From c7c9e61987dbc46fe962647727bfe52e0fdd8de0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Nov 2003 07:28:46 +0000 Subject: more epmapper and mgmt magic protocol 0x1f is interesting - its ncacn_http ! (This used to be commit e3d40e3da6e15407162c1d0a29d2cbe86842228e) --- source4/librpc/idl/epmapper.idl | 12 ++++--- source4/librpc/rpc/dcerpc_tcp.c | 10 ++++++ source4/librpc/rpc/dcerpc_util.c | 34 +++++++++++++++++- source4/torture/rpc/epmapper.c | 77 +++++++++++++++++++++++++++++++--------- source4/torture/rpc/mgmt.c | 2 +- source4/torture/rpc/scanner.c | 36 ++----------------- 6 files changed, 115 insertions(+), 56 deletions(-) diff --git a/source4/librpc/idl/epmapper.idl b/source4/librpc/idl/epmapper.idl index e09d729c81..250129f84d 100644 --- a/source4/librpc/idl/epmapper.idl +++ b/source4/librpc/idl/epmapper.idl @@ -32,10 +32,14 @@ interface epmapper } epm_prot_uuid; typedef enum { - EPM_PROTOCOL_TCP = 0x07, - EPM_PROTOCOL_IP = 0x09, - EPM_PROTOCOL_RPC_C = 0x0b, - EPM_PROTOCOL_UUID = 0x0d + EPM_PROTOCOL_TCP = 0x07, + EPM_PROTOCOL_IP = 0x09, + EPM_PROTOCOL_PIPE = 0x10, + EPM_PROTOCOL_NETBIOS = 0x11, + EPM_PROTOCOL_RPC_C = 0x0b, + EPM_PROTOCOL_UUID = 0x0d, + EPM_PROTOCOL_SMB = 0x0f, + EPM_PROTOCOL_HTTP = 0x1f } epm_protocols; typedef [nodiscriminant] union { diff --git a/source4/librpc/rpc/dcerpc_tcp.c b/source4/librpc/rpc/dcerpc_tcp.c index c50b71c3f0..468cd9465b 100644 --- a/source4/librpc/rpc/dcerpc_tcp.c +++ b/source4/librpc/rpc/dcerpc_tcp.c @@ -48,6 +48,16 @@ static NTSTATUS tcp_raw_recv(struct dcerpc_pipe *p, return NT_STATUS_NET_WRITE_FAULT; } + /* this could be a ncacn_http endpoint - this doesn't work + yet, but it goes close */ + if (strncmp(blob1.data, "ncacn_http/1.0", 14) == 0) { + memmove(blob1.data, blob1.data+14, 2); + ret = read_data(tcp->fd, blob1.data+2, 14); + if (ret != 14) { + return NT_STATUS_NET_WRITE_FAULT; + } + } + /* we might have recieved a partial fragment, in which case we need to pull the rest of it */ frag_length = SVAL(blob1.data, 8); diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index e9499f969b..d439c89e65 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -143,7 +143,7 @@ NTSTATUS dcerpc_epm_map_tcp_port(const char *server, } if (twr_r->towers.num_floors != 5 || - twr_r->towers.floors[3].lhs.protocol != EPM_PROTOCOL_TCP || + twr_r->towers.floors[3].lhs.protocol != twr.towers.floors[3].lhs.protocol || twr_r->towers.floors[3].rhs.rhs_data.length != 2) { dcerpc_pipe_close(p); return NT_STATUS_PORT_UNREACHABLE; @@ -155,3 +155,35 @@ NTSTATUS dcerpc_epm_map_tcp_port(const char *server, return NT_STATUS_OK; } + + +/* + find the pipe name for a local IDL interface +*/ +const char *idl_pipe_name(const char *uuid, uint32 if_version) +{ + int i; + for (i=0;dcerpc_pipes[i];i++) { + if (strcasecmp(dcerpc_pipes[i]->uuid, uuid) == 0 && + dcerpc_pipes[i]->if_version == if_version) { + return dcerpc_pipes[i]->name; + } + } + return "UNKNOWN"; +} + +/* + find the number of calls defined by local IDL +*/ +int idl_num_calls(const char *uuid, uint32 if_version) +{ + int i; + for (i=0;dcerpc_pipes[i];i++) { + if (strcasecmp(dcerpc_pipes[i]->uuid, uuid) == 0 && + dcerpc_pipes[i]->if_version == if_version) { + return dcerpc_pipes[i]->num_calls; + } + } + return -1; +} + diff --git a/source4/torture/rpc/epmapper.c b/source4/torture/rpc/epmapper.c index c5020cad4b..22d8ee4343 100644 --- a/source4/torture/rpc/epmapper.c +++ b/source4/torture/rpc/epmapper.c @@ -34,7 +34,7 @@ static void display_tower(TALLOC_CTX *mem_ctx, struct epm_towers *twr) struct epm_lhs *lhs = &twr->floors[i].lhs; struct epm_rhs *rhs = &twr->floors[i].rhs; switch (lhs->protocol) { - case 0xd: + case EPM_PROTOCOL_UUID: uuid = GUID_string(mem_ctx, &lhs->info.uuid.uuid); if (strcasecmp(uuid, NDR_GUID) == 0) { printf(" NDR"); @@ -42,11 +42,12 @@ static void display_tower(TALLOC_CTX *mem_ctx, struct epm_towers *twr) printf(" uuid %s/0x%02x", uuid, lhs->info.uuid.version); } break; - case 0xb: + + case EPM_PROTOCOL_RPC_C: printf(" RPC-C"); break; - case 0x9: + case EPM_PROTOCOL_IP: printf(" IP:"); if (rhs->rhs_data.length == 4) { struct in_addr in; @@ -55,15 +56,15 @@ static void display_tower(TALLOC_CTX *mem_ctx, struct epm_towers *twr) } break; - case 0x10: + case EPM_PROTOCOL_PIPE: printf(" PIPE:%.*s", rhs->rhs_data.length, rhs->rhs_data.data); break; - case 0x0f: + case EPM_PROTOCOL_SMB: printf(" SMB:%.*s", rhs->rhs_data.length, rhs->rhs_data.data); break; - case 0x11: + case EPM_PROTOCOL_NETBIOS: printf(" NetBIOS:%.*s", rhs->rhs_data.length, rhs->rhs_data.data); break; @@ -71,14 +72,14 @@ static void display_tower(TALLOC_CTX *mem_ctx, struct epm_towers *twr) printf(" UNK(1):%.*s", rhs->rhs_data.length, rhs->rhs_data.data); break; - case 0x1f: - printf(" TCP2:"); + case EPM_PROTOCOL_HTTP: + printf(" HTTP:"); if (rhs->rhs_data.length == 2) { printf("%d", RSVAL(rhs->rhs_data.data, 0)); } break; - case 0x07: + case EPM_PROTOCOL_TCP: /* what is the difference between this and 0x1f? */ printf(" TCP:"); if (rhs->rhs_data.length == 2) { @@ -104,6 +105,7 @@ static BOOL test_Map(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct epm_Map r; GUID uuid; + const char *uuid_str; struct policy_handle handle; int i; @@ -116,18 +118,59 @@ static BOOL test_Map(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.out.entry_handle = &handle; r.in.max_towers = 100; + uuid_str = GUID_string(mem_ctx, &twr->towers.floors[0].lhs.info.uuid.uuid); + + printf("epm_Map results for '%s':\n", + idl_pipe_name(uuid_str, twr->towers.floors[0].lhs.info.uuid.version)); + + twr->towers.floors[2].lhs.protocol = EPM_PROTOCOL_RPC_C; + twr->towers.floors[2].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[2].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 2); + + twr->towers.floors[3].lhs.protocol = EPM_PROTOCOL_TCP; + twr->towers.floors[3].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[3].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 2); + + twr->towers.floors[4].lhs.protocol = EPM_PROTOCOL_IP; + twr->towers.floors[4].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[4].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 4); + status = dcerpc_epm_Map(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status) || r.out.status != 0) { - printf("epm_Map failed - %s/0x%x\n", - nt_errstr(status), r.out.status); - return False; + if (NT_STATUS_IS_OK(status) && r.out.status == 0) { + for (i=0;itowers); + } + } } - printf("epm_Map results:\n"); + twr->towers.floors[3].lhs.protocol = EPM_PROTOCOL_HTTP; + twr->towers.floors[3].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[3].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 2); - for (i=0;itowers); + status = dcerpc_epm_Map(p, mem_ctx, &r); + if (NT_STATUS_IS_OK(status) && r.out.status == 0) { + for (i=0;itowers); + } + } + } + + twr->towers.floors[3].lhs.protocol = EPM_PROTOCOL_SMB; + twr->towers.floors[3].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[3].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 2); + + twr->towers.floors[4].lhs.protocol = EPM_PROTOCOL_NETBIOS; + twr->towers.floors[4].lhs.info.lhs_data = data_blob(NULL, 0); + twr->towers.floors[4].rhs.rhs_data = data_blob_talloc(p->mem_ctx, NULL, 2); + + status = dcerpc_epm_Map(p, mem_ctx, &r); + if (NT_STATUS_IS_OK(status) && r.out.status == 0) { + for (i=0;itowers); + } } } diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c index 0f3cfffa66..75839e3900 100644 --- a/source4/torture/rpc/mgmt.c +++ b/source4/torture/rpc/mgmt.c @@ -96,7 +96,7 @@ static BOOL test_inq_princ_name(struct dcerpc_pipe *p, int i; BOOL ret = False; - for (i=0;i<30;i++) { + for (i=0;i<100;i++) { r.in.authn_proto = i; /* DCERPC_AUTH_TYPE_* */ r.in.princ_name_size = 100; diff --git a/source4/torture/rpc/scanner.c b/source4/torture/rpc/scanner.c index 814b28a01d..9c94515ea3 100644 --- a/source4/torture/rpc/scanner.c +++ b/source4/torture/rpc/scanner.c @@ -22,36 +22,6 @@ #include "includes.h" -/* - find the number of calls defined by local IDL -*/ -static const char *find_idl_name(const char *uuid, uint32 if_version) -{ - int i; - for (i=0;dcerpc_pipes[i];i++) { - if (strcasecmp(dcerpc_pipes[i]->uuid, uuid) == 0 && - dcerpc_pipes[i]->if_version == if_version) { - return dcerpc_pipes[i]->name; - } - } - return "UNKNOWN"; -} - -/* - find the number of calls defined by local IDL -*/ -static int num_idl_calls(const char *uuid, uint32 if_version) -{ - int i; - for (i=0;dcerpc_pipes[i];i++) { - if (strcasecmp(dcerpc_pipes[i]->uuid, uuid) == 0 && - dcerpc_pipes[i]->if_version == if_version) { - return dcerpc_pipes[i]->num_calls; - } - } - return -1; -} - /* work out how many calls there are for an interface */ @@ -82,7 +52,7 @@ static BOOL test_num_calls(const struct dcerpc_interface_table *iface, status = dcerpc_request(p, 10000, mem_ctx, &stub_in, &stub_out); if (NT_STATUS_IS_OK(status) || p->last_fault_code != DCERPC_FAULT_OP_RNG_ERROR) { - printf("unable to determine call count - %s %08x\n", + printf("\tunable to determine call count - %s %08x\n", nt_errstr(status), p->last_fault_code); goto done; } @@ -94,7 +64,7 @@ static BOOL test_num_calls(const struct dcerpc_interface_table *iface, } printf("\t%d calls available\n", i+1); - idl_calls = num_idl_calls(uuid, id->major_version); + idl_calls = idl_num_calls(uuid, id->major_version); if (idl_calls == -1) { printf("\tinterface not known in local IDL\n"); } else if (i+1 != idl_calls) { @@ -145,7 +115,7 @@ static BOOL test_inq_if_ids(struct dcerpc_pipe *p, printf("\n\tuuid %s version 0x%04x:0x%04x '%s'\n", uuid, id->major_version, id->minor_version, - find_idl_name(uuid, id->major_version)); + idl_pipe_name(uuid, id->major_version)); test_num_calls(iface, mem_ctx, id); } -- cgit