2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_RPC_PARSE
28 /*******************************************************************
29 interface/version dce/rpc pipe identification
30 ********************************************************************/
32 const struct ndr_syntax_id syntax_spoolss = {
34 0x12345678, 0x1234, 0xabcd,
37 0x45, 0x67, 0x89, 0xab }
42 * IMPORTANT!! If you update this structure, make sure to
43 * update the index #defines in smb.h.
46 const struct pipe_id_info pipe_names [] =
48 { PIPE_LSARPC , &ndr_table_lsarpc.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
49 { PIPE_LSARPC , &ndr_table_dssetup.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
50 { PIPE_SAMR , &ndr_table_samr.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
51 { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
52 { PIPE_SRVSVC , &ndr_table_srvsvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
53 { PIPE_WKSSVC , &ndr_table_wkssvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
54 { PIPE_WINREG , &ndr_table_winreg.syntax_id, PIPE_WINREG , &ndr_transfer_syntax },
55 { PIPE_SPOOLSS , &syntax_spoolss , PIPE_SPOOLSS , &ndr_transfer_syntax },
56 { PIPE_NETDFS , &ndr_table_netdfs.syntax_id, PIPE_NETDFS , &ndr_transfer_syntax },
57 { PIPE_ECHO , &ndr_table_rpcecho.syntax_id, PIPE_ECHO , &ndr_transfer_syntax },
58 { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id, PIPE_SHUTDOWN , &ndr_transfer_syntax },
59 { PIPE_SVCCTL , &ndr_table_svcctl.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
60 { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id, PIPE_EVENTLOG , &ndr_transfer_syntax },
61 { PIPE_NTSVCS , &ndr_table_ntsvcs.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
62 { NULL , NULL , NULL , NULL }
65 /****************************************************************************
66 Return the pipe name from the index.
67 ****************************************************************************/
69 const char *cli_get_pipe_name(int pipe_idx)
71 return &pipe_names[pipe_idx].client_pipe[5];
74 /****************************************************************************
75 Return the pipe idx from the syntax.
76 ****************************************************************************/
77 int cli_get_pipe_idx(const RPC_IFACE *syntax)
80 for (i = 0; pipe_names[i].client_pipe; i++) {
81 if (GUID_equal(&pipe_names[i].abstr_syntax->uuid, &syntax->uuid) &&
82 pipe_names[i].abstr_syntax->if_version == syntax->if_version)
89 /*******************************************************************
90 Inits an RPC_HDR structure.
91 ********************************************************************/
93 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
94 uint32 call_id, int data_len, int auth_len)
96 hdr->major = 5; /* RPC version 5 */
97 hdr->minor = 0; /* minor version 0 */
98 hdr->pkt_type = pkt_type; /* RPC packet type */
99 hdr->flags = flags; /* dce/rpc flags */
100 hdr->pack_type[0] = 0x10; /* little-endian data representation */
101 hdr->pack_type[1] = 0; /* packed data representation */
102 hdr->pack_type[2] = 0; /* packed data representation */
103 hdr->pack_type[3] = 0; /* packed data representation */
104 hdr->frag_len = data_len; /* fragment length, fill in later */
105 hdr->auth_len = auth_len; /* authentication length */
106 hdr->call_id = call_id; /* call identifier - match incoming RPC */
109 /*******************************************************************
110 Reads or writes an RPC_HDR structure.
111 ********************************************************************/
113 bool smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
118 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
121 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
124 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
126 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
128 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
131 /* We always marshall in little endian format. */
133 rpc->pack_type[0] = 0x10;
135 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
137 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
139 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
141 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
145 * If reading and pack_type[0] == 0 then the data is in big-endian
146 * format. Set the flag in the prs_struct to specify reverse-endainness.
149 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
150 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
151 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
154 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
156 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
158 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
163 /*******************************************************************
164 Reads or writes an RPC_IFACE structure.
165 ********************************************************************/
167 static bool smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
172 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
178 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
181 if(!prs_uint32 ("version", ps, depth, &ifc->if_version))
187 /*******************************************************************
188 Inits an RPC_ADDR_STR structure.
189 ********************************************************************/
191 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
193 str->len = strlen(name) + 1;
194 fstrcpy(str->str, name);
197 /*******************************************************************
198 Reads or writes an RPC_ADDR_STR structure.
199 ********************************************************************/
201 static bool smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
206 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
211 if(!prs_uint16 ( "len", ps, depth, &str->len))
213 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
218 /*******************************************************************
219 Inits an RPC_HDR_BBA structure.
220 ********************************************************************/
222 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
224 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
225 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
226 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
229 /*******************************************************************
230 Reads or writes an RPC_HDR_BBA structure.
231 ********************************************************************/
233 static bool smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
238 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
241 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
243 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
245 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
250 /*******************************************************************
251 Inits an RPC_CONTEXT structure.
252 Note the transfer pointer must remain valid until this is marshalled.
253 ********************************************************************/
255 void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id,
256 const RPC_IFACE *abstract, const RPC_IFACE *transfer)
258 rpc_ctx->context_id = context_id ; /* presentation context identifier (0x0) */
259 rpc_ctx->num_transfer_syntaxes = 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
261 /* num and vers. of interface client is using */
262 rpc_ctx->abstract = *abstract;
264 /* vers. of interface to use for replies */
265 rpc_ctx->transfer = CONST_DISCARD(RPC_IFACE *, transfer);
268 /*******************************************************************
269 Inits an RPC_HDR_RB structure.
270 Note the context pointer must remain valid until this is marshalled.
271 ********************************************************************/
273 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
274 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
275 RPC_CONTEXT *context)
277 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
279 rpc->num_contexts = 1;
280 rpc->rpc_context = context;
283 /*******************************************************************
284 Reads or writes an RPC_CONTEXT structure.
285 ********************************************************************/
287 bool smb_io_rpc_context(const char *desc, RPC_CONTEXT *rpc_ctx, prs_struct *ps, int depth)
296 if(!prs_uint16("context_id ", ps, depth, &rpc_ctx->context_id ))
298 if(!prs_uint8 ("num_transfer_syntaxes", ps, depth, &rpc_ctx->num_transfer_syntaxes))
301 /* num_transfer_syntaxes must not be zero. */
302 if (rpc_ctx->num_transfer_syntaxes == 0)
305 if(!smb_io_rpc_iface("", &rpc_ctx->abstract, ps, depth))
308 if (UNMARSHALLING(ps)) {
309 if (!(rpc_ctx->transfer = PRS_ALLOC_MEM(ps, RPC_IFACE, rpc_ctx->num_transfer_syntaxes))) {
314 for (i = 0; i < rpc_ctx->num_transfer_syntaxes; i++ ) {
315 if (!smb_io_rpc_iface("", &rpc_ctx->transfer[i], ps, depth))
321 /*******************************************************************
322 Reads or writes an RPC_HDR_RB structure.
323 ********************************************************************/
325 bool smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
332 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
335 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
338 if(!prs_uint8("num_contexts", ps, depth, &rpc->num_contexts))
341 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
343 /* num_contexts must not be zero. */
344 if (rpc->num_contexts == 0)
347 if (UNMARSHALLING(ps)) {
348 if (!(rpc->rpc_context = PRS_ALLOC_MEM(ps, RPC_CONTEXT, rpc->num_contexts))) {
353 for (i = 0; i < rpc->num_contexts; i++ ) {
354 if (!smb_io_rpc_context("", &rpc->rpc_context[i], ps, depth))
361 /*******************************************************************
362 Inits an RPC_RESULTS structure.
364 lkclXXXX only one reason at the moment!
365 ********************************************************************/
367 static void init_rpc_results(RPC_RESULTS *res,
368 uint8 num_results, uint16 result, uint16 reason)
370 res->num_results = num_results; /* the number of results (0x01) */
371 res->result = result ; /* result (0x00 = accept) */
372 res->reason = reason ; /* reason (0x00 = no reason specified) */
375 /*******************************************************************
376 Reads or writes an RPC_RESULTS structure.
378 lkclXXXX only one reason at the moment!
379 ********************************************************************/
381 static bool smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
386 prs_debug(ps, depth, desc, "smb_io_rpc_results");
392 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
398 if(!prs_uint16("result ", ps, depth, &res->result))
400 if(!prs_uint16("reason ", ps, depth, &res->reason))
405 /*******************************************************************
406 Init an RPC_HDR_BA structure.
408 lkclXXXX only one reason at the moment!
410 ********************************************************************/
412 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
413 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
414 const char *pipe_addr,
415 uint8 num_results, uint16 result, uint16 reason,
418 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
419 init_rpc_addr_str(&rpc->addr, pipe_addr);
420 init_rpc_results (&rpc->res, num_results, result, reason);
422 /* the transfer syntax from the request */
423 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
426 /*******************************************************************
427 Reads or writes an RPC_HDR_BA structure.
428 ********************************************************************/
430 bool smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
435 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
438 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
440 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
442 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
444 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
449 /*******************************************************************
450 Init an RPC_HDR_REQ structure.
451 ********************************************************************/
453 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
455 hdr->alloc_hint = alloc_hint; /* allocation hint */
456 hdr->context_id = 0; /* presentation context identifier */
457 hdr->opnum = opnum; /* opnum */
460 /*******************************************************************
461 Reads or writes an RPC_HDR_REQ structure.
462 ********************************************************************/
464 bool smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
469 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
472 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
474 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
476 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
481 /*******************************************************************
482 Reads or writes an RPC_HDR_RESP structure.
483 ********************************************************************/
485 bool smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
490 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
493 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
495 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
497 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
499 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
504 /*******************************************************************
505 Reads or writes an RPC_HDR_FAULT structure.
506 ********************************************************************/
508 bool smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
513 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
516 if(!prs_dcerpc_status("status ", ps, depth, &rpc->status))
518 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
524 /*******************************************************************
525 Inits an RPC_HDR_AUTH structure.
526 ********************************************************************/
528 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
529 uint8 auth_type, uint8 auth_level,
531 uint32 auth_context_id)
533 rai->auth_type = auth_type;
534 rai->auth_level = auth_level;
535 rai->auth_pad_len = auth_pad_len;
536 rai->auth_reserved = 0;
537 rai->auth_context_id = auth_context_id;
540 /*******************************************************************
541 Reads or writes an RPC_HDR_AUTH structure.
542 ********************************************************************/
544 bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
549 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
555 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type))
557 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level))
559 if(!prs_uint8 ("auth_pad_len ", ps, depth, &rai->auth_pad_len))
561 if(!prs_uint8 ("auth_reserved", ps, depth, &rai->auth_reserved))
563 if(!prs_uint32("auth_context_id", ps, depth, &rai->auth_context_id))
569 /*******************************************************************
570 Checks an RPC_AUTH_VERIFIER structure.
571 ********************************************************************/
573 bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
574 const char *signature, uint32 msg_type)
576 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
579 /*******************************************************************
580 Inits an RPC_AUTH_VERIFIER structure.
581 ********************************************************************/
583 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
584 const char *signature, uint32 msg_type)
586 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
587 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
590 /*******************************************************************
591 Reads or writes an RPC_AUTH_VERIFIER structure.
592 ********************************************************************/
594 bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
599 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
603 if(!prs_string("signature", ps, depth, rav->signature,
604 sizeof(rav->signature)))
606 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
612 /*******************************************************************
613 This parses an RPC_AUTH_VERIFIER for schannel. I think
614 ********************************************************************/
616 bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
621 prs_debug(ps, depth, desc, "smb_io_rpc_schannel_verifier");
624 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
626 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
632 /*******************************************************************
633 creates an RPC_AUTH_SCHANNEL_NEG structure.
634 ********************************************************************/
636 void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
637 const char *domain, const char *myname)
641 fstrcpy(neg->domain, domain);
642 fstrcpy(neg->myname, myname);
645 /*******************************************************************
646 Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
647 ********************************************************************/
649 bool smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
650 prs_struct *ps, int depth)
655 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_neg");
661 if(!prs_uint32("type1", ps, depth, &neg->type1))
663 if(!prs_uint32("type2", ps, depth, &neg->type2))
665 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
667 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
673 /*******************************************************************
674 reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
675 ********************************************************************/
677 bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
678 RPC_AUTH_SCHANNEL_CHK * chk,
679 prs_struct *ps, int depth)
684 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_chk");
687 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
690 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
693 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
696 if ( auth_len == RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ) {
697 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )