summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/config.mk17
-rw-r--r--source4/librpc/tools/ndrdump.1.xml83
-rw-r--r--source4/librpc/tools/ndrdump.c414
3 files changed, 514 insertions, 0 deletions
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 6f85d350e7..ee20cc3321 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -16,6 +16,23 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTALLOC LIBSAMBA-UTIL CHARSET EXT_NSL \
# End SUBSYSTEM LIBNDR
################################################
+#################################
+# Start BINARY ndrdump
+[BINARY::ndrdump]
+INSTALLDIR = BINDIR
+OBJ_FILES = \
+ tools/ndrdump.o
+PRIVATE_DEPENDENCIES = \
+ LIBSAMBA-CONFIG \
+ LIBSAMBA-UTIL \
+ LIBPOPT \
+ POPT_SAMBA \
+ NDR_TABLE
+MANPAGE = tools/ndrdump.1
+# FIXME: ndrdump shouldn't have to depend on RPC...
+# End BINARY ndrdump
+#################################
+
################################################
# Start SUBSYSTEM NDR_COMPRESSION
[LIBRARY::NDR_COMPRESSION]
diff --git a/source4/librpc/tools/ndrdump.1.xml b/source4/librpc/tools/ndrdump.1.xml
new file mode 100644
index 0000000000..9d66102682
--- /dev/null
+++ b/source4/librpc/tools/ndrdump.1.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="ndrdump.1">
+
+<refmeta>
+ <refentrytitle>ndrdump</refentrytitle>
+ <manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+ <refname>ndrdump</refname>
+ <refpurpose>DCE/RPC Packet Parser and Dumper</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>ndrdump</command>
+ <arg choice="opt">-c context</arg>
+ <arg choice="req">pipe</arg>
+ <arg choice="req">function</arg>
+ <arg choice="req">in|out</arg>
+ <arg choice="req">filename</arg>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>ndrdump</command>
+ <arg choice="opt">pipe</arg>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>ndrdump</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>ndrdump tries to parse the specified <replaceable>filename</replaceable>
+ using Samba's parser for the specified pipe and function. The
+ third argument should be
+ either <emphasis>in</emphasis> or <emphasis>out</emphasis>, depending
+ on whether the data should be parsed as a request or a reply.</para>
+
+ <para>Running ndrdump without arguments will list the pipes for which
+ parsers are available.</para>
+
+ <para>Running ndrdump with one argument will list the functions that
+ Samba can parse for the specified pipe.</para>
+
+ <para>The primary function of ndrdump is debugging Samba's internal
+ DCE/RPC parsing functions. The file being parsed is usually
+ one exported by wiresharks <quote>Export selected packet bytes</quote>
+ function.</para>
+
+ <para>The context argument can be used to load context data from the request
+ packet when parsing reply packets (such as array lengths).</para>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>SEE ALSO</title>
+
+ <para>wireshark, pidl</para>
+
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+
+ <para>ndrdump was written by Andrew Tridgell. </para>
+
+ <para>This manpage was written by Jelmer Vernooij. </para>
+
+</refsect1>
+
+</refentry>
diff --git a/source4/librpc/tools/ndrdump.c b/source4/librpc/tools/ndrdump.c
new file mode 100644
index 0000000000..205d094fe7
--- /dev/null
+++ b/source4/librpc/tools/ndrdump.c
@@ -0,0 +1,414 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB torture tester
+ Copyright (C) Andrew Tridgell 2003
+ Copyright (C) Jelmer Vernooij 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/popt_common.h"
+#include "system/filesys.h"
+#include "system/locale.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_table.h"
+
+static const struct dcerpc_interface_call *find_function(
+ const struct dcerpc_interface_table *p,
+ const char *function)
+{
+ int i;
+ if (isdigit(function[0])) {
+ i = strtol(function, NULL, 0);
+ return &p->calls[i];
+ }
+ for (i=0;i<p->num_calls;i++) {
+ if (strcmp(p->calls[i].name, function) == 0) {
+ break;
+ }
+ }
+ if (i == p->num_calls) {
+ printf("Function '%s' not found\n", function);
+ exit(1);
+ }
+ return &p->calls[i];
+}
+
+
+static void show_pipes(void)
+{
+ const struct dcerpc_interface_list *l;
+ printf("\nYou must specify a pipe\n");
+ printf("known pipes are:\n");
+ for (l=librpc_dcerpc_pipes();l;l=l->next) {
+ if(l->table->helpstring) {
+ printf("\t%s - %s\n", l->table->name, l->table->helpstring);
+ } else {
+ printf("\t%s\n", l->table->name);
+ }
+ }
+ exit(1);
+}
+
+static void show_functions(const struct dcerpc_interface_table *p)
+{
+ int i;
+ printf("\nYou must specify a function\n");
+ printf("known functions on '%s' are:\n", p->name);
+ for (i=0;i<p->num_calls;i++) {
+ printf("\t0x%02x (%2d) %s\n", i, i, p->calls[i].name);
+ }
+ exit(1);
+}
+
+static char *stdin_load(TALLOC_CTX *mem_ctx, size_t *size)
+{
+ int num_read, total_len = 0;
+ char buf[255];
+ char *result = NULL;
+
+ while((num_read = read(STDIN_FILENO, buf, 255)) > 0) {
+
+ if (result) {
+ result = (char *) talloc_realloc(
+ mem_ctx, result, char *, total_len + num_read);
+ } else {
+ result = talloc_size(mem_ctx, num_read);
+ }
+
+ memcpy(result + total_len, buf, num_read);
+
+ total_len += num_read;
+ }
+
+ if (size)
+ *size = total_len;
+
+ return result;
+}
+
+const struct dcerpc_interface_table *load_iface_from_plugin(const char *plugin, const char *pipe_name)
+{
+ const struct dcerpc_interface_table *p;
+ void *handle;
+ char *symbol;
+
+ handle = dlopen(plugin, RTLD_NOW);
+ if (handle == NULL) {
+ printf("%s: Unable to open: %s\n", plugin, dlerror());
+ return NULL;
+ }
+
+ symbol = talloc_asprintf(NULL, "dcerpc_table_%s", pipe_name);
+ p = dlsym(handle, symbol);
+
+ if (!p) {
+ printf("%s: Unable to find DCE/RPC interface table for '%s': %s\n", plugin, pipe_name, dlerror());
+ talloc_free(symbol);
+ return NULL;
+ }
+
+ talloc_free(symbol);
+
+ return p;
+}
+
+ int main(int argc, const char *argv[])
+{
+ const struct dcerpc_interface_table *p = NULL;
+ const struct dcerpc_interface_call *f;
+ const char *pipe_name, *function, *inout, *filename;
+ uint8_t *data;
+ size_t size;
+ DATA_BLOB blob;
+ struct ndr_pull *ndr_pull;
+ struct ndr_print *ndr_print;
+ TALLOC_CTX *mem_ctx;
+ int flags;
+ poptContext pc;
+ NTSTATUS status;
+ void *st;
+ void *v_st;
+ const char *ctx_filename = NULL;
+ const char *plugin = NULL;
+ bool validate = false;
+ bool dumpdata = false;
+ int opt;
+ enum {OPT_CONTEXT_FILE=1000, OPT_VALIDATE, OPT_DUMP_DATA, OPT_LOAD_DSO};
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ {"context-file", 'c', POPT_ARG_STRING, NULL, OPT_CONTEXT_FILE, "In-filename to parse first", "CTX-FILE" },
+ {"validate", 0, POPT_ARG_NONE, NULL, OPT_VALIDATE, "try to validate the data", NULL },
+ {"dump-data", 0, POPT_ARG_NONE, NULL, OPT_DUMP_DATA, "dump the hex data", NULL },
+ {"load-dso", 'l', POPT_ARG_STRING, NULL, OPT_LOAD_DSO, "load from shared object file", NULL },
+ POPT_COMMON_SAMBA
+ POPT_COMMON_VERSION
+ { NULL }
+ };
+
+ dcerpc_table_init();
+
+ pc = poptGetContext("ndrdump", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(
+ pc, "<pipe|uuid> <function> <inout> [<filename>]");
+
+ while ((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case OPT_CONTEXT_FILE:
+ ctx_filename = poptGetOptArg(pc);
+ break;
+ case OPT_VALIDATE:
+ validate = true;
+ break;
+ case OPT_DUMP_DATA:
+ dumpdata = true;
+ break;
+ case OPT_LOAD_DSO:
+ plugin = poptGetOptArg(pc);
+ break;
+ }
+ }
+
+ pipe_name = poptGetArg(pc);
+
+ if (!pipe_name) {
+ poptPrintUsage(pc, stderr, 0);
+ show_pipes();
+ exit(1);
+ }
+
+ if (plugin != NULL) {
+ p = load_iface_from_plugin(plugin, pipe_name);
+ }
+
+ if (!p) {
+ p = idl_iface_by_name(pipe_name);
+ }
+
+ if (!p) {
+ struct GUID uuid;
+
+ status = GUID_from_string(pipe_name, &uuid);
+
+ if (NT_STATUS_IS_OK(status)) {
+ p = idl_iface_by_uuid(&uuid);
+ }
+ }
+
+ if (!p) {
+ printf("Unknown pipe or UUID '%s'\n", pipe_name);
+ exit(1);
+ }
+
+ function = poptGetArg(pc);
+ inout = poptGetArg(pc);
+ filename = poptGetArg(pc);
+
+ if (!function || !inout) {
+ poptPrintUsage(pc, stderr, 0);
+ show_functions(p);
+ exit(1);
+ }
+
+ if (strcmp(inout, "in") == 0 ||
+ strcmp(inout, "request") == 0) {
+ flags = NDR_IN;
+ } else if (strcmp(inout, "out") == 0 ||
+ strcmp(inout, "response") == 0) {
+ flags = NDR_OUT;
+ } else {
+ printf("Bad inout value '%s'\n", inout);
+ exit(1);
+ }
+
+ f = find_function(p, function);
+
+ mem_ctx = talloc_init("ndrdump");
+
+ st = talloc_zero_size(mem_ctx, f->struct_size);
+ if (!st) {
+ printf("Unable to allocate %d bytes\n", (int)f->struct_size);
+ exit(1);
+ }
+
+ v_st = talloc_zero_size(mem_ctx, f->struct_size);
+ if (!v_st) {
+ printf("Unable to allocate %d bytes\n", (int)f->struct_size);
+ exit(1);
+ }
+
+ if (ctx_filename) {
+ if (flags == NDR_IN) {
+ printf("Context file can only be used for \"out\" packages\n");
+ exit(1);
+ }
+
+ data = (uint8_t *)file_load(ctx_filename, &size, mem_ctx);
+ if (!data) {
+ perror(ctx_filename);
+ exit(1);
+ }
+
+ blob.data = data;
+ blob.length = size;
+
+ ndr_pull = ndr_pull_init_blob(&blob, mem_ctx);
+ ndr_pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+ status = f->ndr_pull(ndr_pull, NDR_IN, st);
+
+ if (ndr_pull->offset != ndr_pull->data_size) {
+ printf("WARNING! %d unread bytes while parsing context file\n", ndr_pull->data_size - ndr_pull->offset);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("pull for context file returned %s\n", nt_errstr(status));
+ exit(1);
+ }
+ memcpy(v_st, st, f->struct_size);
+ }
+
+ if (filename)
+ data = (uint8_t *)file_load(filename, &size, mem_ctx);
+ else
+ data = (uint8_t *)stdin_load(mem_ctx, &size);
+
+ if (!data) {
+ if (filename)
+ perror(filename);
+ else
+ perror("stdin");
+ exit(1);
+ }
+
+ blob.data = data;
+ blob.length = size;
+
+ ndr_pull = ndr_pull_init_blob(&blob, mem_ctx);
+ ndr_pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+ status = f->ndr_pull(ndr_pull, flags, st);
+
+ printf("pull returned %s\n", nt_errstr(status));
+
+ if (ndr_pull->offset != ndr_pull->data_size) {
+ printf("WARNING! %d unread bytes\n", ndr_pull->data_size - ndr_pull->offset);
+ dump_data(0, ndr_pull->data+ndr_pull->offset, ndr_pull->data_size - ndr_pull->offset);
+ }
+
+ if (dumpdata) {
+ printf("%d bytes consumed\n", ndr_pull->offset);
+ dump_data(0, blob.data, blob.length);
+ }
+
+ ndr_print = talloc_zero(mem_ctx, struct ndr_print);
+ ndr_print->print = ndr_print_debug_helper;
+ ndr_print->depth = 1;
+ f->ndr_print(ndr_print, function, flags, st);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("dump FAILED\n");
+ exit(1);
+ }
+
+ if (validate) {
+ DATA_BLOB v_blob;
+ struct ndr_push *ndr_v_push;
+ struct ndr_pull *ndr_v_pull;
+ struct ndr_print *ndr_v_print;
+ uint32_t i;
+ uint8_t byte_a, byte_b;
+ bool differ;
+
+ ndr_v_push = ndr_push_init_ctx(mem_ctx);
+
+ status = f->ndr_push(ndr_v_push, flags, st);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("validate push FAILED\n");
+ exit(1);
+ }
+
+ v_blob = ndr_push_blob(ndr_v_push);
+
+ if (dumpdata) {
+ printf("%ld bytes generated (validate)\n", (long)v_blob.length);
+ dump_data(0, v_blob.data, v_blob.length);
+ }
+
+ ndr_v_pull = ndr_pull_init_blob(&v_blob, mem_ctx);
+ ndr_v_pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+ status = f->ndr_pull(ndr_v_pull, flags, v_st);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("validate pull FAILED\n");
+ exit(1);
+ }
+
+ printf("pull returned %s\n", nt_errstr(status));
+
+ if (ndr_v_pull->offset != ndr_v_pull->data_size) {
+ printf("WARNING! %d unread bytes in validation\n", ndr_v_pull->data_size - ndr_v_pull->offset);
+ dump_data(0, ndr_v_pull->data+ndr_v_pull->offset, ndr_v_pull->data_size - ndr_v_pull->offset);
+ }
+
+ ndr_v_print = talloc_zero(mem_ctx, struct ndr_print);
+ ndr_v_print->print = ndr_print_debug_helper;
+ ndr_v_print->depth = 1;
+ f->ndr_print(ndr_v_print, function, flags, v_st);
+
+ if (blob.length != v_blob.length) {
+ printf("WARNING! orig bytes:%u validated pushed bytes:%u\n", blob.length, v_blob.length);
+ }
+
+ if (ndr_pull->offset != ndr_v_pull->offset) {
+ printf("WARNING! orig pulled bytes:%u validated pulled bytes:%u\n", ndr_pull->offset, ndr_v_pull->offset);
+ }
+
+ differ = false;
+ byte_a = 0x00;
+ byte_b = 0x00;
+ for (i=0; i < blob.length; i++) {
+ byte_a = blob.data[i];
+
+ if (i == v_blob.length) {
+ byte_b = 0x00;
+ differ = true;
+ break;
+ }
+
+ byte_b = v_blob.data[i];
+
+ if (byte_a != byte_b) {
+ differ = true;
+ break;
+ }
+ }
+ if (differ) {
+ printf("WARNING! orig and validated differ at byte 0x%02X (%u)\n", i, i);
+ printf("WARNING! orig byte[0x%02X] = 0x%02X validated byte[0x%02X] = 0x%02X\n",
+ i, byte_a, i, byte_b);
+ }
+ }
+
+ printf("dump OK\n");
+
+ talloc_free(mem_ctx);
+
+ poptFreeContext(pc);
+
+ return 0;
+}