Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

dcerpc_util.c

Visit:

Last change on this file was 989, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.7
File size: 21.3 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	raw dcerpc operations
4
5	Copyright (C) Andrew Tridgell 2003-2005
6	Copyright (C) Jelmer Vernooij 2004-2005
7
8	This program is free software; you can redistribute it and/or modify
9	it under the terms of the GNU General Public License as published by
10	the Free Software Foundation; either version 3 of the License, or
11	(at your option) any later version.
12
13	This program is distributed in the hope that it will be useful,
14	but WITHOUT ANY WARRANTY; without even the implied warranty of
15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	GNU General Public License for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with this program. If not, see <http://www.gnu.org/licenses/>.
20	*/
21
22	#include "includes.h"
23	#include "system/network.h"
24	#include <tevent.h>
25	#include "lib/tsocket/tsocket.h"
26	#include "lib/util/tevent_ntstatus.h"
27	#include "librpc/rpc/dcerpc.h"
28	#include "librpc/gen_ndr/ndr_dcerpc.h"
29	#include "rpc_common.h"
30	#include "lib/util/bitmap.h"
31
32	/* we need to be able to get/set the fragment length without doing a full
33	decode */
34	void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v)
35	{
36	if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
37	SSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
38	} else {
39	RSSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
40	}
41	}
42
43	uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob)
44	{
45	if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
46	return SVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
47	} else {
48	return RSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
49	}
50	}
51
52	void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
53	{
54	if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
55	SSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
56	} else {
57	RSSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
58	}
59	}
60
61	uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob)
62	{
63	return blob->data[DCERPC_DREP_OFFSET];
64	}
65
66
67	/**
68	* @brief Pull a dcerpc_auth structure, taking account of any auth
69	* padding in the blob. For request/response packets we pass
70	* the whole data blob, so auth_data_only must be set to false
71	* as the blob contains data+pad+auth and no just pad+auth.
72	*
73	* @param pkt - The ncacn_packet strcuture
74	* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
75	* @param pkt_trailer - The packet trailer data, usually the trailing
76	* auth_info blob, but in the request/response case
77	* this is the stub_and_verifier blob.
78	* @param auth - A preallocated dcerpc_auth empty structure
79	* @param auth_length - The length of the auth trail, sum of auth header
80	* lenght and pkt->auth_length
81	* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
82	* (+ padding) or also other data.
83	*
84	* @return - A NTSTATUS error code.
85	*/
86	NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
87	TALLOC_CTX *mem_ctx,
88	const DATA_BLOB *pkt_trailer,
89	struct dcerpc_auth *auth,
90	uint32_t *_auth_length,
91	bool auth_data_only)
92	{
93	struct ndr_pull *ndr;
94	enum ndr_err_code ndr_err;
95	uint16_t data_and_pad;
96	uint16_t auth_length;
97	uint32_t tmp_length;
98	uint32_t max_pad_len = 0;
99
100	ZERO_STRUCTP(auth);
101	if (_auth_length != NULL) {
102	*_auth_length = 0;
103
104	if (auth_data_only) {
105	return NT_STATUS_INTERNAL_ERROR;
106	}
107	} else {
108	if (!auth_data_only) {
109	return NT_STATUS_INTERNAL_ERROR;
110	}
111	}
112
113	/* Paranoia checks for auth_length. The caller should check this... */
114	if (pkt->auth_length == 0) {
115	return NT_STATUS_INTERNAL_ERROR;
116	}
117
118	/* Paranoia checks for auth_length. The caller should check this... */
119	if (pkt->auth_length > pkt->frag_length) {
120	return NT_STATUS_INTERNAL_ERROR;
121	}
122	tmp_length = DCERPC_NCACN_PAYLOAD_OFFSET;
123	tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
124	tmp_length += pkt->auth_length;
125	if (tmp_length > pkt->frag_length) {
126	return NT_STATUS_INTERNAL_ERROR;
127	}
128	if (pkt_trailer->length > UINT16_MAX) {
129	return NT_STATUS_INTERNAL_ERROR;
130	}
131
132	auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length;
133	if (pkt_trailer->length < auth_length) {
134	return NT_STATUS_RPC_PROTOCOL_ERROR;
135	}
136
137	data_and_pad = pkt_trailer->length - auth_length;
138
139	ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx);
140	if (!ndr) {
141	return NT_STATUS_NO_MEMORY;
142	}
143
144	if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
145	ndr->flags \|= LIBNDR_FLAG_BIGENDIAN;
146	}
147
148	ndr_err = ndr_pull_advance(ndr, data_and_pad);
149	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
150	talloc_free(ndr);
151	return ndr_map_error2ntstatus(ndr_err);
152	}
153
154	ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS\|NDR_BUFFERS, auth);
155	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
156	talloc_free(ndr);
157	ZERO_STRUCTP(auth);
158	return ndr_map_error2ntstatus(ndr_err);
159	}
160
161	/*
162	* Make sure the padding would not exceed
163	* the frag_length.
164	*
165	* Here we assume at least 24 bytes for the
166	* payload specific header the value of
167	* DCERPC_{REQUEST,RESPONSE}_LENGTH.
168	*
169	* We use this also for BIND_, ALTER_ and AUTH3 pdus.
170	*
171	* We need this check before we ignore possible
172	* invalid values. See also bug #11982.
173	*
174	* This check is mainly used to generate the correct
175	* error for BIND_, ALTER_ and AUTH3 pdus.
176	*
177	* We always have the 'if (data_and_pad < auth->auth_pad_length)'
178	* protection for REQUEST and RESPONSE pdus, where the
179	* auth_pad_length field is actually used by the caller.
180	*/
181	tmp_length = DCERPC_REQUEST_LENGTH;
182	tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
183	tmp_length += pkt->auth_length;
184	if (tmp_length < pkt->frag_length) {
185	max_pad_len = pkt->frag_length - tmp_length;
186	}
187	if (max_pad_len < auth->auth_pad_length) {
188	DEBUG(1, (__location__ ": ERROR: pad length to large. "
189	"max %u got %u\n",
190	(unsigned)max_pad_len,
191	(unsigned)auth->auth_pad_length));
192	talloc_free(ndr);
193	ZERO_STRUCTP(auth);
194	return NT_STATUS_RPC_PROTOCOL_ERROR;
195	}
196
197	/*
198	* This is a workarround for a bug in old
199	* Samba releases. For BIND_ACK <= 3.5.x
200	* and for ALTER_RESP <= 4.2.x (see bug #11061)
201	*
202	* See also bug #11982.
203	*/
204	if (auth_data_only && data_and_pad == 0 &&
205	auth->auth_pad_length > 0) {
206	/*
207	* we need to ignore invalid auth_pad_length
208	* values for BIND_, ALTER_ and AUTH3 pdus.
209	*/
210	auth->auth_pad_length = 0;
211	}
212
213	if (data_and_pad < auth->auth_pad_length) {
214	DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
215	"Calculated %u got %u\n",
216	(unsigned)data_and_pad,
217	(unsigned)auth->auth_pad_length));
218	talloc_free(ndr);
219	ZERO_STRUCTP(auth);
220	return NT_STATUS_RPC_PROTOCOL_ERROR;
221	}
222
223	if (auth_data_only && data_and_pad != auth->auth_pad_length) {
224	DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
225	"Calculated %u got %u\n",
226	(unsigned)data_and_pad,
227	(unsigned)auth->auth_pad_length));
228	talloc_free(ndr);
229	ZERO_STRUCTP(auth);
230	return NT_STATUS_RPC_PROTOCOL_ERROR;
231	}
232
233	DEBUG(6,(__location__ ": auth_pad_length %u\n",
234	(unsigned)auth->auth_pad_length));
235
236	talloc_steal(mem_ctx, auth->credentials.data);
237	talloc_free(ndr);
238
239	if (_auth_length != NULL) {
240	*_auth_length = auth_length;
241	}
242
243	return NT_STATUS_OK;
244	}
245
246	/**
247	* @brief Verify the fields in ncacn_packet header.
248	*
249	* @param pkt - The ncacn_packet strcuture
250	* @param ptype - The expected PDU type
251	* @param max_auth_info - The maximum size of a possible auth trailer
252	* @param required_flags - The required flags for the pdu.
253	* @param optional_flags - The possible optional flags for the pdu.
254	*
255	* @return - A NTSTATUS error code.
256	*/
257	NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
258	enum dcerpc_pkt_type ptype,
259	size_t max_auth_info,
260	uint8_t required_flags,
261	uint8_t optional_flags)
262	{
263	if (pkt->rpc_vers != 5) {
264	return NT_STATUS_RPC_PROTOCOL_ERROR;
265	}
266
267	if (pkt->rpc_vers_minor != 0) {
268	return NT_STATUS_RPC_PROTOCOL_ERROR;
269	}
270
271	if (pkt->auth_length > pkt->frag_length) {
272	return NT_STATUS_RPC_PROTOCOL_ERROR;
273	}
274
275	if (pkt->ptype != ptype) {
276	return NT_STATUS_RPC_PROTOCOL_ERROR;
277	}
278
279	if (max_auth_info > UINT16_MAX) {
280	return NT_STATUS_INTERNAL_ERROR;
281	}
282
283	if (pkt->auth_length > 0) {
284	size_t max_auth_length;
285
286	if (max_auth_info <= DCERPC_AUTH_TRAILER_LENGTH) {
287	return NT_STATUS_RPC_PROTOCOL_ERROR;
288	}
289	max_auth_length = max_auth_info - DCERPC_AUTH_TRAILER_LENGTH;
290
291	if (pkt->auth_length > max_auth_length) {
292	return NT_STATUS_RPC_PROTOCOL_ERROR;
293	}
294	}
295
296	if ((pkt->pfc_flags & required_flags) != required_flags) {
297	return NT_STATUS_RPC_PROTOCOL_ERROR;
298	}
299	if (pkt->pfc_flags & ~(optional_flags\|required_flags)) {
300	return NT_STATUS_RPC_PROTOCOL_ERROR;
301	}
302
303	if (pkt->drep[0] & ~DCERPC_DREP_LE) {
304	return NT_STATUS_RPC_PROTOCOL_ERROR;
305	}
306	if (pkt->drep[1] != 0) {
307	return NT_STATUS_RPC_PROTOCOL_ERROR;
308	}
309	if (pkt->drep[2] != 0) {
310	return NT_STATUS_RPC_PROTOCOL_ERROR;
311	}
312	if (pkt->drep[3] != 0) {
313	return NT_STATUS_RPC_PROTOCOL_ERROR;
314	}
315
316	return NT_STATUS_OK;
317	}
318
319	struct dcerpc_read_ncacn_packet_state {
320	#if 0
321	struct {
322	} caller;
323	#endif
324	DATA_BLOB buffer;
325	struct ncacn_packet *pkt;
326	};
327
328	static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream,
329	void *private_data,
330	TALLOC_CTX *mem_ctx,
331	struct iovec **_vector,
332	size_t *_count);
333	static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq);
334
335	struct tevent_req dcerpc_read_ncacn_packet_send(TALLOC_CTX mem_ctx,
336	struct tevent_context *ev,
337	struct tstream_context *stream)
338	{
339	struct tevent_req *req;
340	struct dcerpc_read_ncacn_packet_state *state;
341	struct tevent_req *subreq;
342
343	req = tevent_req_create(mem_ctx, &state,
344	struct dcerpc_read_ncacn_packet_state);
345	if (req == NULL) {
346	return NULL;
347	}
348
349	state->buffer = data_blob_const(NULL, 0);
350	state->pkt = talloc(state, struct ncacn_packet);
351	if (tevent_req_nomem(state->pkt, req)) {
352	goto post;
353	}
354
355	subreq = tstream_readv_pdu_send(state, ev,
356	stream,
357	dcerpc_read_ncacn_packet_next_vector,
358	state);
359	if (tevent_req_nomem(subreq, req)) {
360	goto post;
361	}
362	tevent_req_set_callback(subreq, dcerpc_read_ncacn_packet_done, req);
363
364	return req;
365	post:
366	tevent_req_post(req, ev);
367	return req;
368	}
369
370	static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream,
371	void *private_data,
372	TALLOC_CTX *mem_ctx,
373	struct iovec **_vector,
374	size_t *_count)
375	{
376	struct dcerpc_read_ncacn_packet_state *state =
377	talloc_get_type_abort(private_data,
378	struct dcerpc_read_ncacn_packet_state);
379	struct iovec *vector;
380	off_t ofs = 0;
381
382	if (state->buffer.length == 0) {
383	/*
384	* first get enough to read the fragment length
385	*
386	* We read the full fixed ncacn_packet header
387	* in order to make wireshark happy with
388	* pcap files from socket_wrapper.
389	*/
390	ofs = 0;
391	state->buffer.length = DCERPC_NCACN_PAYLOAD_OFFSET;
392	state->buffer.data = talloc_array(state, uint8_t,
393	state->buffer.length);
394	if (!state->buffer.data) {
395	return -1;
396	}
397	} else if (state->buffer.length == DCERPC_NCACN_PAYLOAD_OFFSET) {
398	/* now read the fragment length and allocate the full buffer */
399	size_t frag_len = dcerpc_get_frag_length(&state->buffer);
400
401	ofs = state->buffer.length;
402
403	if (frag_len < ofs) {
404	/*
405	* something is wrong, let the caller deal with it
406	*/
407	*_vector = NULL;
408	*_count = 0;
409	return 0;
410	}
411
412	state->buffer.data = talloc_realloc(state,
413	state->buffer.data,
414	uint8_t, frag_len);
415	if (!state->buffer.data) {
416	return -1;
417	}
418	state->buffer.length = frag_len;
419	} else {
420	/* if we reach this we have a full fragment */
421	*_vector = NULL;
422	*_count = 0;
423	return 0;
424	}
425
426	/* now create the vector that we want to be filled */
427	vector = talloc_array(mem_ctx, struct iovec, 1);
428	if (!vector) {
429	return -1;
430	}
431
432	vector[0].iov_base = (void *) (state->buffer.data + ofs);
433	vector[0].iov_len = state->buffer.length - ofs;
434
435	*_vector = vector;
436	*_count = 1;
437	return 0;
438	}
439
440	static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq)
441	{
442	struct tevent_req *req = tevent_req_callback_data(subreq,
443	struct tevent_req);
444	struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req,
445	struct dcerpc_read_ncacn_packet_state);
446	int ret;
447	int sys_errno;
448	struct ndr_pull *ndr;
449	enum ndr_err_code ndr_err;
450	NTSTATUS status;
451
452	ret = tstream_readv_pdu_recv(subreq, &sys_errno);
453	TALLOC_FREE(subreq);
454	if (ret == -1) {
455	status = map_nt_error_from_unix_common(sys_errno);
456	tevent_req_nterror(req, status);
457	return;
458	}
459
460	ndr = ndr_pull_init_blob(&state->buffer, state->pkt);
461	if (tevent_req_nomem(ndr, req)) {
462	return;
463	}
464
465	if (!(CVAL(ndr->data, DCERPC_DREP_OFFSET) & DCERPC_DREP_LE)) {
466	ndr->flags \|= LIBNDR_FLAG_BIGENDIAN;
467	}
468
469	if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
470	ndr->flags \|= LIBNDR_FLAG_OBJECT_PRESENT;
471	}
472
473	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS\|NDR_BUFFERS, state->pkt);
474	TALLOC_FREE(ndr);
475	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
476	status = ndr_map_error2ntstatus(ndr_err);
477	tevent_req_nterror(req, status);
478	return;
479	}
480
481	if (state->pkt->frag_length != state->buffer.length) {
482	tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
483	return;
484	}
485
486	tevent_req_done(req);
487	}
488
489	NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
490	TALLOC_CTX *mem_ctx,
491	struct ncacn_packet **pkt,
492	DATA_BLOB *buffer)
493	{
494	struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req,
495	struct dcerpc_read_ncacn_packet_state);
496	NTSTATUS status;
497
498	if (tevent_req_is_nterror(req, &status)) {
499	tevent_req_received(req);
500	return status;
501	}
502
503	*pkt = talloc_move(mem_ctx, &state->pkt);
504	if (buffer) {
505	buffer->data = talloc_move(mem_ctx, &state->buffer.data);
506	buffer->length = state->buffer.length;
507	}
508
509	tevent_req_received(req);
510	return NT_STATUS_OK;
511	}
512
513	const char dcerpc_default_transport_endpoint(TALLOC_CTX mem_ctx,
514	enum dcerpc_transport_t transport,
515	const struct ndr_interface_table *table)
516	{
517	NTSTATUS status;
518	const char *p = NULL;
519	const char *endpoint = NULL;
520	int i;
521	struct dcerpc_binding *default_binding = NULL;
522	TALLOC_CTX *frame = talloc_stackframe();
523
524	/* Find one of the default pipes for this interface */
525
526	for (i = 0; i < table->endpoints->count; i++) {
527	enum dcerpc_transport_t dtransport;
528	const char *dendpoint;
529
530	status = dcerpc_parse_binding(frame, table->endpoints->names[i],
531	&default_binding);
532	if (!NT_STATUS_IS_OK(status)) {
533	continue;
534	}
535
536	dtransport = dcerpc_binding_get_transport(default_binding);
537	dendpoint = dcerpc_binding_get_string_option(default_binding,
538	"endpoint");
539	if (dendpoint == NULL) {
540	TALLOC_FREE(default_binding);
541	continue;
542	}
543
544	if (transport == NCA_UNKNOWN) {
545	transport = dtransport;
546	}
547
548	if (transport != dtransport) {
549	TALLOC_FREE(default_binding);
550	continue;
551	}
552
553	p = dendpoint;
554	break;
555	}
556
557	if (p == NULL) {
558	goto done;
559	}
560
561	/*
562	* extract the pipe name without \\pipe from for example
563	* ncacn_np:[\\pipe\\epmapper]
564	*/
565	if (transport == NCACN_NP) {
566	if (strncasecmp(p, "\\pipe\\", 6) == 0) {
567	p += 6;
568	}
569	if (strncmp(p, "\\", 1) == 0) {
570	p += 1;
571	}
572	}
573
574	endpoint = talloc_strdup(mem_ctx, p);
575
576	done:
577	talloc_free(frame);
578	return endpoint;
579	}
580
581	struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt)
582	{
583	struct dcerpc_sec_vt_header2 ret;
584
585	ZERO_STRUCT(ret);
586	ret.ptype = pkt->ptype;
587	memcpy(&ret.drep, pkt->drep, sizeof(ret.drep));
588	ret.call_id = pkt->call_id;
589
590	switch (pkt->ptype) {
591	case DCERPC_PKT_REQUEST:
592	ret.context_id = pkt->u.request.context_id;
593	ret.opnum = pkt->u.request.opnum;
594	break;
595
596	case DCERPC_PKT_RESPONSE:
597	ret.context_id = pkt->u.response.context_id;
598	break;
599
600	case DCERPC_PKT_FAULT:
601	ret.context_id = pkt->u.fault.context_id;
602	break;
603
604	default:
605	break;
606	}
607
608	return ret;
609	}
610
611	bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1,
612	const struct dcerpc_sec_vt_header2 *v2)
613	{
614	if (v1->ptype != v2->ptype) {
615	return false;
616	}
617
618	if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) {
619	return false;
620	}
621
622	if (v1->call_id != v2->call_id) {
623	return false;
624	}
625
626	if (v1->context_id != v2->context_id) {
627	return false;
628	}
629
630	if (v1->opnum != v2->opnum) {
631	return false;
632	}
633
634	return true;
635	}
636
637	static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r)
638	{
639	bool ret = false;
640	TALLOC_CTX *frame = talloc_stackframe();
641	struct bitmap *commands_seen;
642	int i;
643
644	if (r->count.count == 0) {
645	ret = true;
646	goto done;
647	}
648
649	if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) {
650	goto done;
651	}
652
653	commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1);
654	if (commands_seen == NULL) {
655	goto done;
656	}
657
658	for (i=0; i < r->count.count; i++) {
659	enum dcerpc_sec_vt_command_enum cmd =
660	r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM;
661
662	if (bitmap_query(commands_seen, cmd)) {
663	/* Each command must appear at most once. */
664	goto done;
665	}
666	bitmap_set(commands_seen, cmd);
667
668	switch (cmd) {
669	case DCERPC_SEC_VT_COMMAND_BITMASK1:
670	case DCERPC_SEC_VT_COMMAND_PCONTEXT:
671	case DCERPC_SEC_VT_COMMAND_HEADER2:
672	break;
673	default:
674	if ((r->commands[i].u._unknown.length % 4) != 0) {
675	goto done;
676	}
677	break;
678	}
679	}
680	ret = true;
681	done:
682	TALLOC_FREE(frame);
683	return ret;
684	}
685
686	static bool dcerpc_sec_vt_bitmask_check(const uint32_t *bitmask1,
687	struct dcerpc_sec_vt *c)
688	{
689	if (bitmask1 == NULL) {
690	if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
691	DEBUG(10, ("SEC_VT check Bitmask1 must_process_command "
692	"failed\n"));
693	return false;
694	}
695
696	return true;
697	}
698
699	if ((c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING)
700	&& (!(*bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING))) {
701	DEBUG(10, ("SEC_VT check Bitmask1 client_header_signing "
702	"failed\n"));
703	return false;
704	}
705	return true;
706	}
707
708	static bool dcerpc_sec_vt_pctx_check(const struct dcerpc_sec_vt_pcontext *pcontext,
709	struct dcerpc_sec_vt *c)
710	{
711	TALLOC_CTX *mem_ctx;
712	bool ok;
713
714	if (pcontext == NULL) {
715	if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
716	DEBUG(10, ("SEC_VT check Pcontext must_process_command "
717	"failed\n"));
718	return false;
719	}
720
721	return true;
722	}
723
724	mem_ctx = talloc_stackframe();
725	ok = ndr_syntax_id_equal(&pcontext->abstract_syntax,
726	&c->u.pcontext.abstract_syntax);
727	if (!ok) {
728	DEBUG(10, ("SEC_VT check pcontext abstract_syntax failed: "
729	"%s vs. %s\n",
730	ndr_syntax_id_to_string(mem_ctx,
731	&pcontext->abstract_syntax),
732	ndr_syntax_id_to_string(mem_ctx,
733	&c->u.pcontext.abstract_syntax)));
734	goto err_ctx_free;
735	}
736	ok = ndr_syntax_id_equal(&pcontext->transfer_syntax,
737	&c->u.pcontext.transfer_syntax);
738	if (!ok) {
739	DEBUG(10, ("SEC_VT check pcontext transfer_syntax failed: "
740	"%s vs. %s\n",
741	ndr_syntax_id_to_string(mem_ctx,
742	&pcontext->transfer_syntax),
743	ndr_syntax_id_to_string(mem_ctx,
744	&c->u.pcontext.transfer_syntax)));
745	goto err_ctx_free;
746	}
747
748	ok = true;
749	err_ctx_free:
750	talloc_free(mem_ctx);
751	return ok;
752	}
753
754	static bool dcerpc_sec_vt_hdr2_check(const struct dcerpc_sec_vt_header2 *header2,
755	struct dcerpc_sec_vt *c)
756	{
757	if (header2 == NULL) {
758	if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
759	DEBUG(10, ("SEC_VT check Header2 must_process_command failed\n"));
760	return false;
761	}
762
763	return true;
764	}
765
766	if (!dcerpc_sec_vt_header2_equal(header2, &c->u.header2)) {
767	DEBUG(10, ("SEC_VT check Header2 failed\n"));
768	return false;
769	}
770
771	return true;
772	}
773
774	bool dcerpc_sec_verification_trailer_check(
775	const struct dcerpc_sec_verification_trailer *vt,
776	const uint32_t *bitmask1,
777	const struct dcerpc_sec_vt_pcontext *pcontext,
778	const struct dcerpc_sec_vt_header2 *header2)
779	{
780	size_t i;
781
782	if (!dcerpc_sec_vt_is_valid(vt)) {
783	return false;
784	}
785
786	for (i=0; i < vt->count.count; i++) {
787	bool ok;
788	struct dcerpc_sec_vt *c = &vt->commands[i];
789
790	switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) {
791	case DCERPC_SEC_VT_COMMAND_BITMASK1:
792	ok = dcerpc_sec_vt_bitmask_check(bitmask1, c);
793	if (!ok) {
794	return false;
795	}
796	break;
797
798	case DCERPC_SEC_VT_COMMAND_PCONTEXT:
799	ok = dcerpc_sec_vt_pctx_check(pcontext, c);
800	if (!ok) {
801	return false;
802	}
803	break;
804
805	case DCERPC_SEC_VT_COMMAND_HEADER2: {
806	ok = dcerpc_sec_vt_hdr2_check(header2, c);
807	if (!ok) {
808	return false;
809	}
810	break;
811	}
812
813	default:
814	if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
815	DEBUG(10, ("SEC_VT check Unknown must_process_command failed\n"));
816	return false;
817	}
818
819	break;
820	}
821	}
822
823	return true;
824	}
825
826	static const struct ndr_syntax_id dcerpc_bind_time_features_prefix = {
827	.uuid = {
828	.time_low = 0x6cb71c2c,
829	.time_mid = 0x9812,
830	.time_hi_and_version = 0x4540,
831	.clock_seq = {0x00, 0x00},
832	.node = {0x00,0x00,0x00,0x00,0x00,0x00}
833	},
834	.if_version = 1,
835	};
836
837	bool dcerpc_extract_bind_time_features(struct ndr_syntax_id s, uint64_t *_features)
838	{
839	uint8_t values[8];
840	uint64_t features = 0;
841
842	values[0] = s.uuid.clock_seq[0];
843	values[1] = s.uuid.clock_seq[1];
844	values[2] = s.uuid.node[0];
845	values[3] = s.uuid.node[1];
846	values[4] = s.uuid.node[2];
847	values[5] = s.uuid.node[3];
848	values[6] = s.uuid.node[4];
849	values[7] = s.uuid.node[5];
850
851	ZERO_STRUCT(s.uuid.clock_seq);
852	ZERO_STRUCT(s.uuid.node);
853
854	if (!ndr_syntax_id_equal(&s, &dcerpc_bind_time_features_prefix)) {
855	if (_features != NULL) {
856	*_features = 0;
857	}
858	return false;
859	}
860
861	features = BVAL(values, 0);
862
863	if (_features != NULL) {
864	*_features = features;
865	}
866
867	return true;
868	}
869
870	struct ndr_syntax_id dcerpc_construct_bind_time_features(uint64_t features)
871	{
872	struct ndr_syntax_id s = dcerpc_bind_time_features_prefix;
873	uint8_t values[8];
874
875	SBVAL(values, 0, features);
876
877	s.uuid.clock_seq[0] = values[0];
878	s.uuid.clock_seq[1] = values[1];
879	s.uuid.node[0] = values[2];
880	s.uuid.node[1] = values[3];
881	s.uuid.node[2] = values[4];
882	s.uuid.node[3] = values[5];
883	s.uuid.node[4] = values[6];
884	s.uuid.node[5] = values[7];
885
886	return s;
887	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/librpc/rpc/dcerpc_util.c

Download in other formats: