/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Copyright 2020 Tintri by DDN, Inc. All rights reserved. */ #include #include #include #include #define NDR_DEFAULT_FRAGSZ 8192 #define NDR_MULTI_FRAGSZ (60 * 1024) static void ndr_clnt_init_hdr(ndr_client_t *, ndr_xa_t *); static int ndr_clnt_get_frags(ndr_client_t *, ndr_xa_t *); static int ndr_clnt_get_frag(ndr_client_t *, ndr_xa_t *, ndr_common_header_t *); int ndr_clnt_bind(ndr_client_t *clnt, ndr_service_t *msvc, ndr_binding_t **ret_binding_p) { ndr_binding_t *mbind; ndr_xa_t mxa; ndr_bind_hdr_t *bhdr; ndr_common_header_t *hdr; ndr_p_cont_elem_t *pce; ndr_bind_ack_hdr_t *bahdr; ndr_p_result_t *pre; int rc; bzero(&mxa, sizeof (mxa)); mxa.binding_list = clnt->binding_list; if ((mbind = ndr_svc_new_binding(&mxa)) == NULL) return (NDR_DRC_FAULT_API_BIND_NO_SLOTS); ndr_clnt_init_hdr(clnt, &mxa); bhdr = &mxa.send_hdr.bind_hdr; hdr = &mxa.send_hdr.bind_hdr.common_hdr; hdr->ptype = NDR_PTYPE_BIND; bhdr->max_xmit_frag = NDR_DEFAULT_FRAGSZ; bhdr->max_recv_frag = NDR_DEFAULT_FRAGSZ; bhdr->assoc_group_id = 0; bhdr->p_context_elem.n_context_elem = 1; /* Assign presentation context id */ pce = &bhdr->p_context_elem.p_cont_elem[0]; pce->p_cont_id = clnt->next_p_cont_id++; pce->n_transfer_syn = 1; /* Set up UUIDs and versions from the service */ pce->abstract_syntax.if_version = msvc->abstract_syntax_version; rc = ndr_uuid_parse(msvc->abstract_syntax_uuid, &pce->abstract_syntax.if_uuid); if (rc != 0) return (NDR_DRC_FAULT_API_SERVICE_INVALID); pce->transfer_syntaxes[0].if_version = msvc->transfer_syntax_version; rc = ndr_uuid_parse(msvc->transfer_syntax_uuid, &pce->transfer_syntaxes[0].if_uuid); if (rc != 0) return (NDR_DRC_FAULT_API_SERVICE_INVALID); /* Format and exchange the PDU */ if ((*clnt->xa_init)(clnt, &mxa) < 0) return (NDR_DRC_FAULT_OUT_OF_MEMORY); /* Reserve room for hdr */ mxa.send_nds.pdu_scan_offset = sizeof (*bhdr); /* GSS_Init_sec_context */ rc = ndr_add_sec_context(&clnt->auth_ctx, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = ndr_encode_pdu_auth(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; /* * If we have auth data, then pdu_size has been initialized. * Otherwise, it hasn't. */ if (hdr->auth_length == 0) hdr->frag_length = sizeof (*bhdr); else hdr->frag_length = mxa.send_nds.pdu_size; /* Reset scan_offset to header */ mxa.send_nds.pdu_scan_offset = 0; rc = ndr_encode_pdu_hdr(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; if ((*clnt->xa_exchange)(clnt, &mxa) < 0) { rc = NDR_DRC_FAULT_SEND_FAILED; goto fault_exit; } rc = ndr_decode_pdu_hdr(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = ndr_decode_pdu_auth(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; bahdr = &mxa.recv_hdr.bind_ack_hdr; if (mxa.ptype != NDR_PTYPE_BIND_ACK) { rc = NDR_DRC_FAULT_RECEIVED_MALFORMED; goto fault_exit; } if (bahdr->p_result_list.n_results != 1) { rc = NDR_DRC_FAULT_RECEIVED_MALFORMED; goto fault_exit; } pre = &bahdr->p_result_list.p_results[0]; if (pre->result != NDR_PCDR_ACCEPTANCE) { rc = NDR_DRC_FAULT_RECEIVED_MALFORMED; goto fault_exit; } /* GSS_init_sec_context 2 */ rc = ndr_recv_sec_context(&clnt->auth_ctx, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; /* done with buffers */ (*clnt->xa_destruct)(clnt, &mxa); mbind->p_cont_id = pce->p_cont_id; mbind->which_side = NDR_BIND_SIDE_CLIENT; mbind->clnt = clnt; mbind->service = msvc; mbind->instance_specific = 0; *ret_binding_p = mbind; return (NDR_DRC_OK); fault_exit: (*clnt->xa_destruct)(clnt, &mxa); return (rc); } int ndr_clnt_call(ndr_binding_t *mbind, int opnum, void *params) { ndr_client_t *clnt = mbind->clnt; ndr_xa_t mxa; ndr_request_hdr_t *reqhdr; ndr_common_header_t *rsphdr; unsigned long recv_pdu_scan_offset, recv_pdu_size; int rc; bzero(&mxa, sizeof (mxa)); mxa.ptype = NDR_PTYPE_REQUEST; mxa.opnum = opnum; mxa.binding = mbind; ndr_clnt_init_hdr(clnt, &mxa); reqhdr = &mxa.send_hdr.request_hdr; reqhdr->common_hdr.ptype = NDR_PTYPE_REQUEST; reqhdr->p_cont_id = mbind->p_cont_id; reqhdr->opnum = opnum; rc = (*clnt->xa_init)(clnt, &mxa); if (NDR_DRC_IS_FAULT(rc)) return (rc); /* Reserve room for hdr */ mxa.send_nds.pdu_scan_offset = sizeof (*reqhdr); /* pdu_scan_offset now points to start of stub */ mxa.send_nds.pdu_body_offset = mxa.send_nds.pdu_scan_offset; rc = ndr_encode_call(&mxa, params); if (!NDR_DRC_IS_OK(rc)) goto fault_exit; /* * With the Stub data encoded, calculate the alloc_hint * before we add padding or auth data. */ reqhdr->alloc_hint = mxa.send_nds.pdu_size - sizeof (ndr_request_hdr_t); /* GSS_WrapEx/VerifyMICEx */ rc = ndr_add_auth(&clnt->auth_ctx, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = ndr_encode_pdu_auth(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; /* * Now we have the PDU size, we need to set up the * frag_length. * Also reset pdu_scan_offset to header. */ mxa.send_hdr.common_hdr.frag_length = mxa.send_nds.pdu_size; mxa.send_nds.pdu_scan_offset = 0; rc = ndr_encode_pdu_hdr(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = (*clnt->xa_exchange)(clnt, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = ndr_decode_pdu_hdr(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; if (mxa.ptype != NDR_PTYPE_RESPONSE) { rc = NDR_DRC_FAULT_RECEIVED_MALFORMED; goto fault_exit; } rc = ndr_decode_pdu_auth(&mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rc = ndr_check_auth(&clnt->auth_ctx, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; rsphdr = &mxa.recv_hdr.common_hdr; if (!NDR_IS_LAST_FRAG(rsphdr->pfc_flags)) { /* * This is a multi-fragment response. * Preserve the current body offset while getting * fragments so that we can continue afterward * as if we had received the entire response as * a single PDU. * * GROW_PDU trashes pdu_size; reset it afterwards. */ recv_pdu_size = mxa.recv_nds.pdu_size; (void) NDS_GROW_PDU(&mxa.recv_nds, NDR_MULTI_FRAGSZ, NULL); /* * pdu_scan_offset needs to be the first byte after the first * fragment in pdu_base_addr (minus the sec_trailer). * * pdu_size needs to be all of the (usable) data we've * received thus far. */ recv_pdu_scan_offset = mxa.recv_nds.pdu_body_offset; mxa.recv_nds.pdu_scan_offset = mxa.recv_nds.pdu_body_offset + mxa.recv_nds.pdu_body_size - mxa.recv_auth.auth_pad_len; mxa.recv_nds.pdu_size = recv_pdu_size; rc = ndr_clnt_get_frags(clnt, &mxa); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; mxa.recv_nds.pdu_scan_offset = recv_pdu_scan_offset; } rc = ndr_decode_return(&mxa, params); if (NDR_DRC_IS_FAULT(rc)) goto fault_exit; (*clnt->xa_preserve)(clnt, &mxa); (*clnt->xa_destruct)(clnt, &mxa); return (NDR_DRC_OK); fault_exit: ndr_show_hdr(&mxa.send_hdr.common_hdr); nds_show_state(&mxa.send_nds); if (mxa.send_hdr.common_hdr.auth_length != 0) ndr_show_auth(&mxa.send_auth); ndr_show_hdr(&mxa.recv_hdr.common_hdr); nds_show_state(&mxa.recv_nds); if (mxa.recv_hdr.common_hdr.auth_length != 0) ndr_show_auth(&mxa.recv_auth); (*clnt->xa_destruct)(clnt, &mxa); return (rc); } void ndr_clnt_free_heap(ndr_client_t *clnt) { (*clnt->xa_release)(clnt); } static void ndr_clnt_init_hdr(ndr_client_t *clnt, ndr_xa_t *mxa) { ndr_common_header_t *hdr = &mxa->send_hdr.common_hdr; hdr->rpc_vers = 5; hdr->rpc_vers_minor = 0; hdr->pfc_flags = NDR_PFC_FIRST_FRAG + NDR_PFC_LAST_FRAG; hdr->packed_drep.intg_char_rep = NDR_REPLAB_CHAR_ASCII; #ifndef _BIG_ENDIAN hdr->packed_drep.intg_char_rep |= NDR_REPLAB_INTG_LITTLE_ENDIAN; #endif /* hdr->frag_length */ hdr->auth_length = 0; hdr->call_id = clnt->next_call_id++; } /* * ndr_clnt_get_frags * * A DCE RPC message that is larger than a single fragment is transmitted * as a series of fragments: 5280 bytes for Windows NT and 4280 bytes for * both Windows 2000 and 2003. * * Collect RPC fragments and append them to the receive stream buffer. * Each received fragment has a header, which we need to remove as we * build the full RPC PDU. The scan offset is used to track frag headers. */ static int ndr_clnt_get_frags(ndr_client_t *clnt, ndr_xa_t *mxa) { ndr_stream_t *nds = &mxa->recv_nds; ndr_common_header_t hdr; int frag_size; int last_frag; int rc; do { if (ndr_clnt_get_frag(clnt, mxa, &hdr) < 0) { nds_show_state(nds); return (NDR_DRC_FAULT_RECEIVED_RUNT); } last_frag = NDR_IS_LAST_FRAG(hdr.pfc_flags); frag_size = hdr.frag_length; /* * ndr_clnt_get_frag() doesn't change pdu_scan_offset. */ if (frag_size > (nds->pdu_size - nds->pdu_scan_offset)) { nds_show_state(nds); return (NDR_DRC_FAULT_RECEIVED_MALFORMED); } if (hdr.auth_length != 0 && hdr.auth_length > (hdr.frag_length - nds->pdu_hdr_size - SEC_TRAILER_SIZE)) return (NDR_DRC_FAULT_RECEIVED_MALFORMED); rc = ndr_decode_pdu_auth(mxa); if (NDR_DRC_IS_FAULT(rc)) return (rc); rc = ndr_check_auth(&clnt->auth_ctx, mxa); if (NDR_DRC_IS_FAULT(rc)) return (rc); /* * Headers, Auth Padding, and auth data shouldn't be kept * from fragments. */ ndr_remove_frag_hdr(nds); nds->pdu_scan_offset += nds->pdu_body_size - mxa->recv_auth.auth_pad_len; } while (!last_frag); return (0); } /* * Read the next RPC fragment. The xa_read() calls correspond to SmbReadX * requests. Note that there is no correspondence between SmbReadX buffering * and DCE RPC fragment alignment. */ static int ndr_clnt_get_frag(ndr_client_t *clnt, ndr_xa_t *mxa, ndr_common_header_t *hdr) { ndr_stream_t *nds = &mxa->recv_nds; unsigned long available; int nbytes = 0; available = nds->pdu_size - nds->pdu_scan_offset; while (available < NDR_RSP_HDR_SIZE) { if ((nbytes = (*clnt->xa_read)(clnt, mxa)) <= 0) return (-1); available += nbytes; } ndr_decode_frag_hdr(nds, hdr); ndr_show_hdr(hdr); while (available < hdr->frag_length) { if ((nbytes = (*clnt->xa_read)(clnt, mxa)) <= 0) return (-1); available += nbytes; } return (nbytes); }