2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 interface/version dce/rpc pipe identification
31 ********************************************************************/
33 #define TRANS_SYNT_V2 \
36 0x8a885d04, 0x1ceb, 0x11c9, \
39 0x2b, 0x10, 0x48, 0x60 } \
43 #define SYNT_NETLOGON_V2 \
46 0x8a885d04, 0x1ceb, 0x11c9, \
49 0x2b, 0x10, 0x48, 0x60 } \
53 #define SYNT_WKSSVC_V1 \
56 0x6bffd098, 0xa112, 0x3610, \
59 0xf8, 0x7e, 0x34, 0x5a } \
63 #define SYNT_SRVSVC_V3 \
66 0x4b324fc8, 0x1670, 0x01d3, \
69 0xbf, 0x6e, 0xe1, 0x88 } \
73 #define SYNT_LSARPC_V0 \
76 0x12345778, 0x1234, 0xabcd, \
79 0x45, 0x67, 0x89, 0xab } \
83 #define SYNT_LSARPC_V0_DS \
86 0x3919286a, 0xb10c, 0x11d0, \
89 0x4f, 0xd9, 0x2e, 0xf5 } \
93 #define SYNT_SAMR_V1 \
96 0x12345778, 0x1234, 0xabcd, \
99 0x45, 0x67, 0x89, 0xac } \
103 #define SYNT_NETLOGON_V1 \
106 0x12345678, 0x1234, 0xabcd, \
109 0x45, 0x67, 0xcf, 0xfb } \
113 #define SYNT_WINREG_V1 \
116 0x338cd001, 0x2244, 0x31f1, \
119 0x38, 0x00, 0x10, 0x03 } \
123 #define SYNT_SPOOLSS_V1 \
126 0x12345678, 0x1234, 0xabcd, \
129 0x45, 0x67, 0x89, 0xab } \
133 #define SYNT_NONE_V0 \
139 0x00, 0x00, 0x00, 0x00 } \
143 #define SYNT_NETDFS_V3 \
146 0x4fc742e0, 0x4a10, 0x11cf, \
149 0x00, 0x4a, 0xe6, 0x73 } \
153 #define SYNT_ECHO_V1 \
156 0x60a15ec5, 0x4de8, 0x11d7, \
159 0x56, 0xa2, 0x01, 0x82 } \
163 #define SYNT_SHUTDOWN_V1 \
166 0x894de0c0, 0x0d55, 0x11d3, \
169 0x4f, 0xa3, 0x21, 0xa1 } \
173 #define SYNT_SVCCTL_V2 \
176 0x367abb81, 0x9844, 0x35f1, \
179 0x38, 0x00, 0x10, 0x03 } \
184 #define SYNT_EVENTLOG_V0 \
187 0x82273fdc, 0xe32a, 0x18c3, \
190 0x29, 0xdc, 0x23, 0xea } \
194 #define SYNT_NTSVCS_V1 \
197 0x8d9f4e40, 0xa03d, 0x11ce, \
200 0x3e, 0x30, 0x05, 0x1b } \
205 * IMPORTANT!! If you update this structure, make sure to
206 * update the index #defines in smb.h.
209 const struct pipe_id_info pipe_names [] =
211 /* client pipe , abstract syntax , server pipe , transfer syntax */
212 { PIPE_LSARPC , SYNT_LSARPC_V0 , PIPE_LSASS , TRANS_SYNT_V2 },
213 { PIPE_LSARPC , SYNT_LSARPC_V0_DS , PIPE_LSASS , TRANS_SYNT_V2 },
214 { PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
215 { PIPE_NETLOGON, SYNT_NETLOGON_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
216 { PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
217 { PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
218 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
219 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
220 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
221 { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 },
222 { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 },
223 { PIPE_SVCCTL , SYNT_SVCCTL_V2 , PIPE_NTSVCS , TRANS_SYNT_V2 },
224 { PIPE_EVENTLOG, SYNT_EVENTLOG_V0 , PIPE_EVENTLOG , TRANS_SYNT_V2 },
225 { PIPE_NTSVCS , SYNT_NTSVCS_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
226 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
229 /****************************************************************************
230 Return the pipe name from the index.
231 ****************************************************************************/
233 const char *cli_get_pipe_name(int pipe_idx)
235 return &pipe_names[pipe_idx].client_pipe[5];
238 /*******************************************************************
239 Inits an RPC_HDR structure.
240 ********************************************************************/
242 void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
243 uint32 call_id, int data_len, int auth_len)
245 hdr->major = 5; /* RPC version 5 */
246 hdr->minor = 0; /* minor version 0 */
247 hdr->pkt_type = pkt_type; /* RPC packet type */
248 hdr->flags = flags; /* dce/rpc flags */
249 hdr->pack_type[0] = 0x10; /* little-endian data representation */
250 hdr->pack_type[1] = 0; /* packed data representation */
251 hdr->pack_type[2] = 0; /* packed data representation */
252 hdr->pack_type[3] = 0; /* packed data representation */
253 hdr->frag_len = data_len; /* fragment length, fill in later */
254 hdr->auth_len = auth_len; /* authentication length */
255 hdr->call_id = call_id; /* call identifier - match incoming RPC */
258 /*******************************************************************
259 Reads or writes an RPC_HDR structure.
260 ********************************************************************/
262 BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
267 prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
270 if(!prs_uint8 ("major ", ps, depth, &rpc->major))
273 if(!prs_uint8 ("minor ", ps, depth, &rpc->minor))
275 if(!prs_uint8 ("pkt_type ", ps, depth, &rpc->pkt_type))
277 if(!prs_uint8 ("flags ", ps, depth, &rpc->flags))
280 /* We always marshall in little endian format. */
282 rpc->pack_type[0] = 0x10;
284 if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
286 if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
288 if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
290 if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
294 * If reading and pack_type[0] == 0 then the data is in big-endian
295 * format. Set the flag in the prs_struct to specify reverse-endainness.
298 if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
299 DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
300 prs_set_endian_data(ps, RPC_BIG_ENDIAN);
303 if(!prs_uint16("frag_len ", ps, depth, &rpc->frag_len))
305 if(!prs_uint16("auth_len ", ps, depth, &rpc->auth_len))
307 if(!prs_uint32("call_id ", ps, depth, &rpc->call_id))
312 /*******************************************************************
313 Reads or writes an RPC_IFACE structure.
314 ********************************************************************/
316 static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
321 prs_debug(ps, depth, desc, "smb_io_rpc_iface");
327 if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
330 if(!prs_uint32 ("version", ps, depth, &ifc->version))
336 /*******************************************************************
337 Inits an RPC_ADDR_STR structure.
338 ********************************************************************/
340 static void init_rpc_addr_str(RPC_ADDR_STR *str, const char *name)
342 str->len = strlen(name) + 1;
343 fstrcpy(str->str, name);
346 /*******************************************************************
347 Reads or writes an RPC_ADDR_STR structure.
348 ********************************************************************/
350 static BOOL smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
355 prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
360 if(!prs_uint16 ( "len", ps, depth, &str->len))
362 if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
367 /*******************************************************************
368 Inits an RPC_HDR_BBA structure.
369 ********************************************************************/
371 static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
373 bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
374 bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */
375 bba->assoc_gid = assoc_gid; /* associated group id (0x0) */
378 /*******************************************************************
379 Reads or writes an RPC_HDR_BBA structure.
380 ********************************************************************/
382 static BOOL smb_io_rpc_hdr_bba(const char *desc, RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
387 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
390 if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
392 if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
394 if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
399 /*******************************************************************
400 Inits an RPC_CONTEXT structure.
401 Note the transfer pointer must remain valid until this is marshalled.
402 ********************************************************************/
404 void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id, RPC_IFACE *abstract, RPC_IFACE *transfer)
406 rpc_ctx->context_id = context_id ; /* presentation context identifier (0x0) */
407 rpc_ctx->num_transfer_syntaxes = 1 ; /* the number of syntaxes (has always been 1?)(0x1) */
409 /* num and vers. of interface client is using */
410 rpc_ctx->abstract = *abstract;
412 /* vers. of interface to use for replies */
413 rpc_ctx->transfer = transfer;
416 /*******************************************************************
417 Inits an RPC_HDR_RB structure.
418 Note the context pointer must remain valid until this is marshalled.
419 ********************************************************************/
421 void init_rpc_hdr_rb(RPC_HDR_RB *rpc,
422 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
423 RPC_CONTEXT *context)
425 init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
427 rpc->num_contexts = 1;
428 rpc->rpc_context = context;
431 /*******************************************************************
432 Reads or writes an RPC_CONTEXT structure.
433 ********************************************************************/
435 BOOL smb_io_rpc_context(const char *desc, RPC_CONTEXT *rpc_ctx, prs_struct *ps, int depth)
444 if(!prs_uint16("context_id ", ps, depth, &rpc_ctx->context_id ))
446 if(!prs_uint8 ("num_transfer_syntaxes", ps, depth, &rpc_ctx->num_transfer_syntaxes))
449 /* num_transfer_syntaxes must not be zero. */
450 if (rpc_ctx->num_transfer_syntaxes == 0)
453 if(!smb_io_rpc_iface("", &rpc_ctx->abstract, ps, depth))
456 if (UNMARSHALLING(ps)) {
457 if (!(rpc_ctx->transfer = PRS_ALLOC_MEM(ps, RPC_IFACE, rpc_ctx->num_transfer_syntaxes))) {
462 for (i = 0; i < rpc_ctx->num_transfer_syntaxes; i++ ) {
463 if (!smb_io_rpc_iface("", &rpc_ctx->transfer[i], ps, depth))
469 /*******************************************************************
470 Reads or writes an RPC_HDR_RB structure.
471 ********************************************************************/
473 BOOL smb_io_rpc_hdr_rb(const char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
480 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
483 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
486 if(!prs_uint8("num_contexts", ps, depth, &rpc->num_contexts))
489 /* 3 pad bytes following - will be mopped up by the prs_align in smb_io_rpc_context(). */
491 /* num_contexts must not be zero. */
492 if (rpc->num_contexts == 0)
495 if (UNMARSHALLING(ps)) {
496 if (!(rpc->rpc_context = PRS_ALLOC_MEM(ps, RPC_CONTEXT, rpc->num_contexts))) {
501 for (i = 0; i < rpc->num_contexts; i++ ) {
502 if (!smb_io_rpc_context("", &rpc->rpc_context[i], ps, depth))
509 /*******************************************************************
510 Inits an RPC_RESULTS structure.
512 lkclXXXX only one reason at the moment!
513 ********************************************************************/
515 static void init_rpc_results(RPC_RESULTS *res,
516 uint8 num_results, uint16 result, uint16 reason)
518 res->num_results = num_results; /* the number of results (0x01) */
519 res->result = result ; /* result (0x00 = accept) */
520 res->reason = reason ; /* reason (0x00 = no reason specified) */
523 /*******************************************************************
524 Reads or writes an RPC_RESULTS structure.
526 lkclXXXX only one reason at the moment!
527 ********************************************************************/
529 static BOOL smb_io_rpc_results(const char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
534 prs_debug(ps, depth, desc, "smb_io_rpc_results");
540 if(!prs_uint8 ("num_results", ps, depth, &res->num_results))
546 if(!prs_uint16("result ", ps, depth, &res->result))
548 if(!prs_uint16("reason ", ps, depth, &res->reason))
553 /*******************************************************************
554 Init an RPC_HDR_BA structure.
556 lkclXXXX only one reason at the moment!
558 ********************************************************************/
560 void init_rpc_hdr_ba(RPC_HDR_BA *rpc,
561 uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
562 const char *pipe_addr,
563 uint8 num_results, uint16 result, uint16 reason,
566 init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
567 init_rpc_addr_str(&rpc->addr, pipe_addr);
568 init_rpc_results (&rpc->res, num_results, result, reason);
570 /* the transfer syntax from the request */
571 memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
574 /*******************************************************************
575 Reads or writes an RPC_HDR_BA structure.
576 ********************************************************************/
578 BOOL smb_io_rpc_hdr_ba(const char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
583 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
586 if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
588 if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
590 if(!smb_io_rpc_results("", &rpc->res, ps, depth))
592 if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
597 /*******************************************************************
598 Init an RPC_HDR_REQ structure.
599 ********************************************************************/
601 void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
603 hdr->alloc_hint = alloc_hint; /* allocation hint */
604 hdr->context_id = 0; /* presentation context identifier */
605 hdr->opnum = opnum; /* opnum */
608 /*******************************************************************
609 Reads or writes an RPC_HDR_REQ structure.
610 ********************************************************************/
612 BOOL smb_io_rpc_hdr_req(const char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
617 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
620 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
622 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
624 if(!prs_uint16("opnum ", ps, depth, &rpc->opnum))
629 /*******************************************************************
630 Reads or writes an RPC_HDR_RESP structure.
631 ********************************************************************/
633 BOOL smb_io_rpc_hdr_resp(const char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
638 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
641 if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
643 if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
645 if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
647 if(!prs_uint8 ("reserved ", ps, depth, &rpc->reserved))
652 /*******************************************************************
653 Reads or writes an RPC_HDR_FAULT structure.
654 ********************************************************************/
656 BOOL smb_io_rpc_hdr_fault(const char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
661 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
664 if(!prs_ntstatus("status ", ps, depth, &rpc->status))
666 if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
672 /*******************************************************************
673 Inits an RPC_HDR_AUTH structure.
674 ********************************************************************/
676 void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
677 uint8 auth_type, uint8 auth_level,
679 uint32 auth_context_id)
681 rai->auth_type = auth_type;
682 rai->auth_level = auth_level;
683 rai->auth_pad_len = auth_pad_len;
684 rai->auth_reserved = 0;
685 rai->auth_context_id = auth_context_id;
688 /*******************************************************************
689 Reads or writes an RPC_HDR_AUTH structure.
690 ********************************************************************/
692 BOOL smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
697 prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
703 if(!prs_uint8 ("auth_type ", ps, depth, &rai->auth_type))
705 if(!prs_uint8 ("auth_level ", ps, depth, &rai->auth_level))
707 if(!prs_uint8 ("auth_pad_len ", ps, depth, &rai->auth_pad_len))
709 if(!prs_uint8 ("auth_reserved", ps, depth, &rai->auth_reserved))
711 if(!prs_uint32("auth_context_id", ps, depth, &rai->auth_context_id))
717 /*******************************************************************
718 Checks an RPC_AUTH_VERIFIER structure.
719 ********************************************************************/
721 BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
722 const char *signature, uint32 msg_type)
724 return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
727 /*******************************************************************
728 Inits an RPC_AUTH_VERIFIER structure.
729 ********************************************************************/
731 void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
732 const char *signature, uint32 msg_type)
734 fstrcpy(rav->signature, signature); /* "NTLMSSP" */
735 rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
738 /*******************************************************************
739 Reads or writes an RPC_AUTH_VERIFIER structure.
740 ********************************************************************/
742 BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
747 prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
751 if(!prs_string("signature", ps, depth, rav->signature,
752 sizeof(rav->signature)))
754 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
760 /*******************************************************************
761 This parses an RPC_AUTH_VERIFIER for schannel. I think
762 ********************************************************************/
764 BOOL smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
769 prs_debug(ps, depth, desc, "smb_io_rpc_schannel_verifier");
772 if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
774 if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
780 /*******************************************************************
781 creates an RPC_AUTH_SCHANNEL_NEG structure.
782 ********************************************************************/
784 void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg,
785 const char *domain, const char *myname)
789 fstrcpy(neg->domain, domain);
790 fstrcpy(neg->myname, myname);
793 /*******************************************************************
794 Reads or writes an RPC_AUTH_SCHANNEL_NEG structure.
795 ********************************************************************/
797 BOOL smb_io_rpc_auth_schannel_neg(const char *desc, RPC_AUTH_SCHANNEL_NEG *neg,
798 prs_struct *ps, int depth)
803 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_neg");
809 if(!prs_uint32("type1", ps, depth, &neg->type1))
811 if(!prs_uint32("type2", ps, depth, &neg->type2))
813 if(!prs_string("domain ", ps, depth, neg->domain, sizeof(neg->domain)))
815 if(!prs_string("myname ", ps, depth, neg->myname, sizeof(neg->myname)))
821 /*******************************************************************
822 reads or writes an RPC_AUTH_SCHANNEL_CHK structure.
823 ********************************************************************/
825 BOOL smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
826 RPC_AUTH_SCHANNEL_CHK * chk,
827 prs_struct *ps, int depth)
832 prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_chk");
835 if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
838 if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
841 if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
844 if ( auth_len == RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ) {
845 if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )