2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
37 { 0x9f, 0xe8, 0x08, 0x00, \
38 0x2b, 0x10, 0x48, 0x60 } \
42 #define SYNT_NETLOGON_V2 \
45 0x8a885d04, 0x1ceb, 0x11c9, \
46 { 0x9f, 0xe8, 0x08, 0x00, \
47 0x2b, 0x10, 0x48, 0x60 } \
51 #define SYNT_WKSSVC_V1 \
54 0x6bffd098, 0xa112, 0x3610, \
55 { 0x98, 0x33, 0x46, 0xc3, \
56 0xf8, 0x7e, 0x34, 0x5a } \
60 #define SYNT_SRVSVC_V3 \
63 0x4b324fc8, 0x1670, 0x01d3, \
64 { 0x12, 0x78, 0x5a, 0x47, \
65 0xbf, 0x6e, 0xe1, 0x88 } \
69 #define SYNT_LSARPC_V0 \
72 0x12345778, 0x1234, 0xabcd, \
73 { 0xef, 0x00, 0x01, 0x23, \
74 0x45, 0x67, 0x89, 0xab } \
78 #define SYNT_LSARPC_V0_DS \
81 0x3919286a, 0xb10c, 0x11d0, \
82 { 0x9b, 0xa8, 0x00, 0xc0, \
83 0x4f, 0xd9, 0x2e, 0xf5 } \
87 #define SYNT_SAMR_V1 \
90 0x12345778, 0x1234, 0xabcd, \
91 { 0xef, 0x00, 0x01, 0x23, \
92 0x45, 0x67, 0x89, 0xac } \
96 #define SYNT_NETLOGON_V1 \
99 0x12345678, 0x1234, 0xabcd, \
100 { 0xef, 0x00, 0x01, 0x23, \
101 0x45, 0x67, 0xcf, 0xfb } \
105 #define SYNT_WINREG_V1 \
108 0x338cd001, 0x2244, 0x31f1, \
109 { 0xaa, 0xaa, 0x90, 0x00, \
110 0x38, 0x00, 0x10, 0x03 } \
114 #define SYNT_SPOOLSS_V1 \
117 0x12345678, 0x1234, 0xabcd, \
118 { 0xef, 0x00, 0x01, 0x23, \
119 0x45, 0x67, 0x89, 0xab } \
123 #define SYNT_NONE_V0 \
127 { 0x00, 0x00, 0x00, 0x00, \
128 0x00, 0x00, 0x00, 0x00 } \
132 #define SYNT_NETDFS_V3 \
135 0x4fc742e0, 0x4a10, 0x11cf, \
136 { 0x82, 0x73, 0x00, 0xaa, \
137 0x00, 0x4a, 0xe6, 0x73 } \
141 #define SYNT_ECHO_V1 \
144 0x60a15ec5, 0x4de8, 0x11d7, \
145 { 0xa6, 0x37, 0x00, 0x50, \
146 0x56, 0xa2, 0x01, 0x82 } \
150 #define SYNT_SHUTDOWN_V1 \
153 0x894de0c0, 0x0d55, 0x11d3, \
154 { 0xa3, 0x22, 0x00, 0xc0, \
155 0x4f, 0xa3, 0x21, 0xa1 } \
159 #define SYNT_EPM_V3 \
162 0xe1af8308, 0x5d1f, 0x11c9, \
163 { 0x91, 0xa4, 0x08, 0x00, \
164 0x2b, 0x14, 0xa0, 0xfa } \
169 * IMPORTANT!! If you update this structure, make sure to
170 * update the index #defines in smb.h.
173 const struct pipe_id_info pipe_names [] =
175 /* client pipe , abstract syntax , server pipe , transfer syntax */
176 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 },
177 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 },
178 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
179 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
180 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
181 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
182 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
183 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
184 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
185 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 },
186 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 },
187 { PIPE_EPM , SYNT_EPM_V3 , PIPE_EPM , TRANS_SYNT_V2 },
188 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
191 /*******************************************************************
192 Inits an RPC_HDR structure.
193 ********************************************************************/
195 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
196 uint32 call_id, int data_len, int auth_len)
198 hdr->major = 5; /* RPC version 5 */
199 hdr->minor = 0; /* minor version 0 */
200 hdr->pkt_type = pkt_type; /* RPC packet type */
201 hdr->flags = flags; /* dce/rpc flags */
202 hdr->pack_type[0] = 0x10; /* little-endian data representation */
203 hdr->pack_type[1] = 0; /* packed data representation */
204 hdr->pack_type[2] = 0; /* packed data representation */
205 hdr->pack_type[3] = 0; /* packed data representation */
206 hdr->frag_len = data_len; /* fragment length, fill in later */
207 hdr->auth_len = auth_len; /* authentication length */
208 hdr->call_id = call_id; /* call identifier - match incoming RPC */
211 /*******************************************************************
212 Reads or writes an RPC_HDR structure.
213 ********************************************************************/
215 BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
220 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
223 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
226 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
228 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
230 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
233 /* We always marshall in little endian format. */
235 rpc->pack_type[0] = 0x10;
237 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
239 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
241 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
243 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
247 * If reading and pack_type[0] == 0 then the data is in big-endian
248 * format. Set the flag in the prs_struct to specify reverse-endainness.
251 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
252 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
253 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
256 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
258 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
260 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
265 /*******************************************************************
266 Reads or writes an RPC_UUID structure.
267 ********************************************************************/
269 BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth)
274 prs_debug(ps, depth, desc, "smb_io_rpc_uuid");
277 if(!prs_uint32 ("data ", ps, depth, &uuid->time_low))
279 if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid))
281 if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version))
284 if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining)))
290 /*******************************************************************
291 Reads or writes an RPC_IFACE structure.
292 ********************************************************************/
294 static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
299 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
305 if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth))
308 if(!prs_uint32 ("version", ps, depth, &ifc->version))
314 /*******************************************************************
315 Inits an RPC_ADDR_STR structure.
316 ********************************************************************/
318 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
320 str->len = strlen(name) + 1;
321 fstrcpy(str->str, name);
324 /*******************************************************************
325 Reads or writes an RPC_ADDR_STR structure.
326 ********************************************************************/
328 static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
333 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
338 if(!prs_uint16 ( "len", ps, depth, &str->len))
340 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
345 /*******************************************************************
346 Inits an RPC_HDR_BBA structure.
347 ********************************************************************/
349 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
351 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
352 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
353 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
356 /*******************************************************************
357 Reads or writes an RPC_HDR_BBA structure.
358 ********************************************************************/
360 static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
365 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
368 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
370 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
372 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
377 /*******************************************************************
378 Inits an RPC_HDR_RB structure.
379 ********************************************************************/
381 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
382 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
383 uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
384 RPC_IFACE *abstract, RPC_IFACE *transfer)
386 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
388 rpc->num_elements = num_elements ; /* the number of elements (0x1) */
389 rpc->context_id = context_id ; /* presentation context identifier (0x0) */
390 rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */
392 /* num and vers. of interface client is using */
393 rpc->abstract = *abstract;
395 /* num and vers. of interface to use for replies */
396 rpc->transfer = *transfer;
399 /*******************************************************************
400 Reads or writes an RPC_HDR_RB structure.
401 ********************************************************************/
403 BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
408 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
411 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
414 if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements))
416 if(!prs_uint16("context_id ", ps, depth, &rpc->context_id ))
418 if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes))
421 if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth))
423 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
429 /*******************************************************************
430 Inits an RPC_RESULTS structure.
432 lkclXXXX only one reason at the moment!
433 ********************************************************************/
435 static void init_rpc_results(RPC_RESULTS *res,
436 uint8 num_results, uint16 result, uint16 reason)
438 res->num_results = num_results; /* the number of results (0x01) */
439 res->result = result ; /* result (0x00 = accept) */
440 res->reason = reason ; /* reason (0x00 = no reason specified) */
443 /*******************************************************************
444 Reads or writes an RPC_RESULTS structure.
446 lkclXXXX only one reason at the moment!
447 ********************************************************************/
449 static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
454 prs_debug(ps, depth, desc, "smb_io_rpc_results");
460 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
466 if(!prs_uint16("result ", ps, depth, &res->result))
468 if(!prs_uint16("reason ", ps, depth, &res->reason))
473 /*******************************************************************
474 Init an RPC_HDR_BA structure.
476 lkclXXXX only one reason at the moment!
478 ********************************************************************/
480 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
481 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
482 const char *pipe_addr,
483 uint8 num_results, uint16 result, uint16 reason,
486 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
487 init_rpc_addr_str(&rpc->addr, pipe_addr);
488 init_rpc_results (&rpc->res, num_results, result, reason);
490 /* the transfer syntax from the request */
491 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
494 /*******************************************************************
495 Reads or writes an RPC_HDR_BA structure.
496 ********************************************************************/
498 BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
503 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
506 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
508 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
510 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
512 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
517 /*******************************************************************
518 Init an RPC_HDR_REQ structure.
519 ********************************************************************/
521 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
523 hdr->alloc_hint = alloc_hint; /* allocation hint */
524 hdr->context_id = 0; /* presentation context identifier */
525 hdr->opnum = opnum; /* opnum */
528 /*******************************************************************
529 Reads or writes an RPC_HDR_REQ structure.
530 ********************************************************************/
532 BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
537 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
540 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
542 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
544 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
549 /*******************************************************************
550 Reads or writes an RPC_HDR_RESP structure.
551 ********************************************************************/
553 BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
558 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
561 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
563 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
565 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
567 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
572 /*******************************************************************
573 Reads or writes an RPC_HDR_FAULT structure.
574 ********************************************************************/
576 BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
581 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
584 if(!prs_ntstatus("status ", ps, depth, &rpc->status))
586 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
592 /*******************************************************************
593 Init an RPC_HDR_AUTHA structure.
594 ********************************************************************/
596 void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
597 uint16 max_tsize, uint16 max_rsize,
598 uint8 auth_type, uint8 auth_level,
601 rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
602 rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
604 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
605 rai->auth_level = auth_level; /* 0x06 */
606 rai->stub_type_len = stub_type_len; /* 0x00 */
607 rai->padding = 0; /* padding 0x00 */
609 rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
612 /*******************************************************************
613 Reads or writes an RPC_HDR_AUTHA structure.
614 ********************************************************************/
616 BOOL smb_io_rpc_hdr_autha(const char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth)
621 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha");
624 if(!prs_uint16("max_tsize ", ps, depth, &rai->max_tsize))
626 if(!prs_uint16("max_rsize ", ps, depth, &rai->max_rsize))
629 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
631 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
633 if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len))
635 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
638 if(!prs_uint32("unknown ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */
644 /*******************************************************************
645 Inits an RPC_HDR_AUTH structure.
646 ********************************************************************/
648 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
649 uint8 auth_type, uint8 auth_level,
653 rai->auth_type = auth_type; /* nt lm ssp 0x0a */
654 rai->auth_level = auth_level; /* 0x06 */
655 rai->padding = padding;
658 rai->auth_context = ptr; /* non-zero pointer to something */
661 /*******************************************************************
662 Reads or writes an RPC_HDR_AUTH structure.
663 ********************************************************************/
665 BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
670 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
676 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
678 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level)) /* 0x06 */
680 if(!prs_uint8 ("padding ", ps, depth, &rai->padding))
682 if(!prs_uint8 ("reserved ", ps, depth, &rai->reserved))
684 if(!prs_uint32("auth_context ", ps, depth, &rai->auth_context))
690 /*******************************************************************
691 Checks an RPC_AUTH_VERIFIER structure.
692 ********************************************************************/
694 BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
695 const char *signature, uint32 msg_type)
697 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
700 /*******************************************************************
701 Inits an RPC_AUTH_VERIFIER structure.
702 ********************************************************************/
704 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
705 const char *signature, uint32 msg_type)
