2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_RPC_PARSE
28 /*******************************************************************
29 interface/version dce/rpc pipe identification
30 ********************************************************************/
32 const struct ndr_syntax_id syntax_spoolss = {
34 0x12345678, 0x1234, 0xabcd,
37 0x45, 0x67, 0x89, 0xab }
42 * IMPORTANT!! If you update this structure, make sure to
43 * update the index #defines in smb.h.
46 const struct pipe_id_info pipe_names [] =
48 { PIPE_LSARPC , &ndr_table_lsarpc.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
49 { PIPE_LSARPC , &ndr_table_dssetup.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
50 { PIPE_SAMR , &ndr_table_samr.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
51 { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id, PIPE_LSASS , &ndr_transfer_syntax },
52 { PIPE_SRVSVC , &ndr_table_srvsvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
53 { PIPE_WKSSVC , &ndr_table_wkssvc.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
54 { PIPE_WINREG , &ndr_table_winreg.syntax_id, PIPE_WINREG , &ndr_transfer_syntax },
55 { PIPE_SPOOLSS , &syntax_spoolss , PIPE_SPOOLSS , &ndr_transfer_syntax },
56 { PIPE_NETDFS , &ndr_table_netdfs.syntax_id, PIPE_NETDFS , &ndr_transfer_syntax },
57 { PIPE_ECHO , &ndr_table_rpcecho.syntax_id, PIPE_ECHO , &ndr_transfer_syntax },
58 { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id, PIPE_SHUTDOWN , &ndr_transfer_syntax },
59 { PIPE_SVCCTL , &ndr_table_svcctl.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
60 { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id, PIPE_EVENTLOG , &ndr_transfer_syntax },
61 { PIPE_NTSVCS , &ndr_table_ntsvcs.syntax_id, PIPE_NTSVCS , &ndr_transfer_syntax },
62 { NULL , NULL , NULL , NULL }
65 /****************************************************************************
66 Return the pipe name from the index.
67 ****************************************************************************/
69 const char *cli_get_pipe_name(int pipe_idx)
71 return &pipe_names[pipe_idx].client_pipe[5];
74 /****************************************************************************
75 Return the pipe idx from the syntax.
76 ****************************************************************************/
77 int cli_get_pipe_idx(const RPC_IFACE *syntax)
80 for (i = 0; pipe_names[i].client_pipe; i++) {
81 if (GUID_equal(&pipe_names[i].abstr_syntax->uuid, &syntax->uuid) &&
82 pipe_names[i].abstr_syntax->if_version == syntax->if_version)
89 /*******************************************************************
90 Inits an RPC_HDR structure.
91 ********************************************************************/
93 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
94 uint32 call_id, int data_len, int auth_len)
96 hdr->major = 5; /* RPC version 5 */
97 hdr->minor = 0; /* minor version 0 */
98 hdr->pkt_type = pkt_type; /* RPC packet type */
99 hdr->flags = flags; /* dce/rpc flags */
100 hdr->pack_type[0] = 0x10; /* little-endian data representation */
101 hdr->pack_type[1] = 0; /* packed data representation */
102 hdr->pack_type[2] = 0; /* packed data representation */
103 hdr->pack_type[3] = 0; /* packed data representation */
104 hdr->frag_len = data_len; /* fragment length, fill in later */
105 hdr->auth_len = auth_len; /* authentication length */
106 hdr->call_id = call_id; /* call identifier - match incoming RPC */
109 /*******************************************************************
110 Reads or writes an RPC_HDR structure.
111 ********************************************************************/
113 bool smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
118 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
121 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
124 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
126 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
128 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
131 /* We always marshall in little endian format. */
133 rpc->pack_type[0] = 0x10;
135 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
137 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
139 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
141 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
145 * If reading and pack_type[0] == 0 then the data is in big-endian
146 * format. Set the flag in the prs_struct to specify reverse-endainness.
149 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
150 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
151 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
154 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
156 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
158 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
163 /*******************************************************************
164 Reads or writes an RPC_IFACE structure.
165 ********************************************************************/
167 static bool smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
172 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
178 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
181 if(!prs_uint32 ("version", ps, depth, &ifc->if_version))
187 /*******************************************************************
188 Inits an RPC_ADDR_STR structure.
189 ********************************************************************/
191 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
193 str->len = strlen(name) + 1;
194 fstrcpy(str->str, name);
197 /*******************************************************************
198 Reads or writes an RPC_ADDR_STR structure.
199 ********************************************************************/
201 static bool smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
206 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
211 if(!prs_uint16 ( "len", ps, depth, &str->len))
213 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
218 /*******************************************************************
219 Inits an RPC_HDR_BBA structure.
220 ********************************************************************/
222 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
224 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
225 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
226 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
229 /*******************************************************************
230 Reads or writes an RPC_HDR_BBA structure.
231 ********************************************************************/
233 static bool smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
238 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
241 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
243 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
245 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
250 /*******************************************************************
251 Inits an RPC_CONTEXT structure.
252 Note the transfer pointer must remain valid until this is marshalled.
253 ********************************************************************/
255 void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id, RPC_IFACE *abstract, RPC_IFACE *transfer)
257 rpc_ctx->context_id = context_id ; /* presentation context identifier (0x0) */
258 rpc_ctx->num_transfer_syntaxes = 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
260 /* num and vers. of interface client is using */
261 rpc_ctx->abstract = *abstract;
263 /* vers. of interface to use for replies */
264 rpc_ctx->transfer = transfer;
267 /*******************************************************************
268 Inits an RPC_HDR_RB structure.
269 Note the context pointer must remain valid until this is marshalled.
270 ********************************************************************/
272 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
273 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
274 RPC_CONTEXT *context)
276 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
278 rpc->num_contexts = 1;
279 rpc->rpc_context = context;
282 /*******************************************************************
283 Reads or writes an RPC_CONTEXT structure.
284 ********************************************************************/
286 bool smb_io_rpc_context(const char *desc, RPC_CONTEXT *rpc_ctx, prs_struct *ps, int depth)
295 if(!prs_uint16("context_id ", ps, depth, &rpc_ctx->context_id ))
297 if(!prs_uint8 ("num_transfer_syntaxes", ps, depth, &rpc_ctx->num_transfer_syntaxes))
300 /* num_transfer_syntaxes must not be zero. */
301 if (rpc_ctx->num_transfer_syntaxes == 0)
304 if(!smb_io_rpc_iface("", &rpc_ctx->abstract, ps, depth))
307 if (UNMARSHALLING(ps)) {
308 if (!(rpc_ctx->transfer = PRS_ALLOC_MEM(ps, RPC_IFACE, rpc_ctx->num_transfer_syntaxes))) {
313 for (i = 0; i < rpc_ctx->num_transfer_syntaxes; i++ ) {
314 if (!smb_io_rpc_iface("", &rpc_ctx->transfer[i], ps, depth))
320 /*******************************************************************
321 Reads or writes an RPC_HDR_RB structure.
322 ********************************************************************/
324 bool smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
331 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
334 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
337 if(!prs_uint8("num_contexts", ps, depth, &rpc->num_contexts))
340 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
342 /* num_contexts must not be zero. */
343 if (rpc->num_contexts == 0)
346 if (UNMARSHALLING(ps)) {
347 if (!(rpc->rpc_context = PRS_ALLOC_MEM(ps, RPC_CONTEXT, rpc->num_contexts))) {
352 for (i = 0; i < rpc->num_contexts; i++ ) {
353 if (!smb_io_rpc_context("", &rpc->rpc_context[i], ps, depth))
360 /*******************************************************************
361 Inits an RPC_RESULTS structure.
363 lkclXXXX only one reason at the moment!
364 ********************************************************************/
366 static void init_rpc_results(RPC_RESULTS *res,
367 uint8 num_results, uint16 result, uint16 reason)
369 res->num_results = num_results; /* the number of results (0x01) */
370 res->result = result ; /* result (0x00 = accept) */
371 res->reason = reason ; /* reason (0x00 = no reason specified) */
374 /*******************************************************************
375 Reads or writes an RPC_RESULTS structure.
377 lkclXXXX only one reason at the moment!
378 ********************************************************************/
380 static bool smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
385 prs_debug(ps, depth, desc, "smb_io_rpc_results");
391 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
397 if(!prs_uint16("result ", ps, depth, &res->result))
399 if(!prs_uint16("reason ", ps, depth, &res->reason))
404 /*******************************************************************
405 Init an RPC_HDR_BA structure.
407 lkclXXXX only one reason at the moment!
