xref: /titanic_41/usr/src/lib/libsmbfs/smb/rap.c (revision 5bbb4db2c3f208d12bf0fd11769728f9e5ba66a2) 
1 /*
2  * Copyright (c) 2000, Boris Popov
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *    This product includes software developed by Boris Popov.
16  * 4. Neither the name of the author nor the names of any co-contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $Id: rap.c,v 1.5 2004/12/13 00:25:23 lindak Exp $
33  *
34  * This is very simple implementation of RAP protocol.
35  */
36 
37 #include <sys/param.h>
38 #include <sys/errno.h>
39 #include <sys/stat.h>
40 #include <sys/isa_defs.h>
41 
42 #include <ctype.h>
43 #include <stdio.h>
44 #include <unistd.h>
45 #include <strings.h>
46 #include <stdlib.h>
47 #include <libintl.h>
48 #include <sysexits.h>
49 
50 #include <netsmb/mchain.h>
51 #include <netsmb/smb_lib.h>
52 #include <netsmb/smb_rap.h>
53 #include "private.h"
54 
55 static int
56 smb_rap_parserqparam(const char *s, char **next, int *rlen)
57 {
58 	char *np;
59 	int len;
60 
61 	switch (*s++) {
62 	case 'L':
63 	case 'T':
64 	case 'W':
65 		len = 2;
66 		break;
67 	case 'D':
68 	case 'O':
69 		len = 4;
70 		break;
71 	case 'b':
72 	case 'F':
73 		len = 1;
74 		break;
75 	case 'r':
76 	case 's':
77 		len = 0;
78 		break;
79 	default:
80 		return (EINVAL);
81 	}
82 	if (isdigit(*s)) {
83 		len *= strtoul(s, &np, 10);
84 		s = np;
85 	}
86 	*rlen = len;
87 	*(const char **)next = s;
88 	return (0);
89 }
90 
91 static int
92 smb_rap_parserpparam(const char *s, char **next, int *rlen)
93 {
94 	char *np;
95 	int len = 0;
96 
97 	switch (*s++) {
98 	case 'e':
99 	case 'h':
100 		len = 2;
101 		break;
102 	case 'i':
103 		len = 4;
104 		break;
105 	case 'g':
106 		len = 1;
107 		break;
108 	default:
109 		return (EINVAL);
110 	}
111 	if (isdigit(*s)) {
112 		len *= strtoul(s, &np, 10);
113 		s = np;
114 	}
115 	*rlen = len;
116 	*(const char **)next = s;
117 	return (0);
118 }
119 
120 static int
121 smb_rap_parserpdata(const char *s, char **next, int *rlen)
122 {
123 	char *np;
124 	int len;
125 
126 	switch (*s++) {
127 	case 'B':
128 		len = 1;
129 		break;
130 	case 'W':
131 		len = 2;
132 		break;
133 	case 'D':
134 	case 'O':
135 	case 'z':
136 		len = 4;
137 		break;
138 	default:
139 		return (EINVAL);
140 	}
141 	if (isdigit(*s)) {
142 		len *= strtoul(s, &np, 10);
143 		s = np;
144 	}
145 	*rlen = len;
146 	*(const char **)next = s;
147 	return (0);
148 }
149 
150 static int
151 smb_rap_rqparam_z(struct smb_rap *rap, const char *value)
152 {
153 	int len = strlen(value) + 1;
154 
155 	bcopy(value, rap->r_npbuf, len);
156 	rap->r_npbuf += len;
157 	rap->r_plen += len;
158 	return (0);
159 }
160 
161 /*
162  * Marshal RAP request parameters.
163  * Note: value is in host order.
164  */
165 static int
166 smb_rap_rqparam(struct smb_rap *rap, char ptype, char plen, int value)
167 {
168 	int len = 0;
169 	uint_t uv = (uint_t)value;
170 	uint32_t *lp;
171 	uint16_t *sp;
172 	char *p;
173 
174 	switch (ptype) {
175 	case 'L':
176 	case 'W':
177 		/* LINTED */
178 		sp = (uint16_t *)rap->r_npbuf;
179 		*sp = htoles(uv);
180 		len = sizeof (*sp);
181 		break;
182 	case 'D':
183 		/* LINTED */
184 		lp = (uint32_t *)rap->r_npbuf;
185 		*lp = htolel(uv);
186 		len = sizeof (*lp);
187 		break;
188 	case 'b':
189 		p = rap->r_npbuf;
190 		memset(p, uv, plen);
191 		len = plen;
192 	default:
193 		return (EINVAL);
194 	}
195 	rap->r_npbuf += len;
196 	rap->r_plen += len;
197 	return (0);
198 }
199 
200 int
201 smb_rap_create(int fn, const char *param, const char *data,
202 	struct smb_rap **rapp)
203 {
204 	struct smb_rap *rap;
205 	char *p;
206 	int plen = 0, len = 0;
207 
208 	rap = malloc(sizeof (*rap));
209 	if (rap == NULL)
210 		return (ENOMEM);
211 	bzero(rap, sizeof (*rap));
212 	p = rap->r_sparam = rap->r_nparam = strdup(param);
213 	rap->r_sdata = rap->r_ndata = strdup(data);
214 
215 	/*
216 	 * Calculate length of request parameter block
217 	 */
218 	len = 2 + strlen(param) + 1 + strlen(data) + 1;
219 	while (*p) {
220 		if (smb_rap_parserqparam(p, &p, &plen) != 0)
221 			break;
222 		len += plen;
223 	}
224 	rap->r_pbuf = rap->r_npbuf = malloc(len);
225 	smb_rap_rqparam(rap, 'W', 1, fn);
226 	smb_rap_rqparam_z(rap, rap->r_sparam);
227 	smb_rap_rqparam_z(rap, rap->r_sdata);
228 	*rapp = rap;
229 	return (0);
230 }
231 
232 void
233 smb_rap_done(struct smb_rap *rap)
234 {
235 	if (rap->r_sparam)
236 		free(rap->r_sparam);
237 	if (rap->r_sdata)
238 		free(rap->r_sdata);
239 	if (rap->r_pbuf)
240 		free(rap->r_pbuf);
241 #ifdef NOTYETDEFINED
242 	if (rap->r_npbuf)
243 		free(rap->r_npbuf);
244 	if (rap->r_dbuf)
245 		free(rap->r_dbuf);
246 	if (rap->r_rcvbuf)
247 		free(rap->r_rcvbuf);
248 #endif
249 	free(rap);
250 }
251 
252 int
253 smb_rap_setNparam(struct smb_rap *rap, int value)
254 {
255 	char *p = rap->r_nparam;
256 	char ptype = *p;
257 	int error, plen;
258 
259 	error = smb_rap_parserqparam(p, &p, &plen);
260 	if (error)
261 		return (error);
262 	switch (ptype) {
263 	case 'L':
264 		rap->r_rcvbuflen = value;
265 		/* FALLTHROUGH */
266 	case 'W':
267 	case 'D':
268 	case 'b':
269 		error = smb_rap_rqparam(rap, ptype, plen, value);
270 		break;
271 	default:
272 		return (EINVAL);
273 	}
274 	rap->r_nparam = p;
275 	return (0);
276 }
277 
278 int
279 smb_rap_setPparam(struct smb_rap *rap, void *value)
280 {
281 	char *p = rap->r_nparam;
282 	char ptype = *p;
283 	int error, plen;
284 
285 	error = smb_rap_parserqparam(p, &p, &plen);
286 	if (error)
287 		return (error);
288 	switch (ptype) {
289 	case 'r':
290 		rap->r_rcvbuf = value;
291 		break;
292 	default:
293 		return (EINVAL);
294 	}
295 	rap->r_nparam = p;
296 	return (0);
297 }
298 
299 int
300 smb_rap_getNparam(struct smb_rap *rap, long *value)
301 {
302 	char *p = rap->r_nparam;
303 	char ptype = *p;
304 	int error, plen;
305 	uint16_t	*te;
306 
307 	error = smb_rap_parserpparam(p, &p, &plen);
308 	if (error)
309 		return (error);
310 	switch (ptype) {
311 	case 'h':
312 		/* LINTED */
313 		te = (uint16_t *)rap->r_npbuf;
314 		*value = letohs(*te);
315 		break;
316 	default:
317 		return (EINVAL);
318 	}
319 	rap->r_npbuf += plen;
320 	rap->r_nparam = p;
321 	return (0);
322 }
323 
324 int
325 smb_rap_request(struct smb_rap *rap, struct smb_ctx *ctx)
326 {
327 	uint16_t *rp, conv, *tmp;
328 	uint32_t *p32;
329 	char *dp, *p = rap->r_nparam;
330 	char ptype;
331 	int error, rdatacnt, rparamcnt, entries, done, dlen, buffer_oflow;
332 
333 	rdatacnt = rap->r_rcvbuflen;
334 	rparamcnt = rap->r_plen;
335 	error = smb_t2_request(ctx, 0, NULL, "\\PIPE\\LANMAN",
336 	    rap->r_plen, rap->r_pbuf,		/* int tparamcnt,void *tparam */
337 	    0, NULL,				/* int tdatacnt, void *tdata */
338 	    &rparamcnt, rap->r_pbuf,		/* rparamcnt, void *rparam */
339 	    &rdatacnt, rap->r_rcvbuf,		/* int *rdatacnt, void *rdata */
340 	    &buffer_oflow);
341 	if (error)
342 		return (error);
343 
344 	/* LINTED */
345 	rp = (uint16_t *)rap->r_pbuf;
346 
347 	/*
348 	 * Note: First is a "LanMan API" error code.
349 	 * See: usr/src/uts/common/smbsrv/lmerr.h
350 	 */
351 	if (rparamcnt < 2)
352 		return (EBADRPC);
353 	rap->r_result = letohs(*rp);
354 	rp++; rparamcnt -= 2;
355 
356 	if (rap->r_result != 0) {
357 		/*
358 		 * Could also return zero and let the caller
359 		 * come get r_result via smb_rap_error(),
360 		 * but in case they dont...
361 		 */
362 		return (rap->r_result | SMB_RAP_ERROR);
363 	}
364 
365 	if (rparamcnt < 2)
366 		return (EBADRPC);
367 	conv = letohs(*rp);
368 	rp++; rparamcnt -= 2;
369 
370 	rap->r_npbuf = (char *)rp;
371 	rap->r_entries = entries = 0;
372 	/* Save the returned data length */
373 	rap->r_rcvbuflen = rdatacnt;
374 	done = 0;
375 
376 	while (!done && *p) {
377 		ptype = *p;
378 		switch (ptype) {
379 		case 'e':
380 			if (rparamcnt < 2)
381 				return (EBADRPC);
382 			/* LINTED */
383 			tmp = (uint16_t *)rap->r_npbuf;
384 			rap->r_entries = entries = letohs(*tmp);
385 			rap->r_npbuf += 2;
386 			rparamcnt -= 2;
387 			p++;
388 			break;
389 		default:
390 			done = 1;
391 		}
392 #if 0	/* commented out in Darwin. Why? */
393 		error = smb_rap_parserpparam(p, &p, &plen);
394 		if (error) {
395 			smb_error(dgettext(TEXT_DOMAIN,
396 			    "reply parameter mismatch %s"), 0, p);
397 			return (EBADRPC);
398 		}
399 #endif
400 	}
401 	rap->r_nparam = p;
402 	/*
403 	 * In general, unpacking entries we may need to relocate
404 	 * entries for proper aligning. For now use them as is.
405 	 */
406 	dp = rap->r_rcvbuf;
407 	while (entries--) {
408 		p = rap->r_sdata;
409 		while (*p) {
410 			ptype = *p;
411 			error = smb_rap_parserpdata(p, &p, &dlen);
412 			if (error) {
413 				smb_error(dgettext(TEXT_DOMAIN,
414 				    "reply data mismatch %s"), 0, p);
415 				return (EBADRPC);
416 			}
417 			if (rdatacnt < dlen)
418 				return (EBADRPC);
419 			switch (ptype) {
420 			case 'z':
421 				/* LINTED */
422 				p32 = (uint32_t *)dp;
423 				*p32 = (letohl(*p32) & 0xffff) - conv;
424 				break;
425 			}
426 			dp += dlen;
427 			rdatacnt -= dlen;
428 		}
429 	}
430 	return (error);
431 }
432 
433 int
434 smb_rap_error(struct smb_rap *rap, int error)
435 {
436 	if (error)
437 		return (error);
438 	if (rap->r_result == 0)
439 		return (0);
440 	return (rap->r_result | SMB_RAP_ERROR);
441 }
442