707 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
708 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
711 /*******************************************************************
712 Reads or writes an RPC_AUTH_VERIFIER structure.
713 ********************************************************************/
715 BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
720 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
724 if(!prs_string("signature", ps, depth, rav->signature,
725 sizeof(rav->signature)))
727 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
733 /*******************************************************************
734 This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
735 assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
736 I have to look at that later...
737 ********************************************************************/
739 BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
744 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
747 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
749 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
755 /*******************************************************************
756 Inits an RPC_AUTH_NTLMSSP_NEG structure.
757 ********************************************************************/
759 void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
761 const char *myname, const char *domain)
763 int len_myname = strlen(myname);
764 int len_domain = strlen(domain);
766 neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
768 init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
769 init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
771 fstrcpy(neg->myname, myname);
772 fstrcpy(neg->domain, domain);
775 /*******************************************************************
776 Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
778 *** lkclXXXX HACK ALERT! ***
779 ********************************************************************/
781 BOOL smb_io_rpc_auth_ntlmssp_neg(const char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
783 uint32 start_offset = prs_offset(ps);
787 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg");
790 if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs))
795 uint32 old_neg_flags = neg->neg_flgs;
801 neg->neg_flgs = old_neg_flags;
803 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
805 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
808 old_offset = prs_offset(ps);
810 if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12))
813 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
814 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
817 old_offset += neg->hdr_myname.str_str_len;
819 if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12))
822 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
823 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
826 old_offset += neg->hdr_domain .str_str_len;
828 if(!prs_set_offset(ps, old_offset))
832 if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
834 if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
837 if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname,
838 MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
840 if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain,
841 MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain ))))
848 /*******************************************************************
849 creates an RPC_AUTH_NTLMSSP_CHAL structure.
850 ********************************************************************/
852 void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
856 chl->unknown_1 = 0x0;
857 chl->unknown_2 = 0x00000028;
858 chl->neg_flags = neg_flags; /* 0x0082b1 */
860 memcpy(chl->challenge, challenge, sizeof(chl->challenge));
861 memset((char *)chl->reserved , '\0', sizeof(chl->reserved));
864 /*******************************************************************
865 Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
866 ********************************************************************/
868 BOOL smb_io_rpc_auth_ntlmssp_chal(const char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth)
873 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal");
876 if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */
878 if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */
880 if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */
883 if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge)))
885 if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved )))
891 /*******************************************************************
892 Inits an RPC_AUTH_NTLMSSP_RESP structure.
894 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
895 *** lkclXXXX the actual offset is at the start of the auth verifier ***
896 ********************************************************************/
898 void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
899 uchar lm_resp[24], uchar nt_resp[24],
900 const char *domain, const char *user, const char *wks,
904 int dom_len = strlen(domain);
905 int wks_len = strlen(wks);
906 int usr_len = strlen(user);
907 int lm_len = (lm_resp != NULL) ? 24 : 0;
908 int nt_len = (nt_resp != NULL) ? 24 : 0;
910 DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
912 #ifdef DEBUG_PASSWORD
913 DEBUG(100,("lm_resp\n"));
914 dump_data(100, (char *)lm_resp, 24);
915 DEBUG(100,("nt_resp\n"));
916 dump_data(100, (char *)nt_resp, 24);
919 DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
920 domain, user, wks, neg_flags));
924 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
930 init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset);
933 init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset);
936 init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset);
939 init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
942 init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
945 init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
947 rsp->neg_flags = neg_flags;
949 memcpy(rsp->lm_resp, lm_resp, 24);
950 memcpy(rsp->nt_resp, nt_resp, 24);
952 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
953 rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0);
954 rpcstr_push(rsp->user, user, sizeof(rsp->user), 0);
955 rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0);
957 fstrcpy(rsp->domain, domain);
958 fstrcpy(rsp->user, user);
959 fstrcpy(rsp->wks, wks);
962 rsp->sess_key[0] = 0;
965 /*******************************************************************
966 Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