409 ********************************************************************/
411 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
412 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
413 const char *pipe_addr,
414 uint8 num_results, uint16 result, uint16 reason,
417 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
418 init_rpc_addr_str(&rpc->addr, pipe_addr);
419 init_rpc_results (&rpc->res, num_results, result, reason);
421 /* the transfer syntax from the request */
422 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
425 /*******************************************************************
426 Reads or writes an RPC_HDR_BA structure.
427 ********************************************************************/
429 bool smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
434 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
437 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
439 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
441 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
443 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
448 /*******************************************************************
449 Init an RPC_HDR_REQ structure.
450 ********************************************************************/
452 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
454 hdr->alloc_hint = alloc_hint; /* allocation hint */
455 hdr->context_id = 0; /* presentation context identifier */
456 hdr->opnum = opnum; /* opnum */
459 /*******************************************************************
460 Reads or writes an RPC_HDR_REQ structure.
461 ********************************************************************/
463 bool smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
468 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
471 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
473 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
475 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
480 /*******************************************************************
481 Reads or writes an RPC_HDR_RESP structure.
482 ********************************************************************/
484 bool smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
489 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
492 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
494 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
496 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
498 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
503 /*******************************************************************
504 Reads or writes an RPC_HDR_FAULT structure.
505 ********************************************************************/
507 bool smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
512 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
515 if(!prs_dcerpc_status("status ", ps, depth, &rpc->status))
517 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
523 /*******************************************************************
524 Inits an RPC_HDR_AUTH structure.
525 ********************************************************************/
527 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
528 uint8 auth_type, uint8 auth_level,
530 uint32 auth_context_id)
532 rai->auth_type = auth_type;
533 rai->auth_level = auth_level;
534 rai->auth_pad_len = auth_pad_len;
535 rai->auth_reserved = 0;
536 rai->auth_context_id = auth_context_id;
539 /*******************************************************************
540 Reads or writes an RPC_HDR_AUTH structure.
541 ********************************************************************/
543 bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
548 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
554 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type))
556 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level))
558 if(!prs_uint8 ("auth_pad_len ", ps, depth, &rai->auth_pad_len))
560 if(!prs_uint8 ("auth_reserved", ps, depth, &rai->auth_reserved))
562 if(!prs_uint32("auth_context_id", ps, depth, &rai->auth_context_id))
568 /*******************************************************************
569 Checks an RPC_AUTH_VERIFIER structure.
570 ********************************************************************/
572 bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
573 const char *signature, uint32 msg_type)
575 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
578 /*******************************************************************
579 Inits an RPC_AUTH_VERIFIER structure.
580 ********************************************************************/
582 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
583 const char *signature, uint32 msg_type)
585 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
586 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
589 /*******************************************************************
590 Reads or writes an RPC_AUTH_VERIFIER structure.
591 ********************************************************************/
593 bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
598 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
602 if(!prs_string("signature", ps, depth, rav->signature,
603 sizeof(rav->signature)))
605 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
611 /*******************************************************************
612 This parses an RPC_AUTH_VERIFIER for schannel. I think
613 ********************************************************************/
615 bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
620 prs_debug(ps, depth, desc, "smb_io_rpc_schannel_verifier");
623 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
625 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
631 /*******************************************************************
632 creates an RPC_AUTH_SCHANNEL_NEG structure.
633 ********************************************************************/
635 void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
636 const char *domain, const char *myname)
640 fstrcpy(neg->domain, domain);
641 fstrcpy(neg->myname, myname);
644 /*******************************************************************
645 Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
646 ********************************************************************/
648 bool smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
649 prs_struct *ps, int depth)
654 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_neg");
660 if(!prs_uint32("type1", ps, depth, &neg->type1))
662 if(!prs_uint32("type2", ps, depth, &neg->type2))
664 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
666 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
672 /*******************************************************************
673 reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
674 ********************************************************************/
676 bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
677 RPC_AUTH_SCHANNEL_CHK * chk,
678 prs_struct *ps, int depth)
683 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_chk");
686 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
689 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
692 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
695 if ( auth_len == RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ) {
696 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )