 \
165 #define SYNT_EVENTLOG_V0 \
168 0xdc, 0x3f, 0x27, 0x82, \
169 0x2a, 0xe3, 0xc3, 0x18, \
170 0x3f, 0x78, 0x82, 0x79, \
171 0x29, 0xdc, 0x23, 0xea \
175 struct pipe_id_info pipe_names [] =
177 /* client pipe , abstract syntax , server pipe , transfer syntax */
178 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 },
179 { PIPE_BROWSER , SYNT_BROWSER_V0 , PIPE_NTSVCS , TRANS_SYNT_V2 },
180 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
181 { PIPE_NETLOGON, SYNT_NETLOGON_V1, PIPE_LSASS , TRANS_SYNT_V2 },
182 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
183 { PIPE_SVCCTL , SYNT_SVCCTL_V2 , PIPE_NTSVCS , TRANS_SYNT_V2 },
184 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
185 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
186 { PIPE_ATSVC , SYNT_ATSVC_V1 , PIPE_ATSVC , TRANS_SYNT_V2 },
187 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
188 { PIPE_EVENTLOG, SYNT_EVENTLOG_V0, PIPE_EVENTLOG , TRANS_SYNT_V2 },
189 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
192 /*******************************************************************
193 creates an RPC_HDR structure.
194 ********************************************************************/
195 BOOL make_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
196 uint32 call_id, int data_len, int auth_len)
198 if (hdr == NULL) return False;
200 hdr->major = 5; /* RPC version 5 */
201 hdr->minor = 0; /* minor version 0 */
202 hdr->pkt_type = pkt_type; /* RPC packet type */
203 hdr->flags = flags; /* dce/rpc flags */
204 hdr->pack_type = 0x10; /* packed data representation */
205 hdr->frag_len = data_len; /* fragment length, fill in later */
206 hdr->auth_len = auth_len; /* authentication length */
207 hdr->call_id = call_id; /* call identifier - match incoming RPC */
212 /*******************************************************************
213 reads or writes an RPC_HDR structure.
214 ********************************************************************/
215 BOOL smb_io_rpc_hdr(char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
217 if (rpc == NULL) return False;
219 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
222 prs_uint8 ("major ", ps, depth, &(rpc->major));
223 prs_uint8 ("minor ", ps, depth, &(rpc->minor));
224 prs_uint8 ("pkt_type ", ps, depth, &(rpc->pkt_type));
225 prs_uint8 ("flags ", ps, depth, &(rpc->flags));
226 prs_uint32("pack_type ", ps, depth, &(rpc->pack_type));
227 prs_uint16("frag_len ", ps, depth, &(rpc->frag_len));
228 prs_uint16("auth_len ", ps, depth, &(rpc->auth_len));
229 prs_uint32("call_id ", ps, depth, &(rpc->call_id));
234 /*******************************************************************
235 reads or writes an RPC_HDR_FAULT structure.
236 ********************************************************************/
237 BOOL smb_io_rpc_hdr_fault(char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
239 if (rpc == NULL) return False;
241 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
244 prs_uint32("status ", ps, depth, &(rpc->status ));
245 prs_uint32("reserved", ps, depth, &(rpc->reserved));
250 /*******************************************************************
251 reads or writes an RPC_IFACE structure.
252 ********************************************************************/
253 static BOOL smb_io_rpc_iface(char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
255 if (ifc == NULL) return False;
257 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
262 prs_uint8s (False, "data ", ps, depth, ifc->data, sizeof(ifc->data));
263 prs_uint32 ( "version", ps, depth, &(ifc->version));
268 /*******************************************************************
269 creates an RPC_ADDR_STR structure.
271 The name can be null (RPC Alter-Context)
272 ********************************************************************/
273 static BOOL make_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
275 if (str == NULL ) return False;
279 fstrcpy(str->str, "");
283 str->len = strlen(name) + 1;
284 fstrcpy(str->str, name);
290 /*******************************************************************
291 reads or writes an RPC_ADDR_STR structure.
292 ********************************************************************/
293 static BOOL smb_io_rpc_addr_str(char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
295 if (str == NULL) return False;
297 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
301 prs_uint16 ( "len", ps, depth, &(str->len));
302 prs_uint8s (True, "str", ps, depth, (uchar*)str->str, str->len);
307 /*******************************************************************
308 creates an RPC_HDR_BBA structure.
309 ********************************************************************/
310 static BOOL make_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
312 if (bba == NULL) return False;
314 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
315 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
316 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
321 /*******************************************************************
322 reads or writes an RPC_HDR_BBA structure.
323 ********************************************************************/
324 static BOOL smb_io_rpc_hdr_bba(char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
326 if (rpc == NULL) return False;
328 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
331 prs_uint16("max_tsize", ps, depth, &(rpc->max_tsize));
332 prs_uint16("max_rsize", ps, depth, &(rpc->max_rsize));
333 prs_uint32("assoc_gid", ps, depth, &(rpc->assoc_gid));
338 /*******************************************************************
339 creates an RPC_HDR_RB structure.
340 ********************************************************************/
341 BOOL make_rpc_hdr_rb(RPC_HDR_RB *rpc,
342 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
343 uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
344 RPC_IFACE *abstract, RPC_IFACE *transfer)
346 if (rpc == NULL) return False;
348 make_rpc_hdr_bba(&(rpc->bba), max_tsize, max_rsize, assoc_gid);
350 rpc->num_elements = num_elements ; /* the number of elements (0x1) */
351 rpc->context_id = context_id ; /* presentation context identifier (0x0) */
352 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */
354 /* num and vers. of interface client is using */
355 memcpy(&(rpc->abstract), abstract, sizeof(rpc->abstract));
357 /* num and vers. of interface to use for replies */
358 memcpy(&(rpc->transfer), transfer, sizeof(rpc->transfer));
363 /*******************************************************************
364 reads or writes an RPC_HDR_RB structure.
365 ********************************************************************/
366 BOOL smb_io_rpc_hdr_rb(char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
368 if (rpc == NULL) return False;
370 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
373 smb_io_rpc_hdr_bba("", &(rpc->bba), ps, depth);
375 prs_uint32("num_elements", ps, depth, &(rpc->num_elements));
376 prs_uint16("context_id ", ps, depth, &(rpc->context_id ));
377 prs_uint8 ("num_syntaxes", ps, depth, &(rpc->num_syntaxes));
379 smb_io_rpc_iface("", &(rpc->abstract), ps, depth);
380 smb_io_rpc_iface("", &(rpc->transfer), ps, depth);
385 /*******************************************************************
386 creates an RPC_RESULTS structure.
388 lkclXXXX only one reason at the moment!
390 ********************************************************************/
391 static BOOL make_rpc_results(RPC_RESULTS *res,
392 uint8 num_results, uint16 result, uint16 reason)
394 if (res == NULL) return False;
396 res->num_results = num_results; /* the number of results (0x01) */
397 res->result = result ; /* result (0x00 = accept) */
398 res->reason = reason ; /* reason (0x00 = no reason specified) */
403 /*******************************************************************
404 reads or writes an RPC_RESULTS structure.
406 lkclXXXX only one reason at the moment!
408 ********************************************************************/
409 static BOOL smb_io_rpc_results(char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
411 if (res == NULL) return False;
413 prs_debug(ps, depth, desc, "smb_io_rpc_results");
418 prs_uint8 ("num_results", ps, depth, &(res->num_results));
422 prs_uint16("result ", ps, depth, &(res->result ));
423 prs_uint16("reason ", ps, depth, &(res->reason ));
428 /*******************************************************************
429 creates an RPC_HDR_BA structure.
431 lkclXXXX only one reason at the moment!
432 jfm: nope two ! The pipe_addr can be NULL !
434 ********************************************************************/
435 BOOL make_rpc_hdr_ba(RPC_HDR_BA *rpc,
436 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
437 const char *pipe_addr,
438 uint8 num_results, uint16 result, uint16 reason,
441 if (rpc == NULL || transfer == NULL) return False;
443 make_rpc_hdr_bba (&(rpc->bba ), max_tsize, max_rsize, assoc_gid);
444 make_rpc_addr_str(&(rpc->addr), pipe_addr);
445 make_rpc_results (&(rpc->res ), num_results, result, reason);
447 /* the transfer syntax from the request */
448 memcpy(&(rpc->transfer), transfer, sizeof(rpc->transfer));
453 /*******************************************************************
454 reads or writes an RPC_HDR_BA structure.
455 ********************************************************************/
456 BOOL smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
458 if (rpc == NULL) return False;
460 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
463 smb_io_rpc_hdr_bba ("", &(rpc->bba) , ps, depth);
464 smb_io_rpc_addr_str("", &(rpc->addr) , ps, depth);
465 smb_io_rpc_results ("", &(rpc->res) , ps, depth);
466 smb_io_rpc_iface ("", &(rpc->transfer), ps, depth);
471 /*******************************************************************
472 creates an RPC_HDR_REQ structure.
473 ********************************************************************/
474 BOOL make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
476 if (hdr == NULL) return False;
478 hdr->alloc_hint = alloc_hint; /* allocation hint */
479 hdr->context_id = 0; /* presentation context identifier */
480 hdr->opnum = opnum; /* opnum */
485 /*******************************************************************
486 reads or writes an RPC_HDR_REQ structure.
487 ********************************************************************/
488 BOOL smb_io_rpc_hdr_req(char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
490 if (rpc == NULL) return False;
492 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
495 prs_uint32("alloc_hint", ps, depth, &(rpc->alloc_hint));
496 prs_uint16("context_id", ps, depth, &(rpc->context_id));
497 prs_uint16("opnum ", ps, depth, &(rpc->opnum));
502 /*******************************************************************
503 reads or writes an RPC_HDR_RESP structure.
504 ********************************************************************/
505 BOOL smb_io_rpc_hdr_resp(char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
507 if (rpc == NULL) return False;
509 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
512 prs_uint32("alloc_hint", ps, depth, &(rpc->alloc_hint));
513 prs_uint16("context_id", ps, depth, &(rpc->context_id));
514 prs_uint8 ("cancel_ct ", ps, depth, &(rpc->cancel_count));
515 prs_uint8 ("reserved ", ps, depth, &(rpc->reserved));
520 /*******************************************************************
521 creates an RPC_HDR_AUTHA structure.
522 ********************************************************************/
523 BOOL make_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
524 uint16 max_tsize, uint16 max_rsize,
525 uint8 auth_type, uint8 auth_level,
528 if (rai == NULL) return False;
530 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
531 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
533 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
534 rai->auth_level = auth_level; /* 0x06 */
535 rai->stub_type_len = stub_type_len; /* 0x00 */
536 rai->padding = 0; /* padding 0x00 */
538 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
543 /*******************************************************************
544 reads or writes an RPC_HDR_AUTHA structure.
545 ********************************************************************/
546 BOOL smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth)
548 if (rai == NULL) return False;
550 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha");
553 prs_uint16("max_tsize ", ps, depth, &(rai->max_tsize));
554 prs_uint16("max_rsize ", ps, depth, &(rai->max_rsize));
556 prs_uint8 ("auth_type ", ps, depth, &(rai->auth_type )); /* 0x0a nt lm ssp */
557 prs_uint8 ("auth_level ", ps, depth, &(rai->auth_level ));/* 0x06 */
558 prs_uint8 ("stub_type_len", ps, depth, &(rai->stub_type_len));
559 prs_uint8 ("padding ", ps, depth, &(rai->padding ));
561 prs_uint32("unknown ", ps, depth, &(rai->unknown )); /* 0x0014a0c0 */
566 /*******************************************************************
567 checks an RPC_HDR_AUTH structure.
568 ********************************************************************/
569 BOOL rpc_hdr_auth_chk(RPC_HDR_AUTH *rai)
571 return ((rai->auth_type == 0x0a || rai->auth_type == 0x44) &&
572 rai->auth_level == 0x06);
577 /*******************************************************************
578 creates an RPC_HDR_AUTH structure.
579 ********************************************************************/
580 BOOL make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
581 uint8 auth_type, uint8 auth_level,
585 if (rai == NULL) return False;
587 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
588 rai->auth_level = auth_level; /* 0x06 */
589 rai->stub_type_len = stub_type_len; /* 0x00 */
590 rai->padding = 0; /* padding 0x00 */
592 rai->unknown = ptr; /* non-zero pointer to something */
597 /*******************************************************************
598 reads or writes an RPC_HDR_AUTH structure.
599 ********************************************************************/
600 BOOL smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
602 if (rai == NULL) return False;
604 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
607 prs_uint8 ("auth_type ", ps, depth, &(rai->auth_type )); /* 0x0a nt lm ssp */
608 prs_uint8 ("auth_level ", ps, depth, &(rai->auth_level ));/* 0x06 */
609 prs_uint8 ("stub_type_len", ps, depth, &(rai->stub_type_len));
610 prs_uint8 ("padding ", ps, depth, &(rai->padding ));
612 prs_uint32("unknown ", ps, depth, &(rai->unknown )); /* 0x0014a0c0 */
617 /*******************************************************************
618 checks an RPC_AUTH_NTLMSSP_VERIFIER structure.
619 ********************************************************************/
620 BOOL rpc_auth_ntlmssp_verifier_chk(RPC_AUTH_NTLMSSP_VERIFIER *rav,
621 char *signature, uint32 msg_type)
623 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
628 /*******************************************************************
629 creates an RPC_AUTH_NTLMSSP_VERIFIER structure.
630 ********************************************************************/
631 BOOL make_rpc_auth_ntlmssp_verifier(RPC_AUTH_NTLMSSP_VERIFIER *rav,
632 char *signature, uint32 msg_type)
634 if (rav == NULL) return False;
636 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
637 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
642 /*******************************************************************
643 reads or writes an RPC_AUTH_NTLMSSP_VERIFIER structure.
644 ********************************************************************/
645 BOOL smb_io_rpc_auth_ntlmssp_verifier(char *desc, RPC_AUTH_NTLMSSP_VERIFIER *rav, prs_struct *ps, int depth)
647 if (rav == NULL) return False;
649 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
652 prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */
653 prs_uint32("msg_type ", ps, depth, &(rav->msg_type )); /* NTLMSSP_MESSAGE_TYPE */
658 /*******************************************************************
659 creates an RPC_AUTH_NTLMSSP_NEG structure.
660 ********************************************************************/
661 BOOL make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
663 fstring myname, fstring domain)
665 int len_myname = strlen(myname);
666 int len_domain = strlen(domain);
668 if (neg == NULL) return False;
670 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
672 make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
673 make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
675 fstrcpy(neg->myname, myname);
676 fstrcpy(neg->domain, domain);
681 /*******************************************************************
682 reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
684 *** lkclXXXX HACK ALERT! ***
686 ********************************************************************/
687 BOOL smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
689 if (neg == NULL) return False;
691 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg");
694 prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
704 smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
705 smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
707 old_offset = ps->offset;
709 ps->offset = neg->hdr_myname .buffer + 0x50; /* lkclXXXX HACK! */
710 prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
711 old_offset += neg->hdr_myname .str_str_len;
713 ps->offset = neg->hdr_domain .buffer + 0x50; /* lkclXXXX HACK! */
714 prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
715 old_offset += neg->hdr_domain .str_str_len;
717 ps->offset = old_offset;
722 smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
723 smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
725 prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
726 prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
732 /*******************************************************************
733 creates an RPC_AUTH_NTLMSSP_CHAL structure.
734 ********************************************************************/
735 BOOL make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
739 if (chl == NULL) return False;
741 chl->unknown_1 = 0x0;
742 chl->unknown_2 = 0x00000028;
743 chl->neg_flags = neg_flags; /* 0x0082b1 */
745 memcpy(chl->challenge, challenge, sizeof(chl->challenge));
746 bzero (chl->reserved , sizeof(chl->reserved));
751 /*******************************************************************
752 reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
753 ********************************************************************/
754 BOOL smb_io_rpc_auth_ntlmssp_chal(char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth)
756 if (chl == NULL) return False;
758 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal");
761 prs_uint32("unknown_1", ps, depth, &(chl->unknown_1)); /* 0x0000 0000 */
762 prs_uint32("unknown_2", ps, depth, &(chl->unknown_2)); /* 0x0000 b2b3 */
763 prs_uint32("neg_flags", ps, depth, &(chl->neg_flags)); /* 0x0000 82b1 */
765 prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge));
766 prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved ));
771 /*******************************************************************
772 creates an RPC_AUTH_NTLMSSP_RESP structure.
774 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
775 *** lkclXXXX the actual offset is at the start of the auth verifier ***
777 ********************************************************************/
778 BOOL make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
780 uchar *nt_resp, size_t nt_len,
781 char *domain, char *user, char *wks,
785 int dom_len = strlen(domain);
786 int wks_len = strlen(wks );
787 int usr_len = strlen(user );
788 int lm_len = nt_len != 0 ? (lm_resp != NULL ? 24 : 0) : 1;
790 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
792 if (rsp == NULL) return False;
794 #ifdef DEBUG_PASSWORD
795 DEBUG(100,("lm_resp\n"));
798 dump_data(100, lm_resp, lm_len);
800 DEBUG(100,("nt_resp\n"));
803 dump_data(100, nt_resp, nt_len);
807 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
808 domain, user, wks, neg_flags));
812 if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
819 make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, offset);
822 make_str_hdr(&rsp->hdr_usr , usr_len, usr_len, offset);
825 make_str_hdr(&rsp->hdr_wks , wks_len, wks_len, offset);
828 make_str_hdr(&rsp->hdr_lm_resp, lm_len , lm_len , offset);
831 make_str_hdr(&rsp->hdr_nt_resp, nt_len , nt_len , offset);
834 make_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
836 rsp->neg_flags = neg_flags;
838 if (lm_resp != NULL && lm_len != 1)
840 memcpy(rsp->lm_resp, lm_resp, lm_len);
848 memcpy(rsp->nt_resp, nt_resp, nt_len);
855 if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
857 ascii_to_unibuf(rsp->domain, domain, sizeof(rsp->domain)-2);
858 ascii_to_unibuf(rsp->user , user , sizeof(rsp->user )-2);
859 ascii_to_unibuf(rsp->wks , wks , sizeof(rsp->wks )-2);
863 fstrcpy(rsp->domain, domain);
864 fstrcpy(rsp->user , user );
865 fstrcpy(rsp->wks , wks );
867 rsp->sess_key[0] = 0;
872 /*******************************************************************
873 reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
875 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
876 *** lkclXXXX the actual offset is at the start of the auth verifier ***
878 ********************************************************************/
879 BOOL smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth)
881 if (rsp == NULL) return False;
883 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
894 smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth);
895 smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth);
896 smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth);
897 smb_io_strhdr("hdr_user ", &rsp->hdr_usr , ps, depth);
898 smb_io_strhdr("hdr_wks ", &rsp->hdr_wks , ps, depth);
899 smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth);
901 prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */
903 old_offset = ps->offset;
905 ps->offset = rsp->hdr_domain .buffer + 0x1c;
906 prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
907 old_offset += rsp->hdr_domain .str_str_len;
909 ps->offset = rsp->hdr_usr .buffer + 0x1c;
910 prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
911 old_offset += rsp->hdr_usr .str_str_len;
913 ps->offset = rsp->hdr_wks .buffer + 0x1c;
914 prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
915 old_offset += rsp->hdr_wks .str_str_len;
917 ps->offset = rsp->hdr_lm_resp .buffer + 0x1c;
918 prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )));
919 old_offset += rsp->hdr_lm_resp .str_str_len;
921 ps->offset = rsp->hdr_nt_resp .buffer + 0x1c;
922 prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
923 old_offset += rsp->hdr_nt_resp .str_str_len;
925 if (rsp->hdr_sess_key.str_str_len != 0)
927 ps->offset = rsp->hdr_sess_key.buffer + 0x1c;
928 old_offset += rsp->hdr_sess_key.str_str_len;
929 prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
932 ps->offset = old_offset;
937 smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth);
938 smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth);
939 smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth);
940 smb_io_strhdr("hdr_user ", &rsp->hdr_usr , ps, depth);
941 smb_io_strhdr("hdr_wks ", &rsp->hdr_wks , ps, depth);
942 smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth);
944 prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */
946 prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
947 prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
948 prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
949 prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )));
950 prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
951 prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
957 /*******************************************************************
958 checks an RPC_AUTH_NTLMSSP_CHK structure.
959 ********************************************************************/
960 BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
967 if (chk->crc32 != crc32 ||
968 chk->ver != NTLMSSP_SIGN_VERSION ||
969 chk->seq_num != seq_num)
971 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
972 crc32, NTLMSSP_SIGN_VERSION, seq_num));
973 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
974 chk->crc32, chk->ver, chk->seq_num));
982 /*******************************************************************
983 creates an RPC_AUTH_NTLMSSP_CHK structure.
984 ********************************************************************/
985 BOOL make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
986 uint32 ver, uint32 crc32, uint32 seq_num)
988 if (chk == NULL) return False;
993 chk->seq_num = seq_num ;
998 /*******************************************************************
999 reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1000 ********************************************************************/
1001 BOOL smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
1003 if (chk == NULL) return False;
1005 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
1008 prs_uint32("ver ", ps, depth, &(chk->ver ));
1009 prs_uint32("reserved", ps, depth, &(chk->reserved));
1010 prs_uint32("crc32 ", ps, depth, &(chk->crc32 ));
1011 prs_uint32("seq_num ", ps, depth, &(chk->seq_num ));