Context Navigation

source: branches/samba-3.0/source/include/rpc_dce.h

Visit:

Last change on this file was 165, checked in by Paul Smedley, 16 years ago
Add 'missing' 3.0.34 diffs
File size: 10.2 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	SMB parameters and setup
4	Copyright (C) Andrew Tridgell 1992-1997
5	Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6	Copyright (C) Paul Ashton 1997
7
8	This program is free software; you can redistribute it and/or modify
9	it under the terms of the GNU General Public License as published by
10	the Free Software Foundation; either version 2 of the License, or
11	(at your option) any later version.
12
13	This program is distributed in the hope that it will be useful,
14	but WITHOUT ANY WARRANTY; without even the implied warranty of
15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	GNU General Public License for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with this program; if not, write to the Free Software
20	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21	*/
22
23	#ifndef _DCE_RPC_H /* _DCE_RPC_H */
24	#define _DCE_RPC_H
25
26	/* DCE/RPC packet types */
27
28	enum RPC_PKT_TYPE {
29	RPC_REQUEST = 0x00, /* Ordinary request. */
30	RPC_PING = 0x01, /* Connectionless is server alive ? */
31	RPC_RESPONSE = 0x02, /* Ordinary reply. */
32	RPC_FAULT = 0x03, /* Fault in processing of call. */
33	RPC_WORKING = 0x04, /* Connectionless reply to a ping when server busy. */
34	RPC_NOCALL = 0x05, /* Connectionless reply to a ping when server has lost part of clients call. */
35	RPC_REJECT = 0x06, /* Refuse a request with a code. */
36	RPC_ACK = 0x07, /* Connectionless client to server code. */
37	RPC_CL_CANCEL= 0x08, /* Connectionless cancel. */
38	RPC_FACK = 0x09, /* Connectionless fragment ack. Both client and server send. */
39	RPC_CANCEL_ACK = 0x0A, /* Server ACK to client cancel request. */
40	RPC_BIND = 0x0B, /* Bind to interface. */
41	RPC_BINDACK = 0x0C, /* Server ack of bind. */
42	RPC_BINDNACK = 0x0D, /* Server nack of bind. */
43	RPC_ALTCONT = 0x0E, /* Alter auth. */
44	RPC_ALTCONTRESP = 0x0F, /* Reply to alter auth. */
45	RPC_AUTH3 = 0x10, /* not the real name! this is undocumented! */
46	RPC_SHUTDOWN = 0x11, /* Server to client request to shutdown. */
47	RPC_CO_CANCEL= 0x12, /* Connection-oriented cancel request. */
48	RPC_ORPHANED = 0x13 /* Client telling server it's aborting a partially sent request or telling
49	server to stop sending replies. */
50	};
51
52	/* DCE/RPC flags */
53	#define RPC_FLG_FIRST 0x01
54	#define RPC_FLG_LAST 0x02
55	#define RPC_FLG_NOCALL 0x20
56
57
58	#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN\|NEG_NTLM\|NEG_LM\|NEG_SEAL\|NEG_SIGN\|NEG_UNICODE */
59
60	/* NTLMSSP signature version */
61	#define NTLMSSP_SIGN_VERSION 0x01
62
63	/* DCE RPC auth types - extended by Microsoft. */
64	#define RPC_ANONYMOUS_AUTH_TYPE 0
65	#define RPC_AUTH_TYPE_KRB5_1 1
66	#define RPC_SPNEGO_AUTH_TYPE 9
67	#define RPC_NTLMSSP_AUTH_TYPE 10
68	#define RPC_KRB5_AUTH_TYPE 16 /* Not yet implemented. */
69	#define RPC_SCHANNEL_AUTH_TYPE 68 /* 0x44 */
70
71	/* DCE-RPC standard identifiers to indicate
72	signing or sealing of an RPC pipe */
73	#define RPC_AUTH_LEVEL_NONE 1
74	#define RPC_AUTH_LEVEL_CONNECT 2
75	#define RPC_AUTH_LEVEL_CALL 3
76	#define RPC_AUTH_LEVEL_PACKET 4
77	#define RPC_AUTH_LEVEL_INTEGRITY 5
78	#define RPC_AUTH_LEVEL_PRIVACY 6
79
80	#if 0
81	#define RPC_PIPE_AUTH_SIGN_LEVEL 0x5
82	#define RPC_PIPE_AUTH_SEAL_LEVEL 0x6
83	#endif
84
85	#define DCERPC_FAULT_OP_RNG_ERROR 0x1c010002
86	#define DCERPC_FAULT_UNK_IF 0x1c010003
87	#define DCERPC_FAULT_INVALID_TAG 0x1c000006
88	#define DCERPC_FAULT_CONTEXT_MISMATCH 0x1c00001a
89	#define DCERPC_FAULT_OTHER 0x00000001
90	#define DCERPC_FAULT_ACCESS_DENIED 0x00000005
91	#define DCERPC_FAULT_CANT_PERFORM 0x000006d8
92	#define DCERPC_FAULT_NDR 0x000006f7
93
94
95	/* Netlogon schannel auth type and level */
96	#define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
97	#define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
98
99	#define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20
100	#define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18
101
102
103	#define NETLOGON_NEG_ARCFOUR 0x00000004
104	#define NETLOGON_NEG_128BIT 0x00004000
105	#define NETLOGON_NEG_SCHANNEL 0x40000000
106
107	#define NETLOGON_NEG_PASSWORD_SET2 0x00020000
108
109	/* The 7 here seems to be required to get Win2k not to downgrade us
110	to NT4. Actually, anything other than 1ff would seem to do... */
111	#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
112	#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT 0x2010b000
113
114	/* these are the flags that ADS clients use */
115	#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
116
117	enum schannel_direction {
118	SENDER_IS_INITIATOR,
119	SENDER_IS_ACCEPTOR
120	};
121
122	/* Maximum size of the signing data in a fragment. */
123	#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
124
125	/* Maximum PDU fragment size. */
126	/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
127	#define RPC_MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */
128
129	/* RPC_IFACE */
130	typedef struct rpc_iface_info {
131	struct GUID uuid; /* 16 bytes of rpc interface identification */
132	uint32 version; /* the interface version number */
133	} RPC_IFACE;
134
135	#define RPC_IFACE_LEN (UUID_SIZE + 4)
136
137	struct pipe_id_info {
138	/* the names appear not to matter: the syntaxes _do_ matter */
139
140	const char *client_pipe;
141	RPC_IFACE abstr_syntax; /* this one is the abstract syntax id */
142
143	const char server_pipe; / this one is the secondary syntax name */
144	RPC_IFACE trans_syntax; /* this one is the primary syntax id */
145	};
146
147	/* RPC_HDR - dce rpc header */
148	typedef struct rpc_hdr_info {
149	uint8 major; /* 5 - RPC major version */
150	uint8 minor; /* 0 - RPC minor version */
151	uint8 pkt_type; /* RPC_PKT_TYPE - RPC response packet */
152	uint8 flags; /* DCE/RPC flags */
153	uint8 pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */
154	uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */
155	uint16 auth_len; /* 0 - authentication length */
156	uint32 call_id; /* call identifier. matches 12th uint32 of incoming RPC data. */
157	} RPC_HDR;
158
159	#define RPC_HEADER_LEN 16
160
161	/* RPC_HDR_REQ - ms request rpc header */
162	typedef struct rpc_hdr_req_info {
163	uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */
164	uint16 context_id; /* presentation context identifier */
165	uint16 opnum; /* opnum */
166	} RPC_HDR_REQ;
167
168	#define RPC_HDR_REQ_LEN 8
169
170	/* RPC_HDR_RESP - ms response rpc header */
171	typedef struct rpc_hdr_resp_info {
172	uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */
173	uint16 context_id; /* 0 - presentation context identifier */
174	uint8 cancel_count; /* 0 - cancel count */
175	uint8 reserved; /* 0 - reserved. */
176	} RPC_HDR_RESP;
177
178	#define RPC_HDR_RESP_LEN 8
179
180	/* RPC_HDR_FAULT - fault rpc header */
181	typedef struct rpc_hdr_fault_info {
182	NTSTATUS status;
183	uint32 reserved; /* 0x0000 0000 */
184	} RPC_HDR_FAULT;
185
186	#define RPC_HDR_FAULT_LEN 8
187
188	/* this seems to be the same string name depending on the name of the pipe,
189	* but is more likely to be linked to the interface name
190	* "srvsvc", "\\PIPE\\ntsvcs"
191	* "samr", "\\PIPE\\lsass"
192	* "wkssvc", "\\PIPE\\wksvcs"
193	* "NETLOGON", "\\PIPE\\NETLOGON"
194	*/
195	/* RPC_ADDR_STR */
196	typedef struct rpc_addr_info {
197	uint16 len; /* length of the string including null terminator */
198	fstring str; /* the string above in single byte, null terminated form */
199	} RPC_ADDR_STR;
200
201	/* RPC_HDR_BBA - bind acknowledge, and alter context response. */
202	typedef struct rpc_hdr_bba_info {
203	uint16 max_tsize; /* maximum transmission fragment size (0x1630) */
204	uint16 max_rsize; /* max receive fragment size (0x1630) */
205	uint32 assoc_gid; /* associated group id (0x0) */
206	} RPC_HDR_BBA;
207
208	#define RPC_HDR_BBA_LEN 8
209
210	/* RPC_HDR_AUTH */
211	typedef struct rpc_hdr_auth_info {
212	uint8 auth_type; /* See XXX_AUTH_TYPE above. */
213	uint8 auth_level; /* See RPC_PIPE_AUTH_XXX_LEVEL above. */
214	uint8 auth_pad_len;
215	uint8 auth_reserved;
216	uint32 auth_context_id;
217	} RPC_HDR_AUTH;
218
219	#define RPC_HDR_AUTH_LEN 8
220
221	/* this is TEMPORARILY coded up as a specific structure */
222	/* this structure comes after the bind request */
223	/* RPC_AUTH_SCHANNEL_NEG */
224	typedef struct rpc_auth_schannel_neg_info {
225	uint32 type1; /* Always zero ? */
226	uint32 type2; /* Types 0x3 and 0x13 seen. Check AcquireSecurityContext() docs.... */
227	fstring domain; /* calling workstations's domain */
228	fstring myname; /* calling workstation's name */
229	} RPC_AUTH_SCHANNEL_NEG;
230
231	/* attached to the end of encrypted rpc requests and responses */
232	/* RPC_AUTH_SCHANNEL_CHK */
233	typedef struct rpc_auth_schannel_chk_info {
234	uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */
235	uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */
236	uint8 seq_num[8]; /* verifier, seq num */
237	uint8 confounder[8]; /* random 8-byte nonce */
238	} RPC_AUTH_SCHANNEL_CHK;
239
240	typedef struct rpc_context {
241	uint16 context_id; /* presentation context identifier. */
242	uint8 num_transfer_syntaxes; /* the number of syntaxes */
243	RPC_IFACE abstract; /* num and vers. of interface client is using */
244	RPC_IFACE transfer; / Array of transfer interfaces. */
245	} RPC_CONTEXT;
246
247	/* RPC_BIND_REQ - ms req bind */
248	typedef struct rpc_bind_req_info {
249	RPC_HDR_BBA bba;
250	uint8 num_contexts; /* the number of contexts */
251	RPC_CONTEXT *rpc_context;
252	} RPC_HDR_RB;
253
254	/*
255	* The following length is 8 bytes RPC_HDR_BBA_LEN +
256	* 4 bytes size of context count +
257	* (context_count * (4 bytes of context_id, size of transfer syntax count + RPC_IFACE_LEN bytes +
258	* (transfer_syntax_count * RPC_IFACE_LEN bytes)))
259	*/
260
261	#define RPC_HDR_RB_LEN(rpc_hdr_rb) (RPC_HDR_BBA_LEN + 4 + \
262	((rpc_hdr_rb)->num_contexts) * (4 + RPC_IFACE_LEN + (((rpc_hdr_rb)->rpc_context->num_transfer_syntaxes)*RPC_IFACE_LEN)))
263
264	/* RPC_RESULTS - can only cope with one reason, right now... */
265	typedef struct rpc_results_info {
266	/* uint8[] # 4-byte alignment padding, against SMB header */
267
268	uint8 num_results; /* the number of results (0x01) */
269
270	/* uint8[] # 4-byte alignment padding, against SMB header */
271
272	uint16 result; /* result (0x00 = accept) */
273	uint16 reason; /* reason (0x00 = no reason specified) */
274	} RPC_RESULTS;
275
276	/* RPC_HDR_BA */
277	typedef struct rpc_hdr_ba_info {
278	RPC_HDR_BBA bba;
279
280	RPC_ADDR_STR addr ; /* the secondary address string, as described earlier */
281	RPC_RESULTS res ; /* results and reasons */
282	RPC_IFACE transfer; /* the transfer syntax from the request */
283	} RPC_HDR_BA;
284
285	/* RPC_AUTH_VERIFIER */
286	typedef struct rpc_auth_verif_info {
287	fstring signature; /* "NTLMSSP".. Ok, not quite anymore */
288	uint32 msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) and 5 for schannel */
289	} RPC_AUTH_VERIFIER;
290
291	#endif /* _DCE_RPC_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: