2 Unix SMB/CIFS implementation.
3 simple kerberos5/SPNEGO routines
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
6 Copyright (C) Andrew Bartlett 2002-2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/auth/msrpc_parse.h"
26 this is a tiny msrpc packet generator. I am only using this to
27 avoid tying this code to a particular varient of our rpc code. This
28 generator is not general enough for all our rpc needs, its just
29 enough for the spnego/ntlmssp code
31 format specifiers are:
33 U = unicode string (input is unix string)
34 a = address (input is char *unix_string)
35 (1 byte type, 1 byte length, unicode/ASCII string, all inline)
36 A = ASCII string (input is unix string)
37 B = data blob (pointer + length)
38 b = data blob in header (pointer + length)
41 C = constant ascii string
43 NTSTATUS msrpc_gen(TALLOC_CTX *mem_ctx,
45 const char *format, ...)
52 int head_size=0, data_size=0;
53 int head_ofs, data_ofs;
59 pointers = talloc_array(mem_ctx, DATA_BLOB, strlen(format));
61 return NT_STATUS_NO_MEMORY;
63 intargs = talloc_array(pointers, int, strlen(format));
65 return NT_STATUS_NO_MEMORY;
68 /* first scan the format to work out the header and body size */
70 for (i=0; format[i]; i++) {
73 s = va_arg(ap, char *);
75 ret = push_ucs2_talloc(
77 (smb_ucs2_t **)(void *)&pointers[i].data,
81 return map_nt_error_from_unix_common(errno);
83 pointers[i].length = n;
84 pointers[i].length -= 2;
85 data_size += pointers[i].length;
88 s = va_arg(ap, char *);
90 ret = push_ascii_talloc(
91 pointers, (char **)(void *)&pointers[i].data,
95 return map_nt_error_from_unix_common(errno);
97 pointers[i].length = n;
98 pointers[i].length -= 1;
99 data_size += pointers[i].length;
104 s = va_arg(ap, char *);
105 ret = push_ucs2_talloc(
107 (smb_ucs2_t **)(void *)&pointers[i].data,
111 return map_nt_error_from_unix_common(errno);
113 pointers[i].length = n;
114 pointers[i].length -= 2;
115 data_size += pointers[i].length + 4;
118 b = va_arg(ap, uint8_t *);
120 pointers[i].data = b;
121 pointers[i].length = va_arg(ap, int);
122 data_size += pointers[i].length;
125 b = va_arg(ap, uint8_t *);
126 pointers[i].data = b;
127 pointers[i].length = va_arg(ap, int);
128 head_size += pointers[i].length;
136 s = va_arg(ap, char *);
137 pointers[i].data = (uint8_t *)s;
138 pointers[i].length = strlen(s)+1;
139 head_size += pointers[i].length;
143 return NT_STATUS_INVALID_PARAMETER;
148 if (head_size + data_size == 0) {
149 return NT_STATUS_INVALID_PARAMETER;
152 /* allocate the space, then scan the format again to fill in the values */
153 *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
155 return NT_STATUS_NO_MEMORY;
158 data_ofs = head_size;
160 va_start(ap, format);
161 for (i=0; format[i]; i++) {
166 n = pointers[i].length;
167 SSVAL(blob->data, head_ofs, n); head_ofs += 2;
168 SSVAL(blob->data, head_ofs, n); head_ofs += 2;
169 SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
170 if (pointers[i].data && n) /* don't follow null pointers... */
171 memcpy(blob->data+data_ofs, pointers[i].data, n);
176 SSVAL(blob->data, data_ofs, j); data_ofs += 2;
178 n = pointers[i].length;
179 SSVAL(blob->data, data_ofs, n); data_ofs += 2;
180 memcpy(blob->data+data_ofs, pointers[i].data, n);
185 SIVAL(blob->data, head_ofs, j);
189 n = pointers[i].length;
190 if (pointers[i].data && n) {
191 /* don't follow null pointers... */
192 memcpy(blob->data + head_ofs, pointers[i].data, n);
197 n = pointers[i].length;
198 memcpy(blob->data + head_ofs, pointers[i].data, n);
203 return NT_STATUS_INVALID_PARAMETER;
208 talloc_free(pointers);
214 /* a helpful macro to avoid running over the end of our blob */
215 #define NEED_DATA(amount) \
216 if ((head_ofs + amount) > blob->length) { \
222 this is a tiny msrpc packet parser. This the the partner of msrpc_gen
224 format specifiers are:
226 U = unicode string (output is unix string)
229 b = data blob in header
231 C = constant ascii string
234 bool msrpc_parse(TALLOC_CTX *mem_ctx,
235 const DATA_BLOB *blob,
236 const char *format, ...)
247 char *p = talloc_array(mem_ctx, char, p_len);
254 va_start(ap, format);
255 for (i=0; format[i]; i++) {
259 len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
260 len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
261 ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
263 ps = va_arg(ap, char **);
264 if (len1 == 0 && len2 == 0) {
265 *ps = (char *)discard_const("");
267 /* make sure its in the right format - be strict */
268 if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
273 /* if odd length and unicode */
277 if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
278 blob->data + ptr < blob->data) {
285 if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
286 blob->data + ptr, len1,
292 (*ps) = (char *)discard_const("");
298 len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
299 len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
300 ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
302 ps = (char **)va_arg(ap, char **);
303 /* make sure its in the right format - be strict */
304 if (len1 == 0 && len2 == 0) {
305 *ps = (char *)discard_const("");
307 if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
312 if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
313 blob->data + ptr < blob->data) {
321 if (!convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX,
322 blob->data + ptr, len1,
328 (*ps) = (char *)discard_const("");
334 len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
335 len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
336 ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
338 b = (DATA_BLOB *)va_arg(ap, void *);
339 if (len1 == 0 && len2 == 0) {
340 *b = data_blob_talloc(mem_ctx, NULL, 0);
342 /* make sure its in the right format - be strict */
343 if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
348 if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
349 blob->data + ptr < blob->data) {
354 *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
358 b = (DATA_BLOB *)va_arg(ap, void *);
359 len1 = va_arg(ap, unsigned int);
360 /* make sure its in the right format - be strict */
362 if (blob->data + head_ofs < (uint8_t *)head_ofs ||
363 blob->data + head_ofs < blob->data) {
368 *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
372 v = va_arg(ap, uint32_t *);
374 *v = IVAL(blob->data, head_ofs); head_ofs += 4;
377 s = va_arg(ap, char *);
379 if (blob->data + head_ofs < (uint8_t *)head_ofs ||
380 blob->data + head_ofs < blob->data ||
381 (head_ofs + (strlen(s) + 1)) > blob->length) {
386 if (memcmp(blob->data + head_ofs, s, strlen(s)+1) != 0) {
390 head_ofs += (strlen(s) + 1);