2
Unix SMB/CIFS implementation.
4
dcerpc utility functions
6
Copyright (C) Andrew Tridgell 2003
7
Copyright (C) Jelmer Vernooij 2004
8
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9
Copyright (C) Rafal Szczesniak 2006
11
This program is free software; you can redistribute it and/or modify
12
it under the terms of the GNU General Public License as published by
13
the Free Software Foundation; either version 3 of the License, or
14
(at your option) any later version.
16
This program is distributed in the hope that it will be useful,
17
but WITHOUT ANY WARRANTY; without even the implied warranty of
18
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
GNU General Public License for more details.
21
You should have received a copy of the GNU General Public License
22
along with this program. If not, see <http://www.gnu.org/licenses/>.
26
#include "librpc/gen_ndr/ndr_epmapper.h"
27
#include "librpc/gen_ndr/ndr_misc.h"
28
#include "librpc/rpc/dcerpc.h"
31
#define MAX_PROTSEQ 10
35
enum dcerpc_transport_t transport;
37
enum epm_protocol protseq[MAX_PROTSEQ];
39
{ "ncacn_np", NCACN_NP, 3,
40
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_SMB, EPM_PROTOCOL_NETBIOS }},
41
{ "ncacn_ip_tcp", NCACN_IP_TCP, 3,
42
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_TCP, EPM_PROTOCOL_IP } },
43
{ "ncacn_http", NCACN_HTTP, 3,
44
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_HTTP, EPM_PROTOCOL_IP } },
45
{ "ncadg_ip_udp", NCACN_IP_UDP, 3,
46
{ EPM_PROTOCOL_NCADG, EPM_PROTOCOL_UDP, EPM_PROTOCOL_IP } },
47
{ "ncalrpc", NCALRPC, 2,
48
{ EPM_PROTOCOL_NCALRPC, EPM_PROTOCOL_PIPE } },
49
{ "ncacn_unix_stream", NCACN_UNIX_STREAM, 2,
50
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_UNIX_DS } },
51
{ "ncadg_unix_dgram", NCADG_UNIX_DGRAM, 2,
52
{ EPM_PROTOCOL_NCADG, EPM_PROTOCOL_UNIX_DS } },
53
{ "ncacn_at_dsp", NCACN_AT_DSP, 3,
54
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_APPLETALK, EPM_PROTOCOL_DSP } },
55
{ "ncadg_at_ddp", NCADG_AT_DDP, 3,
56
{ EPM_PROTOCOL_NCADG, EPM_PROTOCOL_APPLETALK, EPM_PROTOCOL_DDP } },
57
{ "ncacn_vns_ssp", NCACN_VNS_SPP, 3,
58
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_STREETTALK, EPM_PROTOCOL_VINES_SPP } },
59
{ "ncacn_vns_ipc", NCACN_VNS_IPC, 3,
60
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_STREETTALK, EPM_PROTOCOL_VINES_IPC }, },
61
{ "ncadg_ipx", NCADG_IPX, 2,
62
{ EPM_PROTOCOL_NCADG, EPM_PROTOCOL_IPX },
64
{ "ncacn_spx", NCACN_SPX, 3,
65
/* I guess some MS programmer confused the identifier for
66
* EPM_PROTOCOL_UUID (0x0D or 13) with the one for
67
* EPM_PROTOCOL_SPX (0x13) here. -- jelmer*/
68
{ EPM_PROTOCOL_NCACN, EPM_PROTOCOL_NCALRPC, EPM_PROTOCOL_UUID },
76
{"sign", DCERPC_SIGN},
77
{"seal", DCERPC_SEAL},
78
{"connect", DCERPC_CONNECT},
79
{"spnego", DCERPC_AUTH_SPNEGO},
80
{"ntlm", DCERPC_AUTH_NTLM},
81
{"krb5", DCERPC_AUTH_KRB5},
82
{"validate", DCERPC_DEBUG_VALIDATE_BOTH},
83
{"print", DCERPC_DEBUG_PRINT_BOTH},
84
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
85
{"bigendian", DCERPC_PUSH_BIGENDIAN},
86
{"smb2", DCERPC_SMB2},
87
{"hdrsign", DCERPC_HEADER_SIGNING}
90
const char *epm_floor_string(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
92
struct ndr_syntax_id syntax;
95
switch(epm_floor->lhs.protocol) {
96
case EPM_PROTOCOL_UUID:
97
status = dcerpc_floor_get_lhs_data(epm_floor, &syntax);
98
if (NT_STATUS_IS_OK(status)) {
99
/* lhs is used: UUID */
102
if (GUID_equal(&syntax.uuid, &ndr_transfer_syntax.uuid)) {
106
if (GUID_equal(&syntax.uuid, &ndr64_transfer_syntax.uuid)) {
110
uuidstr = GUID_string(mem_ctx, &syntax.uuid);
112
return talloc_asprintf(mem_ctx, " uuid %s/0x%02x", uuidstr, syntax.if_version);
114
return talloc_asprintf(mem_ctx, "IPX:%s",
115
data_blob_hex_string(mem_ctx, &epm_floor->rhs.uuid.unknown));
118
case EPM_PROTOCOL_NCACN:
121
case EPM_PROTOCOL_NCADG:
124
case EPM_PROTOCOL_NCALRPC:
127
case EPM_PROTOCOL_DNET_NSP:
130
case EPM_PROTOCOL_IP:
131
return talloc_asprintf(mem_ctx, "IP:%s", epm_floor->rhs.ip.ipaddr);
133
case EPM_PROTOCOL_PIPE:
134
return talloc_asprintf(mem_ctx, "PIPE:%s", epm_floor->rhs.pipe.path);
136
case EPM_PROTOCOL_SMB:
137
return talloc_asprintf(mem_ctx, "SMB:%s", epm_floor->rhs.smb.unc);
139
case EPM_PROTOCOL_UNIX_DS:
140
return talloc_asprintf(mem_ctx, "Unix:%s", epm_floor->rhs.unix_ds.path);
142
case EPM_PROTOCOL_NETBIOS:
143
return talloc_asprintf(mem_ctx, "NetBIOS:%s", epm_floor->rhs.netbios.name);
145
case EPM_PROTOCOL_NETBEUI:
148
case EPM_PROTOCOL_SPX:
151
case EPM_PROTOCOL_NB_IPX:
154
case EPM_PROTOCOL_HTTP:
155
return talloc_asprintf(mem_ctx, "HTTP:%d", epm_floor->rhs.http.port);
157
case EPM_PROTOCOL_TCP:
158
return talloc_asprintf(mem_ctx, "TCP:%d", epm_floor->rhs.tcp.port);
160
case EPM_PROTOCOL_UDP:
161
return talloc_asprintf(mem_ctx, "UDP:%d", epm_floor->rhs.udp.port);
164
return talloc_asprintf(mem_ctx, "UNK(%02x):", epm_floor->lhs.protocol);
170
form a binding string from a binding structure
172
_PUBLIC_ char *dcerpc_binding_string(TALLOC_CTX *mem_ctx, const struct dcerpc_binding *b)
174
char *s = talloc_strdup(mem_ctx, "");
176
const char *t_name = NULL;
178
if (b->transport != NCA_UNKNOWN) {
179
t_name = derpc_transport_string_by_transport(b->transport);
185
if (!GUID_all_zero(&b->object.uuid)) {
186
s = talloc_asprintf(s, "%s@",
187
GUID_string(mem_ctx, &b->object.uuid));
190
if (t_name != NULL) {
191
s = talloc_asprintf_append_buffer(s, "%s:", t_name);
198
s = talloc_asprintf_append_buffer(s, "%s", b->host);
201
if (!b->endpoint && !b->options && !b->flags) {
205
s = talloc_asprintf_append_buffer(s, "[");
208
s = talloc_asprintf_append_buffer(s, "%s", b->endpoint);
211
/* this is a *really* inefficent way of dealing with strings,
212
but this is rarely called and the strings are always short,
214
for (i=0;b->options && b->options[i];i++) {
215
s = talloc_asprintf_append_buffer(s, ",%s", b->options[i]);
219
for (i=0;i<ARRAY_SIZE(ncacn_options);i++) {
220
if (b->flags & ncacn_options[i].flag) {
221
s = talloc_asprintf_append_buffer(s, ",%s", ncacn_options[i].name);
226
s = talloc_asprintf_append_buffer(s, "]");
232
parse a binding string into a dcerpc_binding structure
234
_PUBLIC_ NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struct dcerpc_binding **b_out)
236
struct dcerpc_binding *b;
239
int i, j, comma_count;
241
b = talloc(mem_ctx, struct dcerpc_binding);
243
return NT_STATUS_NO_MEMORY;
248
if (p && PTR_DIFF(p, s) == 36) { /* 36 is the length of a UUID */
250
DATA_BLOB blob = data_blob(s, 36);
251
status = GUID_from_data_blob(&blob, &b->object.uuid);
253
if (NT_STATUS_IS_ERR(status)) {
254
DEBUG(0, ("Failed parsing UUID\n"));
260
ZERO_STRUCT(b->object);
263
b->object.if_version = 0;
268
b->transport = NCA_UNKNOWN;
270
char *type = talloc_strndup(mem_ctx, s, PTR_DIFF(p, s));
272
return NT_STATUS_NO_MEMORY;
275
for (i=0;i<ARRAY_SIZE(transports);i++) {
276
if (strcasecmp(type, transports[i].name) == 0) {
277
b->transport = transports[i].transport;
282
if (i==ARRAY_SIZE(transports)) {
283
DEBUG(0,("Unknown dcerpc transport '%s'\n", type));
284
return NT_STATUS_INVALID_PARAMETER;
294
b->host = talloc_strndup(b, s, PTR_DIFF(p, s));
295
options = talloc_strdup(mem_ctx, p+1);
296
if (options[strlen(options)-1] != ']') {
297
return NT_STATUS_INVALID_PARAMETER;
299
options[strlen(options)-1] = 0;
301
b->host = talloc_strdup(b, s);
305
return NT_STATUS_NO_MEMORY;
308
b->target_hostname = b->host;
312
b->assoc_group_id = 0;
320
comma_count = count_chars(options, ',');
322
b->options = talloc_array(b, const char *, comma_count+2);
324
return NT_STATUS_NO_MEMORY;
327
for (i=0; (p = strchr(options, ',')); i++) {
328
b->options[i] = talloc_strndup(b, options, PTR_DIFF(p, options));
329
if (!b->options[i]) {
330
return NT_STATUS_NO_MEMORY;
334
b->options[i] = options;
335
b->options[i+1] = NULL;
337
/* some options are pre-parsed for convenience */
338
for (i=0;b->options[i];i++) {
339
for (j=0;j<ARRAY_SIZE(ncacn_options);j++) {
340
if (strcasecmp(ncacn_options[j].name, b->options[i]) == 0) {
342
b->flags |= ncacn_options[j].flag;
343
for (k=i;b->options[k];k++) {
344
b->options[k] = b->options[k+1];
353
/* Endpoint is first option */
354
b->endpoint = b->options[0];
355
if (strlen(b->endpoint) == 0) b->endpoint = NULL;
357
for (i=0;b->options[i];i++) {
358
b->options[i] = b->options[i+1];
362
if (b->options[0] == NULL)
369
_PUBLIC_ NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor,
370
struct ndr_syntax_id *syntax)
372
TALLOC_CTX *mem_ctx = talloc_init("floor_get_lhs_data");
373
struct ndr_pull *ndr;
374
enum ndr_err_code ndr_err;
375
uint16_t if_version=0;
377
ndr = ndr_pull_init_blob(&epm_floor->lhs.lhs_data, mem_ctx, NULL);
379
talloc_free(mem_ctx);
380
return NT_STATUS_NO_MEMORY;
382
ndr->flags |= LIBNDR_FLAG_NOALIGN;
384
ndr_err = ndr_pull_GUID(ndr, NDR_SCALARS | NDR_BUFFERS, &syntax->uuid);
385
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
386
talloc_free(mem_ctx);
387
return ndr_map_error2ntstatus(ndr_err);
390
ndr_err = ndr_pull_uint16(ndr, NDR_SCALARS, &if_version);
391
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
392
talloc_free(mem_ctx);
393
return ndr_map_error2ntstatus(ndr_err);
396
syntax->if_version = if_version;
398
talloc_free(mem_ctx);
403
static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax)
405
struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx, NULL);
407
ndr->flags |= LIBNDR_FLAG_NOALIGN;
409
ndr_push_GUID(ndr, NDR_SCALARS | NDR_BUFFERS, &syntax->uuid);
410
ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version);
412
return ndr_push_blob(ndr);
415
const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
417
switch (epm_floor->lhs.protocol) {
418
case EPM_PROTOCOL_TCP:
419
if (epm_floor->rhs.tcp.port == 0) return NULL;
420
return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.tcp.port);
422
case EPM_PROTOCOL_UDP:
423
if (epm_floor->rhs.udp.port == 0) return NULL;
424
return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.udp.port);
426
case EPM_PROTOCOL_HTTP:
427
if (epm_floor->rhs.http.port == 0) return NULL;
428
return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.http.port);
430
case EPM_PROTOCOL_IP:
431
return talloc_strdup(mem_ctx, epm_floor->rhs.ip.ipaddr);
433
case EPM_PROTOCOL_NCACN:
436
case EPM_PROTOCOL_NCADG:
439
case EPM_PROTOCOL_SMB:
440
if (strlen(epm_floor->rhs.smb.unc) == 0) return NULL;
441
return talloc_strdup(mem_ctx, epm_floor->rhs.smb.unc);
443
case EPM_PROTOCOL_PIPE:
444
if (strlen(epm_floor->rhs.pipe.path) == 0) return NULL;
445
return talloc_strdup(mem_ctx, epm_floor->rhs.pipe.path);
447
case EPM_PROTOCOL_NETBIOS:
448
if (strlen(epm_floor->rhs.netbios.name) == 0) return NULL;
449
return talloc_strdup(mem_ctx, epm_floor->rhs.netbios.name);
451
case EPM_PROTOCOL_NCALRPC:
454
case EPM_PROTOCOL_VINES_SPP:
455
return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.vines_spp.port);
457
case EPM_PROTOCOL_VINES_IPC:
458
return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.vines_ipc.port);
460
case EPM_PROTOCOL_STREETTALK:
461
return talloc_strdup(mem_ctx, epm_floor->rhs.streettalk.streettalk);
463
case EPM_PROTOCOL_UNIX_DS:
464
if (strlen(epm_floor->rhs.unix_ds.path) == 0) return NULL;
465
return talloc_strdup(mem_ctx, epm_floor->rhs.unix_ds.path);
467
case EPM_PROTOCOL_NULL:
471
DEBUG(0,("Unsupported lhs protocol %d\n", epm_floor->lhs.protocol));
478
static NTSTATUS dcerpc_floor_set_rhs_data(TALLOC_CTX *mem_ctx,
479
struct epm_floor *epm_floor,
482
switch (epm_floor->lhs.protocol) {
483
case EPM_PROTOCOL_TCP:
484
epm_floor->rhs.tcp.port = atoi(data);
487
case EPM_PROTOCOL_UDP:
488
epm_floor->rhs.udp.port = atoi(data);
491
case EPM_PROTOCOL_HTTP:
492
epm_floor->rhs.http.port = atoi(data);
495
case EPM_PROTOCOL_IP:
496
epm_floor->rhs.ip.ipaddr = talloc_strdup(mem_ctx, data);
497
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.ip.ipaddr);
500
case EPM_PROTOCOL_NCACN:
501
epm_floor->rhs.ncacn.minor_version = 0;
504
case EPM_PROTOCOL_NCADG:
505
epm_floor->rhs.ncadg.minor_version = 0;
508
case EPM_PROTOCOL_SMB:
509
epm_floor->rhs.smb.unc = talloc_strdup(mem_ctx, data);
510
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.smb.unc);
513
case EPM_PROTOCOL_PIPE:
514
epm_floor->rhs.pipe.path = talloc_strdup(mem_ctx, data);
515
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.pipe.path);
518
case EPM_PROTOCOL_NETBIOS:
519
epm_floor->rhs.netbios.name = talloc_strdup(mem_ctx, data);
520
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.netbios.name);
523
case EPM_PROTOCOL_NCALRPC:
526
case EPM_PROTOCOL_VINES_SPP:
527
epm_floor->rhs.vines_spp.port = atoi(data);
530
case EPM_PROTOCOL_VINES_IPC:
531
epm_floor->rhs.vines_ipc.port = atoi(data);
534
case EPM_PROTOCOL_STREETTALK:
535
epm_floor->rhs.streettalk.streettalk = talloc_strdup(mem_ctx, data);
536
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.streettalk.streettalk);
539
case EPM_PROTOCOL_UNIX_DS:
540
epm_floor->rhs.unix_ds.path = talloc_strdup(mem_ctx, data);
541
NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.unix_ds.path);
544
case EPM_PROTOCOL_NULL:
548
DEBUG(0,("Unsupported lhs protocol %d\n", epm_floor->lhs.protocol));
552
return NT_STATUS_NOT_SUPPORTED;
555
enum dcerpc_transport_t dcerpc_transport_by_endpoint_protocol(int prot)
559
/* Find a transport that has 'prot' as 4th protocol */
560
for (i=0;i<ARRAY_SIZE(transports);i++) {
561
if (transports[i].num_protocols >= 2 &&
562
transports[i].protseq[1] == prot) {
563
return transports[i].transport;
567
/* Unknown transport */
568
return (unsigned int)-1;
571
_PUBLIC_ enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower)
575
/* Find a transport that matches this tower */
576
for (i=0;i<ARRAY_SIZE(transports);i++) {
578
if (transports[i].num_protocols != tower->num_floors - 2) {
582
for (j = 0; j < transports[i].num_protocols; j++) {
583
if (transports[i].protseq[j] != tower->floors[j+2].lhs.protocol) {
588
if (j == transports[i].num_protocols) {
589
return transports[i].transport;
593
/* Unknown transport */
594
return (unsigned int)-1;
597
_PUBLIC_ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t)
601
for (i=0; i<ARRAY_SIZE(transports); i++) {
602
if (t == transports[i].transport) {
603
return transports[i].name;
609
_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
610
struct epm_tower *tower,
611
struct dcerpc_binding **b_out)
614
struct dcerpc_binding *binding;
616
binding = talloc(mem_ctx, struct dcerpc_binding);
617
NT_STATUS_HAVE_NO_MEMORY(binding);
619
ZERO_STRUCT(binding->object);
620
binding->options = NULL;
621
binding->host = NULL;
622
binding->target_hostname = NULL;
624
binding->assoc_group_id = 0;
626
binding->transport = dcerpc_transport_by_tower(tower);
628
if (binding->transport == (unsigned int)-1) {
629
return NT_STATUS_NOT_SUPPORTED;
632
if (tower->num_floors < 1) {
636
/* Set object uuid */
637
status = dcerpc_floor_get_lhs_data(&tower->floors[0], &binding->object);
639
if (!NT_STATUS_IS_OK(status)) {
640
DEBUG(1, ("Error pulling object uuid and version: %s", nt_errstr(status)));
644
/* Ignore floor 1, it contains the NDR version info */
646
binding->options = NULL;
649
if (tower->num_floors >= 4) {
650
binding->endpoint = dcerpc_floor_get_rhs_data(mem_ctx, &tower->floors[3]);
652
binding->endpoint = NULL;
655
/* Set network address */
656
if (tower->num_floors >= 5) {
657
binding->host = dcerpc_floor_get_rhs_data(mem_ctx, &tower->floors[4]);
658
NT_STATUS_HAVE_NO_MEMORY(binding->host);
659
binding->target_hostname = binding->host;
665
_PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx,
666
const struct dcerpc_binding *binding,
667
struct epm_tower *tower)
669
const enum epm_protocol *protseq = NULL;
670
int num_protocols = -1, i;
674
for (i=0;i<ARRAY_SIZE(transports);i++) {
675
if (transports[i].transport == binding->transport) {
676
protseq = transports[i].protseq;
677
num_protocols = transports[i].num_protocols;
682
if (num_protocols == -1) {
683
DEBUG(0, ("Unable to find transport with id '%d'\n", binding->transport));
684
return NT_STATUS_UNSUCCESSFUL;
687
tower->num_floors = 2 + num_protocols;
688
tower->floors = talloc_array(mem_ctx, struct epm_floor, tower->num_floors);
691
tower->floors[0].lhs.protocol = EPM_PROTOCOL_UUID;
693
tower->floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(mem_ctx, &binding->object);
695
tower->floors[0].rhs.uuid.unknown = data_blob_talloc_zero(mem_ctx, 2);
698
tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID;
700
tower->floors[1].lhs.lhs_data = dcerpc_floor_pack_lhs_data(mem_ctx,
701
&ndr_transfer_syntax);
703
tower->floors[1].rhs.uuid.unknown = data_blob_talloc_zero(mem_ctx, 2);
705
/* Floor 2 to num_protocols */
706
for (i = 0; i < num_protocols; i++) {
707
tower->floors[2 + i].lhs.protocol = protseq[i];
708
tower->floors[2 + i].lhs.lhs_data = data_blob_talloc(mem_ctx, NULL, 0);
709
ZERO_STRUCT(tower->floors[2 + i].rhs);
710
dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[2 + i], "");
713
/* The 4th floor contains the endpoint */
714
if (num_protocols >= 2 && binding->endpoint) {
715
status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[3], binding->endpoint);
716
if (NT_STATUS_IS_ERR(status)) {
721
/* The 5th contains the network address */
722
if (num_protocols >= 3 && binding->host) {
723
if (is_ipaddress(binding->host)) {
724
status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[4],
727
/* note that we don't attempt to resolve the
728
name here - when we get a hostname here we
729
are in the client code, and want to put in
730
a wildcard all-zeros IP for the server to
732
status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[4],
735
if (NT_STATUS_IS_ERR(status)) {