xref: /titanic_41/usr/src/lib/libsmbfs/smb/rap.c (revision 7c2fbfb345896881c631598ee3852ce9ce33fb07) 
1 /*
2  * Copyright (c) 2000, Boris Popov
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *    This product includes software developed by Boris Popov.
16  * 4. Neither the name of the author nor the names of any co-contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $Id: rap.c,v 1.5 2004/12/13 00:25:23 lindak Exp $
33  *
34  * This is very simple implementation of RAP protocol.
35  */
36 
37 #include <sys/param.h>
38 #include <sys/errno.h>
39 #include <sys/stat.h>
40 #include <sys/isa_defs.h>
41 
42 #include <ctype.h>
43 #include <stdio.h>
44 #include <unistd.h>
45 #include <strings.h>
46 #include <stdlib.h>
47 #include <libintl.h>
48 #include <sysexits.h>
49 
50 #include <netsmb/mchain.h>
51 #include <netsmb/smb_lib.h>
52 #include <netsmb/smb_rap.h>
53 #include "private.h"
54 
55 static int
56 smb_rap_parserqparam(const char *s, char **next, int *rlen)
57 {
58 	char *np;
59 	int len;
60 
61 	switch (*s++) {
62 	case 'L':
63 	case 'T':
64 	case 'W':
65 		len = 2;
66 		break;
67 	case 'D':
68 	case 'O':
69 		len = 4;
70 		break;
71 	case 'b':
72 	case 'F':
73 		len = 1;
74 		break;
75 	case 'r':
76 	case 's':
77 		len = 0;
78 		break;
79 	default:
80 		return (EINVAL);
81 	}
82 	if (isdigit(*s)) {
83 		len *= strtoul(s, &np, 10);
84 		s = np;
85 	}
86 	*rlen = len;
87 	*(const char **)next = s;
88 	return (0);
89 }
90 
91 static int
92 smb_rap_parserpparam(const char *s, char **next, int *rlen)
93 {
94 	char *np;
95 	int len = 0;
96 
97 	switch (*s++) {
98 	case 'e':
99 	case 'h':
100 		len = 2;
101 		break;
102 	case 'i':
103 		len = 4;
104 		break;
105 	case 'g':
106 		len = 1;
107 		break;
108 	default:
109 		return (EINVAL);
110 	}
111 	if (isdigit(*s)) {
112 		len *= strtoul(s, &np, 10);
113 		s = np;
114 	}
115 	*rlen = len;
116 	*(const char **)next = s;
117 	return (0);
118 }
119 
120 static int
121 smb_rap_parserpdata(const char *s, char **next, int *rlen)
122 {
123 	char *np;
124 	int len;
125 
126 	switch (*s++) {
127 	case 'B':
128 		len = 1;
129 		break;
130 	case 'W':
131 		len = 2;
132 		break;
133 	case 'D':
134 	case 'O':
135 	case 'z':
136 		len = 4;
137 		break;
138 	default:
139 		return (EINVAL);
140 	}
141 	if (isdigit(*s)) {
142 		len *= strtoul(s, &np, 10);
143 		s = np;
144 	}
145 	*rlen = len;
146 	*(const char **)next = s;
147 	return (0);
148 }
149 
150 static int
151 smb_rap_rqparam_z(struct smb_rap *rap, const char *value)
152 {
153 	int len = strlen(value) + 1;
154 
155 	bcopy(value, rap->r_npbuf, len);
156 	rap->r_npbuf += len;
157 	rap->r_plen += len;
158 	return (0);
159 }
160 
161 /*
162  * Marshal RAP request parameters.
163  * Note: value is in host order.
164  */
165 static int
166 smb_rap_rqparam(struct smb_rap *rap, char ptype, char plen, int value)
167 {
168 	int len = 0;
169 	uint_t uv = (uint_t)value;
170 	uint32_t *lp;
171 	uint16_t *sp;
172 	char *p;
173 
174 	switch (ptype) {
175 	case 'L':
176 	case 'W':
177 		/* LINTED */
178 		sp = (uint16_t *)rap->r_npbuf;
179 		*sp = htoles(uv);
180 		len = sizeof (*sp);
181 		break;
182 	case 'D':
183 		/* LINTED */
184 		lp = (uint32_t *)rap->r_npbuf;
185 		*lp = htolel(uv);
186 		len = sizeof (*lp);
187 		break;
188 	case 'b':
189 		p = rap->r_npbuf;
190 		memset(p, uv, plen);
191 		len = plen;
192 	default:
193 		return (EINVAL);
194 	}
195 	rap->r_npbuf += len;
196 	rap->r_plen += len;
197 	return (0);
198 }
199 
200 int
201 smb_rap_create(int fn, const char *param, const char *data,
202 	struct smb_rap **rapp)
203 {
204 	struct smb_rap *rap;
205 	char *p;
206 	int plen = 0, len = 0;
207 	int i;
208 
209 	rap = malloc(sizeof (*rap));
210 	if (rap == NULL)
211 		return (ENOMEM);
212 	bzero(rap, sizeof (*rap));
213 	p = rap->r_sparam = rap->r_nparam = strdup(param);
214 	rap->r_sdata = rap->r_ndata = strdup(data);
215 
216 	/*
217 	 * Calculate length of request parameter block
218 	 */
219 	len = 2 + strlen(param) + 1 + strlen(data) + 1;
220 	while (*p) {
221 		if (smb_rap_parserqparam(p, &p, &plen) != 0)
222 			break;
223 		len += plen;
224 	}
225 	rap->r_pbuf = rap->r_npbuf = malloc(len);
226 	smb_rap_rqparam(rap, 'W', 1, fn);
227 	smb_rap_rqparam_z(rap, rap->r_sparam);
228 	smb_rap_rqparam_z(rap, rap->r_sdata);
229 	*rapp = rap;
230 	return (0);
231 }
232 
233 void
234 smb_rap_done(struct smb_rap *rap)
235 {
236 	if (rap->r_sparam)
237 		free(rap->r_sparam);
238 	if (rap->r_sdata)
239 		free(rap->r_sdata);
240 	if (rap->r_pbuf)
241 		free(rap->r_pbuf);
242 #ifdef NOTYETDEFINED
243 	if (rap->r_npbuf)
244 		free(rap->r_npbuf);
245 	if (rap->r_dbuf)
246 		free(rap->r_dbuf);
247 	if (rap->r_rcvbuf)
248 		free(rap->r_rcvbuf);
249 #endif
250 	free(rap);
251 }
252 
253 int
254 smb_rap_setNparam(struct smb_rap *rap, int value)
255 {
256 	char *p = rap->r_nparam;
257 	char ptype = *p;
258 	int error, plen;
259 
260 	error = smb_rap_parserqparam(p, &p, &plen);
261 	if (error)
262 		return (error);
263 	switch (ptype) {
264 	case 'L':
265 		rap->r_rcvbuflen = value;
266 		/* FALLTHROUGH */
267 	case 'W':
268 	case 'D':
269 	case 'b':
270 		error = smb_rap_rqparam(rap, ptype, plen, value);
271 		break;
272 	default:
273 		return (EINVAL);
274 	}
275 	rap->r_nparam = p;
276 	return (0);
277 }
278 
279 int
280 smb_rap_setPparam(struct smb_rap *rap, void *value)
281 {
282 	char *p = rap->r_nparam;
283 	char ptype = *p;
284 	int error, plen;
285 
286 	error = smb_rap_parserqparam(p, &p, &plen);
287 	if (error)
288 		return (error);
289 	switch (ptype) {
290 	case 'r':
291 		rap->r_rcvbuf = value;
292 		break;
293 	default:
294 		return (EINVAL);
295 	}
296 	rap->r_nparam = p;
297 	return (0);
298 }
299 
300 int
301 smb_rap_getNparam(struct smb_rap *rap, long *value)
302 {
303 	char *p = rap->r_nparam;
304 	char ptype = *p;
305 	int error, plen;
306 	uint16_t	*te;
307 
308 	error = smb_rap_parserpparam(p, &p, &plen);
309 	if (error)
310 		return (error);
311 	switch (ptype) {
312 	case 'h':
313 		/* LINTED */
314 		te = (uint16_t *)rap->r_npbuf;
315 		*value = letohs(*te);
316 		break;
317 	default:
318 		return (EINVAL);
319 	}
320 	rap->r_npbuf += plen;
321 	rap->r_nparam = p;
322 	return (0);
323 }
324 
325 int
326 smb_rap_request(struct smb_rap *rap, struct smb_ctx *ctx)
327 {
328 	uint16_t *rp, conv, *tmp;
329 	uint32_t *p32, ps1;
330 	char *dp, *p = rap->r_nparam;
331 	char ptype;
332 	int error, rdatacnt, rparamcnt, entries, done, dlen, buffer_oflow, i;
333 
334 	rdatacnt = rap->r_rcvbuflen;
335 	rparamcnt = rap->r_plen;
336 	error = smb_t2_request(ctx, 0, NULL, "\\PIPE\\LANMAN",
337 	    rap->r_plen, rap->r_pbuf,		/* int tparamcnt,void *tparam */
338 	    0, NULL,				/* int tdatacnt, void *tdata */
339 	    &rparamcnt, rap->r_pbuf,		/* rparamcnt, void *rparam */
340 	    &rdatacnt, rap->r_rcvbuf,		/* int *rdatacnt, void *rdata */
341 	    &buffer_oflow);
342 	if (error)
343 		return (error);
344 
345 	/* LINTED */
346 	rp = (uint16_t *)rap->r_pbuf;
347 
348 	/*
349 	 * Note: First is a "LanMan API" error code.
350 	 * See: usr/src/uts/common/smbsrv/lmerr.h
351 	 */
352 	if (rparamcnt < 2)
353 		return (EBADRPC);
354 	rap->r_result = letohs(*rp);
355 	rp++; rparamcnt -= 2;
356 
357 	if (rap->r_result != 0) {
358 		/*
359 		 * Could also return zero and let the caller
360 		 * come get r_result via smb_rap_error(),
361 		 * but in case they dont...
362 		 */
363 		return (rap->r_result | SMB_RAP_ERROR);
364 	}
365 
366 	if (rparamcnt < 2)
367 		return (EBADRPC);
368 	conv = letohs(*rp);
369 	rp++; rparamcnt -= 2;
370 
371 	rap->r_npbuf = (char *)rp;
372 	rap->r_entries = entries = 0;
373 	/* Save the returned data length */
374 	rap->r_rcvbuflen = rdatacnt;
375 	done = 0;
376 
377 	while (!done && *p) {
378 		ptype = *p;
379 		switch (ptype) {
380 		case 'e':
381 			if (rparamcnt < 2)
382 				return (EBADRPC);
383 			/* LINTED */
384 			tmp = (uint16_t *)rap->r_npbuf;
385 			rap->r_entries = entries = letohs(*tmp);
386 			rap->r_npbuf += 2;
387 			rparamcnt -= 2;
388 			p++;
389 			break;
390 		default:
391 			done = 1;
392 		}
393 #if 0	/* commented out in Darwin. Why? */
394 		error = smb_rap_parserpparam(p, &p, &plen);
395 		if (error) {
396 			smb_error(dgettext(TEXT_DOMAIN,
397 			    "reply parameter mismatch %s"), 0, p);
398 			return (EBADRPC);
399 		}
400 #endif
401 	}
402 	rap->r_nparam = p;
403 	/*
404 	 * In general, unpacking entries we may need to relocate
405 	 * entries for proper aligning. For now use them as is.
406 	 */
407 	dp = rap->r_rcvbuf;
408 	while (entries--) {
409 		p = rap->r_sdata;
410 		while (*p) {
411 			ptype = *p;
412 			error = smb_rap_parserpdata(p, &p, &dlen);
413 			if (error) {
414 				smb_error(dgettext(TEXT_DOMAIN,
415 				    "reply data mismatch %s"), 0, p);
416 				return (EBADRPC);
417 			}
418 			if (rdatacnt < dlen)
419 				return (EBADRPC);
420 			switch (ptype) {
421 			case 'z':
422 				/* LINTED */
423 				p32 = (uint32_t *)dp;
424 				*p32 = (letohl(*p32) & 0xffff) - conv;
425 				break;
426 			}
427 			dp += dlen;
428 			rdatacnt -= dlen;
429 		}
430 	}
431 	return (error);
432 }
433 
434 int
435 smb_rap_error(struct smb_rap *rap, int error)
436 {
437 	if (error)
438 		return (error);
439 	if (rap->r_result == 0)
440 		return (0);
441 	return (rap->r_result | SMB_RAP_ERROR);
442 }
443