968 *** lkclXXXX FUDGE! HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
969 *** lkclXXXX the actual offset is at the start of the auth verifier ***
970 ********************************************************************/
972 BOOL smb_io_rpc_auth_ntlmssp_resp(const char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth)
977 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
987 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
989 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
991 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
993 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
995 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
997 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
1000 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
1003 old_offset = prs_offset(ps);
1005 if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc))
1008 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1009 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1012 old_offset += rsp->hdr_domain.str_str_len;
1014 if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc))
1017 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1018 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1021 old_offset += rsp->hdr_usr.str_str_len;
1023 if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc))
1026 if(!prs_uint8s(True, "wks ", ps, depth, (uint8*)rsp->wks,
1027 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1030 old_offset += rsp->hdr_wks.str_str_len;
1032 if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc))
1035 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1036 MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp ))))
1039 old_offset += rsp->hdr_lm_resp.str_str_len;
1041 if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc))
1044 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1045 MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp ))))
1048 old_offset += rsp->hdr_nt_resp.str_str_len;
1050 if (rsp->hdr_sess_key.str_str_len != 0) {
1052 if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10))
1055 old_offset += rsp->hdr_sess_key.str_str_len;
1057 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1058 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1062 if(!prs_set_offset(ps, old_offset))
1066 if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
1068 if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
1070 if(!smb_io_strhdr("hdr_domain ", &rsp->hdr_domain, ps, depth))
1072 if(!smb_io_strhdr("hdr_user ", &rsp->hdr_usr, ps, depth))
1074 if(!smb_io_strhdr("hdr_wks ", &rsp->hdr_wks, ps, depth))
1076 if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
1079 if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
1082 if(!prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain,
1083 MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
1086 if(!prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user,
1087 MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
1090 if(!prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks,
1091 MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
1093 if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
1094 MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp))))
1096 if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
1097 MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))))
1099 if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
1100 MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
1107 /*******************************************************************
1108 Checks an RPC_AUTH_NTLMSSP_CHK structure.
1109 ********************************************************************/
1111 BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
1116 if (chk->crc32 != crc32 ||
1117 chk->ver != NTLMSSP_SIGN_VERSION ||
1118 chk->seq_num != seq_num)
1120 DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
1121 chk->crc32, chk->ver, chk->seq_num));
1123 DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
1124 crc32, NTLMSSP_SIGN_VERSION, seq_num));
1130 /*******************************************************************
1131 Inits an RPC_AUTH_NTLMSSP_CHK structure.
1132 ********************************************************************/
1134 void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
1135 uint32 ver, uint32 crc32, uint32 seq_num)
1138 chk->reserved = 0x0;
1140 chk->seq_num = seq_num;
1143 /*******************************************************************
1144 Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
1145 ********************************************************************/
1147 BOOL smb_io_rpc_auth_ntlmssp_chk(const char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
1152 prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
1158 if(!prs_uint32("ver ", ps, depth, &chk->ver))
1160 if(!prs_uint32("reserved", ps, depth, &chk->reserved))
1162 if(!prs_uint32("crc32 ", ps, depth, &chk->crc32))
1164 if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num))
1170 /*******************************************************************
1171 creates an RPC_AUTH_NETSEC_NEG structure.
1172 ********************************************************************/
1173 void init_rpc_auth_netsec_neg(RPC_AUTH_NETSEC_NEG *neg,
1174 const char *domain, const char *myname)
1178 fstrcpy(neg->domain, domain);
1179 fstrcpy(neg->myname, myname);
1182 /*******************************************************************
1183 Reads or writes an RPC_AUTH_NETSEC_NEG structure.
1184 ********************************************************************/
1186 BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
1187 prs_struct *ps, int depth)
1192 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_neg");
1198 if(!prs_uint32("type1", ps, depth, &neg->type1))
1200 if(!prs_uint32("type2", ps, depth, &neg->type2))
1202 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
1204 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
1210 /*******************************************************************
1211 reads or writes an RPC_AUTH_NETSEC_CHK structure.
1212 ********************************************************************/
1213 BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk,
1214 prs_struct *ps, int depth)
1219 prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
1222 prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig));
1223 prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num));
1224 prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest));
1225 prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder));