summaryrefslogtreecommitdiff
path: root/source3/include/ntdomain.h
blob: 7ac4dcefd17b18bcfdbab2225e91ed92e5347a5a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
/* 
   Unix SMB/CIFS implementation.
   SMB parameters and setup
   Copyright (C) Andrew Tridgell 1992-1997
   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
   Copyright (C) Paul Ashton 1997
   Copyright (C) Jeremy Allison 2000-2004

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */
#define _NT_DOMAIN_H 

/*
 * A bunch of stuff that was put into smb.h
 * in the NTDOM branch - it didn't belong there.
 */

typedef struct _prs_struct {
	bool io; /* parsing in or out of data stream */
	/* 
	 * If the (incoming) data is big-endian. On output we are
	 * always little-endian.
	 */ 
	bool bigendian_data;
	uint8 align; /* data alignment */
	bool is_dynamic; /* Do we own this memory or not ? */
	uint32 data_offset; /* Current working offset into data. */
	uint32 buffer_size; /* Current allocated size of the buffer. */
	uint32 grow_size; /* size requested via prs_grow() calls */
	char *data_p; /* The buffer itself. */
	TALLOC_CTX *mem_ctx; /* When unmarshalling, use this.... */
	const char *sess_key; /* If we have to do encrypt/decrypt on the fly. */
} prs_struct;

/*
 * Defines for io member of prs_struct.
 */

#define MARSHALL 0
#define UNMARSHALL 1

#define MARSHALLING(ps) (!(ps)->io)
#define UNMARSHALLING(ps) ((ps)->io)

#define RPC_BIG_ENDIAN 		1
#define RPC_LITTLE_ENDIAN	0

#define RPC_PARSE_ALIGN 4

typedef struct _output_data {
	/*
	 * Raw RPC output data. This does not include RPC headers or footers.
	 */
	prs_struct rdata;

	/* The amount of data sent from the current rdata struct. */
	uint32 data_sent_length;

	/*
	 * The current PDU being returned. This inclues
	 * headers, data and authentication footer.
	 */
	unsigned char current_pdu[RPC_MAX_PDU_FRAG_LEN];

	/* The amount of data in the current_pdu buffer. */
	uint32 current_pdu_len;

	/* The amount of data sent from the current PDU. */
	uint32 current_pdu_sent;
} output_data;

typedef struct _input_data {
	/*
	 * This is the current incoming pdu. The data here
	 * is collected via multiple writes until a complete
	 * pdu is seen, then the data is copied into the in_data
	 * structure. The maximum size of this is 0x1630 (RPC_MAX_PDU_FRAG_LEN).
	 */
	uint8_t *current_in_pdu;

	/*
	 * The amount of data needed to complete the in_pdu.
	 * If this is zero, then we are at the start of a new
	 * pdu.
	 */
	uint32 pdu_needed_len;

	/*
	 * The amount of data received so far in the in_pdu.
	 * If this is zero, then we are at the start of a new
	 * pdu.
	 */
	uint32 pdu_received_len;

	/*
	 * This is the collection of input data with all
	 * the rpc headers and auth footers removed.
	 * The maximum length of this (1Mb) is strictly enforced.
	 */
	prs_struct data;
} input_data;

/*
 * Handle database - stored per pipe.
 */

struct policy {
	struct policy *next, *prev;

	POLICY_HND pol_hnd;

	void *data_ptr;
};

struct handle_list {
	struct policy *Policy; 	/* List of policies. */
	size_t count;			/* Current number of handles. */
	size_t pipe_ref_count;	/* Number of pipe handles referring to this list. */
};

/* Domain controller authentication protocol info */
struct dcinfo {
	uint32 sequence; /* "timestamp" from client. */
	struct netr_Credential seed_chal;
	struct netr_Credential clnt_chal; /* Client credential */
	struct netr_Credential srv_chal;  /* Server credential */

	unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
	unsigned char  mach_pw[16];   /* md4(machine password) */

	fstring mach_acct;  /* Machine name we've authenticated. */

	fstring remote_machine;  /* Machine name we've authenticated. */
	fstring domain;

	bool challenge_sent;
	bool authenticated;
};

typedef struct pipe_rpc_fns {

	struct pipe_rpc_fns *next, *prev;

	/* RPC function table associated with the current rpc_bind (associated by context) */

	const struct api_struct *cmds;
	int n_cmds;
	uint32 context_id;

} PIPE_RPC_FNS;

/*
 * Different auth types we support.
 * Can't keep in sync with wire values as spnego wraps different auth methods.
 */

enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
			PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };

/* Possible auth levels - keep these in sync with the wire values. */
enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
			PIPE_AUTH_LEVEL_CONNECT = 1,	/* We treat as NONE. */
			PIPE_AUTH_LEVEL_INTEGRITY = 5,	/* Sign. */
			PIPE_AUTH_LEVEL_PRIVACY = 6	/* Seal. */
};

/* auth state for krb5. */
struct kerberos_auth_struct {
	const char *service_principal;
	DATA_BLOB session_key;
};

/* auth state for schannel. */
struct schannel_auth_struct {
	unsigned char sess_key[16];
	uint32 seq_num;
};

/* auth state for all bind types. */

struct pipe_auth_data {
	enum pipe_auth_type auth_type; /* switch for union below. */
	enum pipe_auth_level auth_level;
	union {
		struct schannel_auth_struct *schannel_auth;
		AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
/*		struct kerberos_auth_struct *kerberos_auth; TO BE ADDED... */
	} a_u;
	void (*auth_data_free_func)(struct pipe_auth_data *);
};

/*
 * DCE/RPC-specific samba-internal-specific handling of data on
 * NamedPipes.
 */

typedef struct pipes_struct {
	struct pipes_struct *next, *prev;

	char client_address[INET6_ADDRSTRLEN];

	struct auth_serversupplied_info *server_info;

	struct ndr_syntax_id syntax;

	/* linked list of rpc dispatch tables associated 
	   with the open rpc contexts */

	PIPE_RPC_FNS *contexts;

	RPC_HDR hdr; /* Incoming RPC header. */
	RPC_HDR_REQ hdr_req; /* Incoming request header. */

	struct pipe_auth_data auth;

	struct dcinfo *dc; /* Keeps the creds data from netlogon. */

	/*
	 * Set to true when an RPC bind has been done on this pipe.
	 */

	bool pipe_bound;

	/*
	 * Set to true when we should return fault PDU's for everything.
	 */

	bool fault_state;

	/*
	 * Set to true when we should return fault PDU's for a bad handle.
	 */

	bool bad_handle_fault_state;

	/*
	 * Set to true when the backend does not support a call.
	 */

	bool rng_fault_state;

	/*
	 * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
	 */

	bool endian;

	/*
	 * Struct to deal with multiple pdu inputs.
	 */

	input_data in_data;

	/*
	 * Struct to deal with multiple pdu outputs.
	 */

	output_data out_data;

	/* This context is used for PDU data and is freed between each pdu.
		Don't use for pipe state storage. */
	TALLOC_CTX *mem_ctx;

	/* handle database to use on this pipe. */
	struct handle_list *pipe_handles;

} pipes_struct;

struct api_struct {  
	const char *name;
	uint8 opnum;
	bool (*fn) (pipes_struct *);
};

/*
 * higher order functions for use with msrpc client code
 */

#define PRINT_INFO_FN(fn)\
        void (*fn)(const char*, uint32, uint32, void  *const *const)
#define JOB_INFO_FN(fn)\
        void (*fn)(const char*, const char*, uint32, uint32, void *const *const)

/* end higher order functions */

typedef struct {
	uint32 size;
	prs_struct prs;
	uint32 struct_start;
	uint32 string_at_end;
} RPC_BUFFER;

#endif /* _NT_DOMAIN_H */