1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * MLRPC server-side NDR stream (PDU) operations. Stream operations 30 * should return TRUE (non-zero) on success or FALSE (zero or a null 31 * pointer) on failure. When an operation returns FALSE, including 32 * mlndo_malloc() returning NULL, it should set the mlnds->error to 33 * indicate what went wrong. 34 * 35 * When available, the relevant ndr_reference is passed to the 36 * operation but keep in mind that it may be a null pointer. 37 * 38 * Functions mlndo_get_pdu(), mlndo_put_pdu(), and mlndo_pad_pdu() 39 * must never grow the PDU data. A request for out-of-bounds data is 40 * an error. The swap_bytes flag is 1 if NDR knows that the byte- 41 * order in the PDU is different from the local system. 42 */ 43 44 #include <sys/types.h> 45 #include <stdarg.h> 46 #include <ctype.h> 47 #include <stdio.h> 48 #include <stdlib.h> 49 #include <strings.h> 50 #include <string.h> 51 #include <assert.h> 52 53 #include <smbsrv/libsmb.h> 54 #include <smbsrv/mlrpc.h> 55 #include <smbsrv/ndr.h> 56 #include <smbsrv/ntstatus.h> 57 58 #define NDOBUFSZ 128 59 60 #define NDR_PDU_BLOCK_SIZE (4*1024) 61 #define NDR_PDU_BLOCK_MASK (NDR_PDU_BLOCK_SIZE - 1) 62 #define NDR_PDU_ALIGN(N) \ 63 (((N) + NDR_PDU_BLOCK_SIZE) & ~NDR_PDU_BLOCK_MASK) 64 #define NDR_PDU_MAX_SIZE (64*1024*1024) 65 66 static char *mlndo_malloc(struct mlndr_stream *, unsigned, 67 struct ndr_reference *); 68 static int mlndo_free(struct mlndr_stream *, char *, struct ndr_reference *); 69 static int mlndo_grow_pdu(struct mlndr_stream *, unsigned long, 70 struct ndr_reference *); 71 static int mlndo_pad_pdu(struct mlndr_stream *, unsigned long, unsigned long, 72 struct ndr_reference *); 73 static int mlndo_get_pdu(struct mlndr_stream *, unsigned long, unsigned long, 74 char *, int, struct ndr_reference *); 75 static int mlndo_put_pdu(struct mlndr_stream *, unsigned long, unsigned long, 76 char *, int, struct ndr_reference *); 77 static void mlndo_tattle(struct mlndr_stream *, char *, struct ndr_reference *); 78 static void mlndo_tattle_error(struct mlndr_stream *, struct ndr_reference *); 79 static int mlndo_reset(struct mlndr_stream *); 80 static void mlndo_destruct(struct mlndr_stream *); 81 static void mlndo_hexfmt(uint8_t *, int, int, char *, int); 82 83 /* 84 * The mlndr stream operations table. 85 */ 86 static struct mlndr_stream_ops mlnds_ops = { 87 mlndo_malloc, 88 mlndo_free, 89 mlndo_grow_pdu, 90 mlndo_pad_pdu, 91 mlndo_get_pdu, 92 mlndo_put_pdu, 93 mlndo_tattle, 94 mlndo_tattle_error, 95 mlndo_reset, 96 mlndo_destruct 97 }; 98 99 /* 100 * mlnds_bswap 101 * 102 * Copies len bytes from src to dst such that dst contains the bytes 103 * from src in reverse order. 104 * 105 * We expect to be dealing with bytes, words, dwords etc. So the 106 * length must be non-zero and a power of 2. 107 */ 108 void 109 mlnds_bswap(void *srcbuf, void *dstbuf, size_t len) 110 { 111 uint8_t *src = (uint8_t *)srcbuf; 112 uint8_t *dst = (uint8_t *)dstbuf; 113 114 if ((len != 0) && ((len & (len - 1)) == 0)) { 115 src += len; 116 117 while (len--) 118 *dst++ = *(--src); 119 } 120 } 121 122 /* 123 * mlnds_initialize 124 * 125 * Initialize a stream. Sets up the PDU parameters and assigns the stream 126 * operations and the reference to the heap. An external heap is provided 127 * to the stream, rather than each stream creating its own heap. 128 */ 129 void 130 mlnds_initialize(struct mlndr_stream *mlnds, unsigned pdu_size_hint, 131 int composite_op, mlrpc_heap_t *heap) 132 { 133 unsigned size; 134 135 assert(mlnds); 136 assert(heap); 137 138 bzero(mlnds, sizeof (*mlnds)); 139 140 if (pdu_size_hint > NDR_PDU_MAX_SIZE) 141 return; 142 143 size = (pdu_size_hint == 0) ? NDR_PDU_BLOCK_SIZE : pdu_size_hint; 144 mlnds->pdu_base_addr = malloc(size); 145 assert(mlnds->pdu_base_addr); 146 147 mlnds->pdu_max_size = size; 148 mlnds->pdu_size = 0; 149 mlnds->pdu_base_offset = (unsigned long)mlnds->pdu_base_addr; 150 151 mlnds->mlndo = &mlnds_ops; 152 mlnds->heap = (struct mlrpc_heap *)heap; 153 154 mlnds->m_op = composite_op & 0x0F; 155 mlnds->dir = composite_op & 0xF0; 156 157 mlnds->outer_queue_tailp = &mlnds->outer_queue_head; 158 } 159 160 void 161 mlnds_finalize(struct mlndr_stream *mlnds, ndr_fraglist_t *frags) 162 { 163 iovec_t *iov; 164 ndr_frag_t *frag; 165 uint32_t size = 0; 166 167 bzero(frags, sizeof (ndr_fraglist_t)); 168 169 for (frag = mlnds->frags.head; frag; frag = frag->next) 170 size += frag->len; 171 172 if (size == 0 || size >= NDR_PDU_MAX_SIZE) 173 return; 174 175 frags->iov = malloc(mlnds->frags.nfrag * sizeof (iovec_t)); 176 if (frags->iov == NULL) 177 return; 178 179 frags->head = mlnds->frags.head; 180 frags->tail = mlnds->frags.tail; 181 frags->nfrag = mlnds->frags.nfrag; 182 bzero(&mlnds->frags, sizeof (ndr_fraglist_t)); 183 184 frags->uio.uio_iov = frags->iov; 185 frags->uio.uio_iovcnt = frags->nfrag; 186 frags->uio.uio_offset = 0; 187 frags->uio.uio_segflg = UIO_USERSPACE; 188 frags->uio.uio_resid = size; 189 190 iov = frags->uio.uio_iov; 191 for (frag = frags->head; frag; frag = frag->next) { 192 iov->iov_base = (caddr_t)frag->buf; 193 iov->iov_len = frag->len; 194 ++iov; 195 } 196 } 197 198 /* 199 * mlnds_destruct 200 * 201 * Destroy a stream. This is an external interface to provide access to 202 * the stream's destruct operation. 203 */ 204 void 205 mlnds_destruct(struct mlndr_stream *mlnds) 206 { 207 MLNDS_DESTRUCT(mlnds); 208 } 209 210 /* 211 * mlndo_malloc 212 * 213 * Allocate memory from the stream heap. 214 */ 215 /*ARGSUSED*/ 216 static char * 217 mlndo_malloc(struct mlndr_stream *mlnds, unsigned len, 218 struct ndr_reference *ref) 219 { 220 return (mlrpc_heap_malloc((mlrpc_heap_t *)mlnds->heap, len)); 221 } 222 223 /* 224 * mlndo_free 225 * 226 * Always succeeds: cannot free individual stream allocations. 227 */ 228 /*ARGSUSED*/ 229 static int 230 mlndo_free(struct mlndr_stream *mlnds, char *p, struct ndr_reference *ref) 231 { 232 return (1); 233 } 234 235 /* 236 * mlndo_grow_pdu 237 * 238 * This is the only place that should change the size of the PDU. If the 239 * desired offset is beyond the current PDU size, we realloc the PDU 240 * buffer to accommodate the request. For efficiency, the PDU is always 241 * extended to a NDR_PDU_BLOCK_SIZE boundary. Requests to grow the PDU 242 * beyond NDR_PDU_MAX_SIZE are rejected. 243 * 244 * Returns 1 to indicate success. Otherwise 0 to indicate failure. 245 */ 246 static int 247 mlndo_grow_pdu(struct mlndr_stream *mlnds, unsigned long want_end_offset, 248 struct ndr_reference *ref) 249 { 250 unsigned char *pdu_addr; 251 unsigned pdu_max_size; 252 253 mlndo_printf(mlnds, ref, "grow %d", want_end_offset); 254 255 pdu_max_size = mlnds->pdu_max_size; 256 257 if (want_end_offset > pdu_max_size) { 258 pdu_max_size = NDR_PDU_ALIGN(want_end_offset); 259 260 if (pdu_max_size >= NDR_PDU_MAX_SIZE) 261 return (0); 262 263 pdu_addr = realloc(mlnds->pdu_base_addr, pdu_max_size); 264 if (pdu_addr == 0) 265 return (0); 266 267 mlnds->pdu_max_size = pdu_max_size; 268 mlnds->pdu_base_addr = pdu_addr; 269 mlnds->pdu_base_offset = (unsigned long)pdu_addr; 270 } 271 272 mlnds->pdu_size = want_end_offset; 273 return (1); 274 } 275 276 static int 277 mlndo_pad_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset, 278 unsigned long n_bytes, struct ndr_reference *ref) 279 { 280 unsigned char *data; 281 282 data = (unsigned char *)mlnds->pdu_base_offset; 283 data += pdu_offset; 284 285 mlndo_printf(mlnds, ref, "pad %d@%-3d", n_bytes, pdu_offset); 286 287 bzero(data, n_bytes); 288 return (1); 289 } 290 291 /* 292 * mlndo_get_pdu 293 * 294 * The swap flag is 1 if NDR knows that the byte-order in the PDU 295 * is different from the local system. 296 * 297 * Returns 1 on success or 0 to indicate failure. 298 */ 299 static int 300 mlndo_get_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset, 301 unsigned long n_bytes, char *buf, int swap_bytes, 302 struct ndr_reference *ref) 303 { 304 unsigned char *data; 305 char hexbuf[NDOBUFSZ]; 306 307 data = (unsigned char *)mlnds->pdu_base_offset; 308 data += pdu_offset; 309 310 mlndo_hexfmt(data, n_bytes, swap_bytes, hexbuf, NDOBUFSZ); 311 312 mlndo_printf(mlnds, ref, "get %d@%-3d = %s", 313 n_bytes, pdu_offset, hexbuf); 314 315 if (!swap_bytes) 316 bcopy(data, buf, n_bytes); 317 else 318 mlnds_bswap(data, (unsigned char *)buf, n_bytes); 319 320 return (1); 321 } 322 323 /* 324 * mlndo_put_pdu 325 * 326 * This is a receiver makes right protocol. So we do not need 327 * to be concerned about the byte-order of an outgoing PDU. 328 */ 329 /*ARGSUSED*/ 330 static int 331 mlndo_put_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset, 332 unsigned long n_bytes, char *buf, int swap_bytes, 333 struct ndr_reference *ref) 334 { 335 unsigned char *data; 336 char hexbuf[NDOBUFSZ]; 337 338 data = (unsigned char *)mlnds->pdu_base_offset; 339 data += pdu_offset; 340 341 mlndo_hexfmt((uint8_t *)buf, n_bytes, 0, hexbuf, NDOBUFSZ); 342 343 mlndo_printf(mlnds, ref, "put %d@%-3d = %s", 344 n_bytes, pdu_offset, hexbuf); 345 346 bcopy(buf, data, n_bytes); 347 return (1); 348 } 349 350 static void 351 mlndo_tattle(struct mlndr_stream *mlnds, char *what, 352 struct ndr_reference *ref) 353 { 354 mlndo_printf(mlnds, ref, what); 355 } 356 357 static void 358 mlndo_tattle_error(struct mlndr_stream *mlnds, struct ndr_reference *ref) 359 { 360 unsigned char *data; 361 char hexbuf[NDOBUFSZ]; 362 363 data = (unsigned char *)mlnds->pdu_base_offset; 364 if (ref) 365 data += ref->pdu_offset; 366 else 367 data += mlnds->pdu_scan_offset; 368 369 mlndo_hexfmt(data, 16, 0, hexbuf, NDOBUFSZ); 370 371 mlndo_printf(mlnds, ref, "ERROR=%d REF=%d OFFSET=%d SIZE=%d/%d", 372 mlnds->error, mlnds->error_ref, mlnds->pdu_scan_offset, 373 mlnds->pdu_size, mlnds->pdu_max_size); 374 mlndo_printf(mlnds, ref, " %s", hexbuf); 375 } 376 377 /* 378 * mlndo_reset 379 * 380 * Reset a stream: zap the outer_queue. We don't need to tamper 381 * with the stream heap: it's handled externally to the stream. 382 */ 383 static int 384 mlndo_reset(struct mlndr_stream *mlnds) 385 { 386 mlndo_printf(mlnds, 0, "reset"); 387 388 mlnds->pdu_size = 0; 389 mlnds->pdu_scan_offset = 0; 390 mlnds->outer_queue_head = 0; 391 mlnds->outer_current = 0; 392 mlnds->outer_queue_tailp = &mlnds->outer_queue_head; 393 394 return (1); 395 } 396 397 /* 398 * mlndo_destruct 399 * 400 * Destruct a stream: zap the outer_queue. 401 * Note: heap management (creation/destruction) is external to the stream. 402 */ 403 static void 404 mlndo_destruct(struct mlndr_stream *mlnds) 405 { 406 ndr_frag_t *frag; 407 408 mlndo_printf(mlnds, 0, "destruct"); 409 410 if (mlnds->pdu_base_addr != NULL) { 411 free(mlnds->pdu_base_addr); 412 mlnds->pdu_base_addr = NULL; 413 mlnds->pdu_base_offset = 0; 414 } 415 416 while ((frag = mlnds->frags.head) != NULL) { 417 mlnds->frags.head = frag->next; 418 free(frag); 419 } 420 421 bzero(&mlnds->frags, sizeof (ndr_fraglist_t)); 422 423 mlnds->outer_queue_head = 0; 424 mlnds->outer_current = 0; 425 mlnds->outer_queue_tailp = &mlnds->outer_queue_head; 426 } 427 428 /* 429 * Printf style formatting for NDR operations. 430 */ 431 void 432 mlndo_printf(struct mlndr_stream *mlnds, struct ndr_reference *ref, 433 const char *fmt, ...) 434 { 435 va_list ap; 436 char buf[NDOBUFSZ]; 437 438 va_start(ap, fmt); 439 (void) vsnprintf(buf, NDOBUFSZ, fmt, ap); 440 va_end(ap); 441 442 if (mlnds) 443 mlndo_fmt(mlnds, ref, buf); 444 else 445 mlndo_trace(buf); 446 } 447 448 /* 449 * Main output formatter for NDR operations. 450 * 451 * UI 03 ... rpc_vers get 1@0 = 5 {05} 452 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00} 453 * 454 * U Marshalling flag (M=marshal, U=unmarshal) 455 * I Direction flag (I=in, O=out) 456 * ... Field name 457 * get PDU operation (get or put) 458 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0) 459 * {05} Value 460 */ 461 void 462 mlndo_fmt(struct mlndr_stream *mlnds, struct ndr_reference *ref, char *note) 463 { 464 struct ndr_reference *p; 465 int indent; 466 char ref_name[NDOBUFSZ]; 467 char buf[NDOBUFSZ]; 468 int m_op_c = '?', dir_c = '?'; 469 470 switch (mlnds->m_op) { 471 case 0: m_op_c = '-'; break; 472 case NDR_M_OP_MARSHALL: m_op_c = 'M'; break; 473 case NDR_M_OP_UNMARSHALL: m_op_c = 'U'; break; 474 default: m_op_c = '?'; break; 475 } 476 477 switch (mlnds->dir) { 478 case 0: dir_c = '-'; break; 479 case NDR_DIR_IN: dir_c = 'I'; break; 480 case NDR_DIR_OUT: dir_c = 'O'; break; 481 default: dir_c = '?'; break; 482 } 483 484 for (indent = 0, p = ref; p; p = p->enclosing) 485 indent++; 486 487 if (ref && ref->name) { 488 if (*ref->name == '[' && ref->enclosing) { 489 indent--; 490 (void) snprintf(ref_name, NDOBUFSZ, "%s%s", 491 ref->enclosing->name, ref->name); 492 } else { 493 (void) strlcpy(ref_name, ref->name, NDOBUFSZ); 494 } 495 } else { 496 (void) strlcpy(ref_name, "----", NDOBUFSZ); 497 } 498 499 (void) snprintf(buf, NDOBUFSZ, "%c%c %02d %-.*s %-*s %s", 500 m_op_c, dir_c, indent, indent, 501 "....+....+....+....+....+....", 502 20 - indent, ref_name, note); 503 504 mlndo_trace(buf); 505 } 506 507 /*ARGSUSED*/ 508 void 509 mlndo_trace(const char *s) 510 { 511 /* 512 * Temporary fbt for dtrace until user space sdt enabled. 513 */ 514 } 515 516 /* 517 * Format data as hex bytes (limit is 10 bytes): 518 * 519 * 1188689424 {10 f6 d9 46} 520 * 521 * If the input data is greater than 10 bytes, an ellipsis will 522 * be inserted before the closing brace. 523 */ 524 static void 525 mlndo_hexfmt(uint8_t *data, int size, int swap_bytes, char *buf, int len) 526 { 527 char *p = buf; 528 int interp = 1; 529 uint32_t c; 530 int n; 531 int i; 532 533 n = (size > 10) ? 10 : size; 534 if (n > len-1) 535 n = len-1; 536 537 switch (size) { 538 case 1: 539 c = *(uint8_t *)data; 540 break; 541 case 2: 542 if (swap_bytes == 0) /*LINTED E_BAD_PTR_CAST_ALIGN*/ 543 c = *(uint16_t *)data; 544 else 545 c = (data[0] << 8) | data[1]; 546 break; 547 case 4: 548 if (swap_bytes == 0) { /*LINTED E_BAD_PTR_CAST_ALIGN*/ 549 c = *(uint32_t *)data; 550 } else { 551 c = (data[0] << 24) | (data[1] << 16) 552 | (data[2] << 8) | data[3]; 553 } 554 break; 555 default: 556 c = 0; 557 interp = 0; 558 break; 559 } 560 561 if (interp) 562 p += sprintf(p, "%4u {", c); 563 else 564 p += sprintf(p, " {"); 565 566 p += sprintf(p, "%02x", data[0]); 567 for (i = 1; i < n; i++) 568 p += sprintf(p, " %02x", data[i]); 569 if (size > 10) 570 p += sprintf(p, " ...}"); 571 else 572 p += sprintf(p, "}"); 573 574 /* 575 * Show c if it's a printable character or wide-char. 576 */ 577 if (size < 4 && isprint((uint8_t)c)) 578 (void) sprintf(p, " %c", (uint8_t)c); 579 } 580