s3-schannel: fix Coverity #950 OVERRUN_STATIC.
[ira/wip.git] / source3 / rpc_parse / parse_prs.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Samba memory buffer functions
4    Copyright (C) Andrew Tridgell              1992-1997
5    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6    Copyright (C) Jeremy Allison               1999
7    Copyright (C) Andrew Bartlett              2003.
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "../librpc/gen_ndr/ndr_schannel.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /**
30  * Dump a prs to a file: from the current location through to the end.
31  **/
32 void prs_dump(const char *name, int v, prs_struct *ps)
33 {
34         prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
35 }
36
37 /**
38  * Dump from the start of the prs to the current location.
39  **/
40 void prs_dump_before(const char *name, int v, prs_struct *ps)
41 {
42         prs_dump_region(name, v, ps, 0, ps->data_offset);
43 }
44
45 /**
46  * Dump everything from the start of the prs up to the current location.
47  **/
48 void prs_dump_region(const char *name, int v, prs_struct *ps,
49                      int from_off, int to_off)
50 {
51         int fd, i;
52         char *fname = NULL;
53         ssize_t sz;
54         if (DEBUGLEVEL < 50) return;
55         for (i=1;i<100;i++) {
56                 if (v != -1) {
57                         if (asprintf(&fname,"/tmp/%s_%d.%d.prs", name, v, i) < 0) {
58                                 return;
59                         }
60                 } else {
61                         if (asprintf(&fname,"/tmp/%s.%d.prs", name, i) < 0) {
62                                 return;
63                         }
64                 }
65                 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
66                 if (fd != -1 || errno != EEXIST) break;
67         }
68         if (fd != -1) {
69                 sz = write(fd, ps->data_p + from_off, to_off - from_off);
70                 i = close(fd);
71                 if ( (sz != to_off-from_off) || (i != 0) ) {
72                         DEBUG(0,("Error writing/closing %s: %ld!=%ld %d\n", fname, (unsigned long)sz, (unsigned long)to_off-from_off, i ));
73                 } else {
74                         DEBUG(0,("created %s\n", fname));
75                 }
76         }
77         SAFE_FREE(fname);
78 }
79
80 /*******************************************************************
81  Debug output for parsing info
82
83  XXXX side-effect of this function is to increase the debug depth XXXX.
84
85 ********************************************************************/
86
87 void prs_debug(prs_struct *ps, int depth, const char *desc, const char *fn_name)
88 {
89         DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(5+depth,depth), ps->data_offset, fn_name, desc));
90 }
91
92 /**
93  * Initialise an expandable parse structure.
94  *
95  * @param size Initial buffer size.  If >0, a new buffer will be
96  * created with malloc().
97  *
98  * @return False if allocation fails, otherwise True.
99  **/
100
101 bool prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, bool io)
102 {
103         ZERO_STRUCTP(ps);
104         ps->io = io;
105         ps->bigendian_data = RPC_LITTLE_ENDIAN;
106         ps->align = RPC_PARSE_ALIGN;
107         ps->is_dynamic = False;
108         ps->data_offset = 0;
109         ps->buffer_size = 0;
110         ps->data_p = NULL;
111         ps->mem_ctx = ctx;
112
113         if (size != 0) {
114                 ps->buffer_size = size;
115                 if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
116                         DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
117                         return False;
118                 }
119                 memset(ps->data_p, '\0', (size_t)size);
120                 ps->is_dynamic = True; /* We own this memory. */
121         } else if (MARSHALLING(ps)) {
122                 /* If size is zero and we're marshalling we should allocate memory on demand. */
123                 ps->is_dynamic = True;
124         }
125
126         return True;
127 }
128
129 /*******************************************************************
130  Delete the memory in a parse structure - if we own it.
131
132  NOTE: Contrary to the somewhat confusing naming, this function is not
133        intended for freeing memory allocated by prs_alloc_mem().  That memory
134        is attached to the talloc context given by ps->mem_ctx.
135  ********************************************************************/
136
137 void prs_mem_free(prs_struct *ps)
138 {
139         if(ps->is_dynamic)
140                 SAFE_FREE(ps->data_p);
141         ps->is_dynamic = False;
142         ps->buffer_size = 0;
143         ps->data_offset = 0;
144 }
145
146 /*******************************************************************
147  Clear the memory in a parse structure.
148  ********************************************************************/
149
150 void prs_mem_clear(prs_struct *ps)
151 {
152         if (ps->buffer_size)
153                 memset(ps->data_p, '\0', (size_t)ps->buffer_size);
154 }
155
156 /*******************************************************************
157  Allocate memory when unmarshalling... Always zero clears.
158  ********************************************************************/
159
160 #if defined(PARANOID_MALLOC_CHECKER)
161 char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
162 #else
163 char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
164 #endif
165 {
166         char *ret = NULL;
167
168         if (size && count) {
169                 /* We can't call the type-safe version here. */
170                 ret = (char *)_talloc_zero_array(ps->mem_ctx, size, count,
171                                                  "parse_prs");
172         }
173         return ret;
174 }
175
176 /*******************************************************************
177  Return the current talloc context we're using.
178  ********************************************************************/
179
180 TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
181 {
182         return ps->mem_ctx;
183 }
184
185 /*******************************************************************
186  Hand some already allocated memory to a prs_struct.
187  ********************************************************************/
188
189 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, bool is_dynamic)
190 {
191         ps->is_dynamic = is_dynamic;
192         ps->data_p = buf;
193         ps->buffer_size = size;
194 }
195
196 /*******************************************************************
197  Take some memory back from a prs_struct.
198  ********************************************************************/
199
200 char *prs_take_memory(prs_struct *ps, uint32 *psize)
201 {
202         char *ret = ps->data_p;
203         if(psize)
204                 *psize = ps->buffer_size;
205         ps->is_dynamic = False;
206         prs_mem_free(ps);
207         return ret;
208 }
209
210 /*******************************************************************
211  Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
212  ********************************************************************/
213
214 bool prs_set_buffer_size(prs_struct *ps, uint32 newsize)
215 {
216         if (newsize > ps->buffer_size)
217                 return prs_force_grow(ps, newsize - ps->buffer_size);
218
219         if (newsize < ps->buffer_size) {
220                 ps->buffer_size = newsize;
221
222                 /* newsize == 0 acts as a free and set pointer to NULL */
223                 if (newsize == 0) {
224                         SAFE_FREE(ps->data_p);
225                 } else {
226                         ps->data_p = (char *)SMB_REALLOC(ps->data_p, newsize);
227
228                         if (ps->data_p == NULL) {
229                                 DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
230                                         (unsigned int)newsize));
231                                 DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
232                                 return False;
233                         }
234                 }
235         }
236
237         return True;
238 }
239
240 /*******************************************************************
241  Attempt, if needed, to grow a data buffer.
242  Also depends on the data stream mode (io).
243  ********************************************************************/
244
245 bool prs_grow(prs_struct *ps, uint32 extra_space)
246 {
247         uint32 new_size;
248
249         ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
250
251         if(ps->data_offset + extra_space <= ps->buffer_size)
252                 return True;
253
254         /*
255          * We cannot grow the buffer if we're not reading
256          * into the prs_struct, or if we don't own the memory.
257          */
258
259         if(UNMARSHALLING(ps) || !ps->is_dynamic) {
260                 DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
261                                 (unsigned int)extra_space));
262                 return False;
263         }
264         
265         /*
266          * Decide how much extra space we really need.
267          */
268
269         extra_space -= (ps->buffer_size - ps->data_offset);
270         if(ps->buffer_size == 0) {
271
272                 /*
273                  * Start with 128 bytes (arbitrary value), enough for small rpc
274                  * requests
275                  */
276                 new_size = MAX(128, extra_space);
277
278                 if((ps->data_p = (char *)SMB_MALLOC(new_size)) == NULL) {
279                         DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
280                         return False;
281                 }
282                 memset(ps->data_p, '\0', (size_t)new_size );
283         } else {
284                 /*
285                  * If the current buffer size is bigger than the space needed,
286                  * just double it, else add extra_space. Always keep 64 bytes
287                  * more, so that after we added a large blob we don't have to
288                  * realloc immediately again.
289                  */
290                 new_size = MAX(ps->buffer_size*2,
291                                ps->buffer_size + extra_space + 64);
292
293                 if ((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
294                         DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
295                                 (unsigned int)new_size));
296                         return False;
297                 }
298
299                 memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
300         }
301         ps->buffer_size = new_size;
302
303         return True;
304 }
305
306 /*******************************************************************
307  Attempt to force a data buffer to grow by len bytes.
308  This is only used when appending more data onto a prs_struct
309  when reading an rpc reply, before unmarshalling it.
310  ********************************************************************/
311
312 bool prs_force_grow(prs_struct *ps, uint32 extra_space)
313 {
314         uint32 new_size = ps->buffer_size + extra_space;
315
316         if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
317                 DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
318                                 (unsigned int)extra_space));
319                 return False;
320         }
321
322         if((ps->data_p = (char *)SMB_REALLOC(ps->data_p, new_size)) == NULL) {
323                 DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
324                         (unsigned int)new_size));
325                 return False;
326         }
327
328         memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
329
330         ps->buffer_size = new_size;
331
332         return True;
333 }
334
335 /*******************************************************************
336  Get the data pointer (external interface).
337 ********************************************************************/
338
339 char *prs_data_p(prs_struct *ps)
340 {
341         return ps->data_p;
342 }
343
344 /*******************************************************************
345  Get the current data size (external interface).
346  ********************************************************************/
347
348 uint32 prs_data_size(prs_struct *ps)
349 {
350         return ps->buffer_size;
351 }
352
353 /*******************************************************************
354  Fetch the current offset (external interface).
355  ********************************************************************/
356
357 uint32 prs_offset(prs_struct *ps)
358 {
359         return ps->data_offset;
360 }
361
362 /*******************************************************************
363  Set the current offset (external interface).
364  ********************************************************************/
365
366 bool prs_set_offset(prs_struct *ps, uint32 offset)
367 {
368         if ((offset > ps->data_offset)
369             && !prs_grow(ps, offset - ps->data_offset)) {
370                 return False;
371         }
372
373         ps->data_offset = offset;
374         return True;
375 }
376
377 /*******************************************************************
378  Append the data from one parse_struct into another.
379  ********************************************************************/
380
381 bool prs_append_prs_data(prs_struct *dst, prs_struct *src)
382 {
383         if (prs_offset(src) == 0)
384                 return True;
385
386         if(!prs_grow(dst, prs_offset(src)))
387                 return False;
388
389         memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
390         dst->data_offset += prs_offset(src);
391
392         return True;
393 }
394
395 /*******************************************************************
396  Append some data from one parse_struct into another.
397  ********************************************************************/
398
399 bool prs_append_some_data(prs_struct *dst, void *src_base, uint32_t start,
400                           uint32_t len)
401 {
402         if (len == 0) {
403                 return true;
404         }
405
406         if(!prs_grow(dst, len)) {
407                 return false;
408         }
409
410         memcpy(&dst->data_p[dst->data_offset], ((char *)src_base) + start, (size_t)len);
411         dst->data_offset += len;
412         return true;
413 }
414
415 bool prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start,
416                               uint32 len)
417 {
418         return prs_append_some_data(dst, src->data_p, start, len);
419 }
420
421 /*******************************************************************
422  Append the data from a buffer into a parse_struct.
423  ********************************************************************/
424
425 bool prs_copy_data_in(prs_struct *dst, const char *src, uint32 len)
426 {
427         if (len == 0)
428                 return True;
429
430         if(!prs_grow(dst, len))
431                 return False;
432
433         memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
434         dst->data_offset += len;
435
436         return True;
437 }
438
439 /*******************************************************************
440  Copy some data from a parse_struct into a buffer.
441  ********************************************************************/
442
443 bool prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
444 {
445         if (len == 0)
446                 return True;
447
448         if(!prs_mem_get(src, len))
449                 return False;
450
451         memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
452         src->data_offset += len;
453
454         return True;
455 }
456
457 /*******************************************************************
458  Copy all the data from a parse_struct into a buffer.
459  ********************************************************************/
460
461 bool prs_copy_all_data_out(char *dst, prs_struct *src)
462 {
463         uint32 len = prs_offset(src);
464
465         if (!len)
466                 return True;
467
468         prs_set_offset(src, 0);
469         return prs_copy_data_out(dst, src, len);
470 }
471
472 /*******************************************************************
473  Set the data as X-endian (external interface).
474  ********************************************************************/
475
476 void prs_set_endian_data(prs_struct *ps, bool endian)
477 {
478         ps->bigendian_data = endian;
479 }
480
481 /*******************************************************************
482  Align a the data_len to a multiple of align bytes - filling with
483  zeros.
484  ********************************************************************/
485
486 bool prs_align(prs_struct *ps)
487 {
488         uint32 mod = ps->data_offset & (ps->align-1);
489
490         if (ps->align != 0 && mod != 0) {
491                 uint32 extra_space = (ps->align - mod);
492                 if(!prs_grow(ps, extra_space))
493                         return False;
494                 memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
495                 ps->data_offset += extra_space;
496         }
497
498         return True;
499 }
500
501 /******************************************************************
502  Align on a 2 byte boundary
503  *****************************************************************/
504  
505 bool prs_align_uint16(prs_struct *ps)
506 {
507         bool ret;
508         uint8 old_align = ps->align;
509
510         ps->align = 2;
511         ret = prs_align(ps);
512         ps->align = old_align;
513         
514         return ret;
515 }
516
517 /******************************************************************
518  Align on a 8 byte boundary
519  *****************************************************************/
520  
521 bool prs_align_uint64(prs_struct *ps)
522 {
523         bool ret;
524         uint8 old_align = ps->align;
525
526         ps->align = 8;
527         ret = prs_align(ps);
528         ps->align = old_align;
529         
530         return ret;
531 }
532
533 /******************************************************************
534  Align on a specific byte boundary
535  *****************************************************************/
536  
537 bool prs_align_custom(prs_struct *ps, uint8 boundary)
538 {
539         bool ret;
540         uint8 old_align = ps->align;
541
542         ps->align = boundary;
543         ret = prs_align(ps);
544         ps->align = old_align;
545         
546         return ret;
547 }
548
549
550
551 /*******************************************************************
552  Align only if required (for the unistr2 string mainly)
553  ********************************************************************/
554
555 bool prs_align_needed(prs_struct *ps, uint32 needed)
556 {
557         if (needed==0)
558                 return True;
559         else
560                 return prs_align(ps);
561 }
562
563 /*******************************************************************
564  Ensure we can read/write to a given offset.
565  ********************************************************************/
566
567 char *prs_mem_get(prs_struct *ps, uint32 extra_size)
568 {
569         if(UNMARSHALLING(ps)) {
570                 /*
571                  * If reading, ensure that we can read the requested size item.
572                  */
573                 if (ps->data_offset + extra_size > ps->buffer_size) {
574                         DEBUG(0,("prs_mem_get: reading data of size %u would overrun "
575                                 "buffer by %u bytes.\n",
576                                 (unsigned int)extra_size,
577                                 (unsigned int)(ps->data_offset + extra_size - ps->buffer_size) ));
578                         return NULL;
579                 }
580         } else {
581                 /*
582                  * Writing - grow the buffer if needed.
583                  */
584                 if(!prs_grow(ps, extra_size))
585                         return NULL;
586         }
587         return &ps->data_p[ps->data_offset];
588 }
589
590 /*******************************************************************
591  Change the struct type.
592  ********************************************************************/
593
594 void prs_switch_type(prs_struct *ps, bool io)
595 {
596         if ((ps->io ^ io) == True)
597                 ps->io=io;
598 }
599
600 /*******************************************************************
601  Force a prs_struct to be dynamic even when it's size is 0.
602  ********************************************************************/
603
604 void prs_force_dynamic(prs_struct *ps)
605 {
606         ps->is_dynamic=True;
607 }
608
609 /*******************************************************************
610  Associate a session key with a parse struct.
611  ********************************************************************/
612
613 void prs_set_session_key(prs_struct *ps, const char sess_key[16])
614 {
615         ps->sess_key = sess_key;
616 }
617
618 /*******************************************************************
619  Stream a uint8.
620  ********************************************************************/
621
622 bool prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8)
623 {
624         char *q = prs_mem_get(ps, 1);
625         if (q == NULL)
626                 return False;
627
628         if (UNMARSHALLING(ps))
629                 *data8 = CVAL(q,0);
630         else
631                 SCVAL(q,0,*data8);
632
633         DEBUGADD(5,("%s%04x %s: %02x\n", tab_depth(5,depth), ps->data_offset, name, *data8));
634
635         ps->data_offset += 1;
636
637         return True;
638 }
639
640 /*******************************************************************
641  Stream a uint16.
642  ********************************************************************/
643
644 bool prs_uint16(const char *name, prs_struct *ps, int depth, uint16 *data16)
645 {
646         char *q = prs_mem_get(ps, sizeof(uint16));
647         if (q == NULL)
648                 return False;
649
650         if (UNMARSHALLING(ps)) {
651                 if (ps->bigendian_data)
652                         *data16 = RSVAL(q,0);
653                 else
654                         *data16 = SVAL(q,0);
655         } else {
656                 if (ps->bigendian_data)
657                         RSSVAL(q,0,*data16);
658                 else
659                         SSVAL(q,0,*data16);
660         }
661
662         DEBUGADD(5,("%s%04x %s: %04x\n", tab_depth(5,depth), ps->data_offset, name, *data16));
663
664         ps->data_offset += sizeof(uint16);
665
666         return True;
667 }
668
669 /*******************************************************************
670  Stream a uint32.
671  ********************************************************************/
672
673 bool prs_uint32(const char *name, prs_struct *ps, int depth, uint32 *data32)
674 {
675         char *q = prs_mem_get(ps, sizeof(uint32));
676         if (q == NULL)
677                 return False;
678
679         if (UNMARSHALLING(ps)) {
680                 if (ps->bigendian_data)
681                         *data32 = RIVAL(q,0);
682                 else
683                         *data32 = IVAL(q,0);
684         } else {
685                 if (ps->bigendian_data)
686                         RSIVAL(q,0,*data32);
687                 else
688                         SIVAL(q,0,*data32);
689         }
690
691         DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
692
693         ps->data_offset += sizeof(uint32);
694
695         return True;
696 }
697
698 /*******************************************************************
699  Stream an int32.
700  ********************************************************************/
701
702 bool prs_int32(const char *name, prs_struct *ps, int depth, int32 *data32)
703 {
704         char *q = prs_mem_get(ps, sizeof(int32));
705         if (q == NULL)
706                 return False;
707
708         if (UNMARSHALLING(ps)) {
709                 if (ps->bigendian_data)
710                         *data32 = RIVALS(q,0);
711                 else
712                         *data32 = IVALS(q,0);
713         } else {
714                 if (ps->bigendian_data)
715                         RSIVALS(q,0,*data32);
716                 else
717                         SIVALS(q,0,*data32);
718         }
719
720         DEBUGADD(5,("%s%04x %s: %08x\n", tab_depth(5,depth), ps->data_offset, name, *data32));
721
722         ps->data_offset += sizeof(int32);
723
724         return True;
725 }
726
727 /*******************************************************************
728  Stream a uint64_struct
729  ********************************************************************/
730 bool prs_uint64(const char *name, prs_struct *ps, int depth, uint64 *data64)
731 {
732         if (UNMARSHALLING(ps)) {
733                 uint32 high, low;
734
735                 if (!prs_uint32(name, ps, depth+1, &low))
736                         return False;
737
738                 if (!prs_uint32(name, ps, depth+1, &high))
739                         return False;
740
741                 *data64 = ((uint64_t)high << 32) + low;
742
743                 return True;
744         } else {
745                 uint32 high = (*data64) >> 32, low = (*data64) & 0xFFFFFFFF;
746                 return prs_uint32(name, ps, depth+1, &low) &&
747                            prs_uint32(name, ps, depth+1, &high);
748         }
749 }
750
751 /*******************************************************************
752  Stream a DCE error code
753  ********************************************************************/
754
755 bool prs_dcerpc_status(const char *name, prs_struct *ps, int depth, NTSTATUS *status)
756 {
757         char *q = prs_mem_get(ps, sizeof(uint32));
758         if (q == NULL)
759                 return False;
760
761         if (UNMARSHALLING(ps)) {
762                 if (ps->bigendian_data)
763                         *status = NT_STATUS(RIVAL(q,0));
764                 else
765                         *status = NT_STATUS(IVAL(q,0));
766         } else {
767                 if (ps->bigendian_data)
768                         RSIVAL(q,0,NT_STATUS_V(*status));
769                 else
770                         SIVAL(q,0,NT_STATUS_V(*status));
771         }
772
773         DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name,
774                  dcerpc_errstr(debug_ctx(), NT_STATUS_V(*status))));
775
776         ps->data_offset += sizeof(uint32);
777
778         return True;
779 }
780
781 /******************************************************************
782  Stream an array of uint8s. Length is number of uint8s.
783  ********************************************************************/
784
785 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
786 {
787         int i;
788         char *q = prs_mem_get(ps, len);
789         if (q == NULL)
790                 return False;
791
792         if (UNMARSHALLING(ps)) {
793                 for (i = 0; i < len; i++)
794                         data8s[i] = CVAL(q,i);
795         } else {
796                 for (i = 0; i < len; i++)
797                         SCVAL(q, i, data8s[i]);
798         }
799
800         DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset ,name));
801         if (charmode)
802                 print_asc(5, (unsigned char*)data8s, len);
803         else {
804                 for (i = 0; i < len; i++)
805                         DEBUGADD(5,("%02x ", data8s[i]));
806         }
807         DEBUGADD(5,("\n"));
808
809         ps->data_offset += len;
810
811         return True;
812 }
813
814 /******************************************************************
815  Stream an array of uint16s. Length is number of uint16s.
816  ********************************************************************/
817
818 bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
819 {
820         int i;
821         char *q = prs_mem_get(ps, len * sizeof(uint16));
822         if (q == NULL)
823                 return False;
824
825         if (UNMARSHALLING(ps)) {
826                 if (ps->bigendian_data) {
827                         for (i = 0; i < len; i++)
828                                 data16s[i] = RSVAL(q, 2*i);
829                 } else {
830                         for (i = 0; i < len; i++)
831                                 data16s[i] = SVAL(q, 2*i);
832                 }
833         } else {
834                 if (ps->bigendian_data) {
835                         for (i = 0; i < len; i++)
836                                 RSSVAL(q, 2*i, data16s[i]);
837                 } else {
838                         for (i = 0; i < len; i++)
839                                 SSVAL(q, 2*i, data16s[i]);
840                 }
841         }
842
843         DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
844         if (charmode)
845                 print_asc(5, (unsigned char*)data16s, 2*len);
846         else {
847                 for (i = 0; i < len; i++)
848                         DEBUGADD(5,("%04x ", data16s[i]));
849         }
850         DEBUGADD(5,("\n"));
851
852         ps->data_offset += (len * sizeof(uint16));
853
854         return True;
855 }
856
857 /******************************************************************
858  Stream an array of uint32s. Length is number of uint32s.
859  ********************************************************************/
860
861 bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
862 {
863         int i;
864         char *q = prs_mem_get(ps, len * sizeof(uint32));
865         if (q == NULL)
866                 return False;
867
868         if (UNMARSHALLING(ps)) {
869                 if (ps->bigendian_data) {
870                         for (i = 0; i < len; i++)
871                                 data32s[i] = RIVAL(q, 4*i);
872                 } else {
873                         for (i = 0; i < len; i++)
874                                 data32s[i] = IVAL(q, 4*i);
875                 }
876         } else {
877                 if (ps->bigendian_data) {
878                         for (i = 0; i < len; i++)
879                                 RSIVAL(q, 4*i, data32s[i]);
880                 } else {
881                         for (i = 0; i < len; i++)
882                                 SIVAL(q, 4*i, data32s[i]);
883                 }
884         }
885
886         DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
887         if (charmode)
888                 print_asc(5, (unsigned char*)data32s, 4*len);
889         else {
890                 for (i = 0; i < len; i++)
891                         DEBUGADD(5,("%08x ", data32s[i]));
892         }
893         DEBUGADD(5,("\n"));
894
895         ps->data_offset += (len * sizeof(uint32));
896
897         return True;
898 }
899
900 /*******************************************************************
901  Stream a unicode  null-terminated string. As the string is already
902  in little-endian format then do it as a stream of bytes.
903  ********************************************************************/
904
905 bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
906 {
907         unsigned int len = 0;
908         unsigned char *p = (unsigned char *)str->buffer;
909         uint8 *start;
910         char *q;
911         uint32 max_len;
912         uint16* ptr;
913
914         if (MARSHALLING(ps)) {
915
916                 for(len = 0; str->buffer[len] != 0; len++)
917                         ;
918
919                 q = prs_mem_get(ps, (len+1)*2);
920                 if (q == NULL)
921                         return False;
922
923                 start = (uint8*)q;
924
925                 for(len = 0; str->buffer[len] != 0; len++) {
926                         if(ps->bigendian_data) {
927                                 /* swap bytes - p is little endian, q is big endian. */
928                                 q[0] = (char)p[1];
929                                 q[1] = (char)p[0];
930                                 p += 2;
931                                 q += 2;
932                         } 
933                         else 
934                         {
935                                 q[0] = (char)p[0];
936                                 q[1] = (char)p[1];
937                                 p += 2;
938                                 q += 2;
939                         }
940                 }
941
942                 /*
943                  * even if the string is 'empty' (only an \0 char)
944                  * at this point the leading \0 hasn't been parsed.
945                  * so parse it now
946                  */
947
948                 q[0] = 0;
949                 q[1] = 0;
950                 q += 2;
951
952                 len++;
953
954                 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
955                 print_asc(5, (unsigned char*)start, 2*len);     
956                 DEBUGADD(5, ("\n"));
957         }
958         else { /* unmarshalling */
959         
960                 uint32 alloc_len = 0;
961                 q = ps->data_p + prs_offset(ps);
962
963                 /*
964                  * Work out how much space we need and talloc it.
965                  */
966                 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
967
968                 /* the test of the value of *ptr helps to catch the circumstance
969                    where we have an emtpty (non-existent) string in the buffer */
970                 for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
971                         /* do nothing */ 
972                         ;
973
974                 if (alloc_len < max_len)
975                         alloc_len += 1;
976
977                 /* should we allocate anything at all? */
978                 str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
979                 if ((str->buffer == NULL) && (alloc_len > 0))
980                         return False;
981
982                 p = (unsigned char *)str->buffer;
983
984                 len = 0;
985                 /* the (len < alloc_len) test is to prevent us from overwriting
986                    memory that is not ours...if we get that far, we have a non-null
987                    terminated string in the buffer and have messed up somewhere */
988                 while ((len < alloc_len) && (*(uint16 *)q != 0)) {
989                         if(ps->bigendian_data) 
990                         {
991                                 /* swap bytes - q is big endian, p is little endian. */
992                                 p[0] = (unsigned char)q[1];
993                                 p[1] = (unsigned char)q[0];
994                                 p += 2;
995                                 q += 2;
996                         } else {
997
998                                 p[0] = (unsigned char)q[0];
999                                 p[1] = (unsigned char)q[1];
1000                                 p += 2;
1001                                 q += 2;
1002                         }
1003
1004                         len++;
1005                 } 
1006                 if (len < alloc_len) {
1007                         /* NULL terminate the UNISTR */
1008                         str->buffer[len++] = '\0';
1009                 }
1010
1011                 DEBUGADD(5,("%s%04x %s: ", tab_depth(5,depth), ps->data_offset, name));
1012                 print_asc(5, (unsigned char*)str->buffer, 2*len);       
1013                 DEBUGADD(5, ("\n"));
1014         }
1015
1016         /* set the offset in the prs_struct; 'len' points to the
1017            terminiating NULL in the UNISTR so we need to go one more
1018            uint16 */
1019         ps->data_offset += (len)*2;
1020         
1021         return True;
1022 }
1023
1024
1025 /*******************************************************************
1026  Stream a null-terminated string.  len is strlen, and therefore does
1027  not include the null-termination character.
1028  ********************************************************************/
1029
1030 bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
1031 {
1032         char *q;
1033         int i;
1034         int len;
1035
1036         if (UNMARSHALLING(ps))
1037                 len = strlen(&ps->data_p[ps->data_offset]);
1038         else
1039                 len = strlen(str);
1040
1041         len = MIN(len, (max_buf_size-1));
1042
1043         q = prs_mem_get(ps, len+1);
1044         if (q == NULL)
1045                 return False;
1046
1047         for(i = 0; i < len; i++) {
1048                 if (UNMARSHALLING(ps))
1049                         str[i] = q[i];
1050                 else
1051                         q[i] = str[i];
1052         }
1053
1054         /* The terminating null. */
1055         str[i] = '\0';
1056
1057         if (MARSHALLING(ps)) {
1058                 q[i] = '\0';
1059         }
1060
1061         ps->data_offset += len+1;
1062
1063         dump_data(5+depth, (uint8 *)q, len);
1064
1065         return True;
1066 }
1067
1068 /*******************************************************************
1069  Create a digest over the entire packet (including the data), and 
1070  MD5 it with the session key.
1071  ********************************************************************/
1072
1073 static void schannel_digest(struct schannel_auth_struct *a,
1074                           enum pipe_auth_level auth_level,
1075                           struct NL_AUTH_SIGNATURE *verf,
1076                           char *data, size_t data_len,
1077                           uchar digest_final[16]) 
1078 {
1079         uchar whole_packet_digest[16];
1080         uchar zeros[4];
1081         struct MD5Context ctx3;
1082         uint8_t sig[8];
1083
1084         ZERO_STRUCT(zeros);
1085         ZERO_STRUCT(sig);
1086
1087         SSVAL(sig,0,verf->SignatureAlgorithm);
1088         SSVAL(sig,2,verf->SealAlgorithm);
1089         SSVAL(sig,4,verf->Pad);
1090         SSVAL(sig,6,verf->Flags);
1091
1092         /* verfiy the signature on the packet by MD5 over various bits */
1093         MD5Init(&ctx3);
1094         /* use our sequence number, which ensures the packet is not
1095            out of order */
1096         MD5Update(&ctx3, zeros, sizeof(zeros));
1097         MD5Update(&ctx3, sig, 8);
1098         if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1099                 MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
1100         }
1101         MD5Update(&ctx3, (const unsigned char *)data, data_len);
1102         MD5Final(whole_packet_digest, &ctx3);
1103         dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
1104         
1105         /* MD5 this result and the session key, to prove that
1106            only a valid client could had produced this */
1107         hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
1108 }
1109
1110 /*******************************************************************
1111  Calculate the key with which to encode the data payload 
1112  ********************************************************************/
1113
1114 static void schannel_get_sealing_key(struct schannel_auth_struct *a,
1115                                    struct NL_AUTH_SIGNATURE *verf,
1116                                    uchar sealing_key[16]) 
1117 {
1118         uchar zeros[4];
1119         uchar digest2[16];
1120         uchar sess_kf0[16];
1121         int i;
1122
1123         ZERO_STRUCT(zeros);
1124
1125         for (i = 0; i < sizeof(sess_kf0); i++) {
1126                 sess_kf0[i] = a->sess_key[i] ^ 0xf0;
1127         }
1128         
1129         dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
1130         
1131         /* MD5 of sess_kf0 and 4 zero bytes */
1132         hmac_md5(sess_kf0, zeros, 0x4, digest2);
1133         dump_data_pw("digest2:\n", digest2, sizeof(digest2));
1134         
1135         /* MD5 of the above result, plus 8 bytes of sequence number */
1136         hmac_md5(digest2, verf->SequenceNumber, sizeof(verf->SequenceNumber), sealing_key);
1137         dump_data_pw("sealing_key:\n", sealing_key, 16);
1138 }
1139
1140 /*******************************************************************
1141  Encode or Decode the sequence number (which is symmetric)
1142  ********************************************************************/
1143
1144 static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
1145                                        struct NL_AUTH_SIGNATURE *verf)
1146 {
1147         uchar zeros[4];
1148         uchar sequence_key[16];
1149         uchar digest1[16];
1150
1151         ZERO_STRUCT(zeros);
1152
1153         hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
1154         dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
1155
1156         hmac_md5(digest1, verf->Checksum, 8, sequence_key);
1157
1158         dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
1159
1160         dump_data_pw("seq_num (before):\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
1161         arcfour_crypt(verf->SequenceNumber, sequence_key, 8);
1162         dump_data_pw("seq_num (after):\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
1163 }
1164
1165 /*******************************************************************
1166  Encode a blob of data using the schannel alogrithm, also produceing
1167  a checksum over the original data.  We currently only support
1168  signing and sealing togeather - the signing-only code is close, but not
1169  quite compatible with what MS does.
1170  ********************************************************************/
1171
1172 void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1173                    enum schannel_direction direction,
1174                    struct NL_AUTH_SIGNATURE *verf,
1175                    char *data, size_t data_len)
1176 {
1177         uchar digest_final[16];
1178         uchar confounder[8];
1179         uchar seq_num[8];
1180         static const uchar nullbytes[8] = { 0, };
1181
1182         DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1183         
1184         /* fill the 'confounder' with random data */
1185         generate_random_buffer(confounder, sizeof(confounder));
1186
1187         dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1188
1189         RSIVAL(seq_num, 0, a->seq_num);
1190
1191         switch (direction) {
1192         case SENDER_IS_INITIATOR:
1193                 SIVAL(seq_num, 4, 0x80);
1194                 break;
1195         case SENDER_IS_ACCEPTOR:
1196                 SIVAL(seq_num, 4, 0x0);
1197                 break;
1198         }
1199
1200         dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
1201
1202         if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1203                 verf->SealAlgorithm             = NL_SEAL_RC4;
1204         } else {
1205                 verf->SealAlgorithm             = NL_SEAL_NONE;
1206         }
1207
1208         verf->SignatureAlgorithm        = NL_SIGN_HMAC_MD5;
1209         verf->Pad                       = 0xffff;
1210         verf->Flags                     = 0x0000;
1211
1212         memcpy(verf->SequenceNumber, seq_num, sizeof(verf->SequenceNumber));
1213         memcpy(verf->Checksum, nullbytes, sizeof(verf->Checksum));
1214         memcpy(verf->Confounder, confounder, sizeof(verf->Confounder));
1215
1216         /* produce a digest of the packet to prove it's legit (before we seal it) */
1217         schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1218         memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
1219
1220         if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1221                 uchar sealing_key[16];
1222
1223                 /* get the key to encode the data with */
1224                 schannel_get_sealing_key(a, verf, sealing_key);
1225
1226                 /* encode the verification data */
1227                 dump_data_pw("verf->Confounder:\n", verf->Confounder, sizeof(verf->Confounder));
1228                 arcfour_crypt(verf->Confounder, sealing_key, 8);
1229
1230                 dump_data_pw("verf->Confounder_enc:\n", verf->Confounder, sizeof(verf->Confounder));
1231                 
1232                 /* encode the packet payload */
1233                 dump_data_pw("data:\n", (const unsigned char *)data, data_len);
1234                 arcfour_crypt((unsigned char *)data, sealing_key, data_len);
1235                 dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
1236         }
1237
1238         /* encode the sequence number (key based on packet digest) */
1239         /* needs to be done after the sealing, as the original version 
1240            is used in the sealing stuff... */
1241         schannel_deal_with_seq_num(a, verf);
1242
1243         return;
1244 }
1245
1246 /*******************************************************************
1247  Decode a blob of data using the schannel alogrithm, also verifiying
1248  a checksum over the original data.  We currently can verify signed messages,
1249  as well as decode sealed messages
1250  ********************************************************************/
1251
1252 bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
1253                    enum schannel_direction direction, 
1254                    struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
1255 {
1256         uchar digest_final[16];
1257
1258         static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
1259         static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
1260         const uchar *schannel_sig = NULL;
1261
1262         uchar seq_num[8];
1263
1264         DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1265         
1266         if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1267                 schannel_sig = schannel_seal_sig;
1268         } else {
1269                 schannel_sig = schannel_sign_sig;
1270         }
1271
1272         /* Create the expected sequence number for comparison */
1273         RSIVAL(seq_num, 0, a->seq_num);
1274
1275         switch (direction) {
1276         case SENDER_IS_INITIATOR:
1277                 SIVAL(seq_num, 4, 0x80);
1278                 break;
1279         case SENDER_IS_ACCEPTOR:
1280                 SIVAL(seq_num, 4, 0x0);
1281                 break;
1282         }
1283
1284         DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
1285         dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
1286
1287         dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
1288
1289         /* extract the sequence number (key based on supplied packet digest) */
1290         /* needs to be done before the sealing, as the original version 
1291            is used in the sealing stuff... */
1292         schannel_deal_with_seq_num(a, verf);
1293
1294         if (memcmp(verf->SequenceNumber, seq_num, sizeof(seq_num))) {
1295                 /* don't even bother with the below if the sequence number is out */
1296                 /* The sequence number is MD5'ed with a key based on the whole-packet
1297                    digest, as supplied by the client.  We check that it's a valid 
1298                    checksum after the decode, below
1299                 */
1300                 DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
1301                 dump_data(2, verf->SequenceNumber, sizeof(verf->SequenceNumber));
1302                 DEBUG(2, ("should be:\n"));
1303                 dump_data(2, seq_num, sizeof(seq_num));
1304
1305                 return False;
1306         }
1307
1308         if (memcmp(&verf->SignatureAlgorithm, &schannel_sig[0], 2) ||
1309             memcmp(&verf->SealAlgorithm, &schannel_sig[2], 2) ||
1310             memcmp(&verf->Pad, &schannel_sig[4], 2) ||
1311             memcmp(&verf->Flags, &schannel_sig[6], 2)) {
1312                 /* Validate that the other end sent the expected header */
1313                 DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
1314                 dump_data(2, (const uint8_t *)verf, sizeof(schannel_sig));
1315                 DEBUG(2, ("should be:\n"));
1316                 dump_data(2, schannel_sig, sizeof(schannel_sig));
1317                 return False;
1318         }
1319
1320         if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
1321                 uchar sealing_key[16];
1322                 
1323                 /* get the key to extract the data with */
1324                 schannel_get_sealing_key(a, verf, sealing_key);
1325
1326                 /* extract the verification data */
1327                 dump_data_pw("verf->Confounder:\n", verf->Confounder,
1328                              sizeof(verf->Confounder));
1329                 arcfour_crypt(verf->Confounder, sealing_key, 8);
1330
1331                 dump_data_pw("verf->Confounder_dec:\n", verf->Confounder,
1332                              sizeof(verf->Confounder));
1333                 
1334                 /* extract the packet payload */
1335                 dump_data_pw("data   :\n", (const unsigned char *)data, data_len);
1336                 arcfour_crypt((unsigned char *)data, sealing_key, data_len);
1337                 dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);      
1338         }
1339
1340         /* digest includes 'data' after unsealing */
1341         schannel_digest(a, auth_level, verf, data, data_len, digest_final);
1342
1343         dump_data_pw("Calculated digest:\n", digest_final, 
1344                      sizeof(digest_final));
1345         dump_data_pw("verf->Checksum:\n", verf->Checksum,
1346                      sizeof(verf->Checksum));
1347         
1348         /* compare - if the client got the same result as us, then
1349            it must know the session key */
1350         return (memcmp(digest_final, verf->Checksum,
1351                        sizeof(verf->Checksum)) == 0);
1352 }
1353
1354 /*******************************************************************
1355 creates a new prs_struct containing a DATA_BLOB
1356 ********************************************************************/
1357 bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1358 {
1359         if (!prs_init( prs, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL ))
1360                 return False;
1361
1362
1363         if (!prs_copy_data_in(prs, (char *)blob->data, blob->length))
1364                 return False;
1365
1366         return True;
1367 }
1368
1369 /*******************************************************************
1370 return the contents of a prs_struct in a DATA_BLOB
1371 ********************************************************************/
1372 bool prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
1373 {
1374         blob->length = prs_data_size(prs);
1375         blob->data = (uint8 *)TALLOC_ZERO_SIZE(mem_ctx, blob->length);
1376         
1377         /* set the pointer at the end of the buffer */
1378         prs_set_offset( prs, prs_data_size(prs) );
1379
1380         if (!prs_copy_all_data_out((char *)blob->data, prs))
1381                 return False;
1382         
1383         return True;
1384 }