xref: /titanic_50/usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c (revision 1dc8bc23152a02d4586ec1fd8612f7e8f57ceb42)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * MLRPC server-side NDR stream (PDU) operations. Stream operations
30  * should return TRUE (non-zero) on success or FALSE (zero or a null
31  * pointer) on failure. When an operation returns FALSE, including
32  * mlndo_malloc() returning NULL, it should set the mlnds->error to
33  * indicate what went wrong.
34  *
35  * When available, the relevant ndr_reference is passed to the
36  * operation but keep in mind that it may be a null pointer.
37  *
38  * Functions mlndo_get_pdu(), mlndo_put_pdu(), and mlndo_pad_pdu()
39  * must never grow the PDU data. A request for out-of-bounds data is
40  * an error. The swap_bytes flag is 1 if NDR knows that the byte-
41  * order in the PDU is different from the local system.
42  */
43 
44 #include <sys/types.h>
45 #include <stdarg.h>
46 #include <ctype.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <strings.h>
50 #include <string.h>
51 #include <assert.h>
52 
53 #include <smbsrv/libsmb.h>
54 #include <smbsrv/mlrpc.h>
55 #include <smbsrv/ndr.h>
56 #include <smbsrv/ntstatus.h>
57 
58 #define	NDOBUFSZ		128
59 
60 #define	NDR_PDU_BLOCK_SIZE	(4*1024)
61 #define	NDR_PDU_BLOCK_MASK	(NDR_PDU_BLOCK_SIZE - 1)
62 #define	NDR_PDU_ALIGN(N) \
63 	(((N) + NDR_PDU_BLOCK_SIZE) & ~NDR_PDU_BLOCK_MASK)
64 #define	NDR_PDU_MAX_SIZE		(64*1024*1024)
65 
66 static char *mlndo_malloc(struct mlndr_stream *, unsigned,
67     struct ndr_reference *);
68 static int mlndo_free(struct mlndr_stream *, char *, struct ndr_reference *);
69 static int mlndo_grow_pdu(struct mlndr_stream *, unsigned long,
70     struct ndr_reference *);
71 static int mlndo_pad_pdu(struct mlndr_stream *, unsigned long, unsigned long,
72     struct ndr_reference *);
73 static int mlndo_get_pdu(struct mlndr_stream *, unsigned long, unsigned long,
74     char *, int, struct ndr_reference *);
75 static int mlndo_put_pdu(struct mlndr_stream *, unsigned long, unsigned long,
76     char *, int, struct ndr_reference *);
77 static void mlndo_tattle(struct mlndr_stream *, char *, struct ndr_reference *);
78 static void mlndo_tattle_error(struct mlndr_stream *, struct ndr_reference *);
79 static int mlndo_reset(struct mlndr_stream *);
80 static void mlndo_destruct(struct mlndr_stream *);
81 static void mlndo_hexfmt(uint8_t *, int, int, char *, int);
82 
83 /*
84  * The mlndr stream operations table.
85  */
86 static struct mlndr_stream_ops mlnds_ops = {
87     mlndo_malloc,
88     mlndo_free,
89     mlndo_grow_pdu,
90     mlndo_pad_pdu,
91     mlndo_get_pdu,
92     mlndo_put_pdu,
93     mlndo_tattle,
94     mlndo_tattle_error,
95     mlndo_reset,
96     mlndo_destruct
97 };
98 
99 /*
100  * mlnds_bswap
101  *
102  * Copies len bytes from src to dst such that dst contains the bytes
103  * from src in reverse order.
104  *
105  * We expect to be dealing with bytes, words, dwords etc. So the
106  * length must be non-zero and a power of 2.
107  */
108 void
109 mlnds_bswap(void *srcbuf, void *dstbuf, size_t len)
110 {
111 	uint8_t *src = (uint8_t *)srcbuf;
112 	uint8_t *dst = (uint8_t *)dstbuf;
113 
114 	if ((len != 0) && ((len & (len - 1)) == 0)) {
115 		src += len;
116 
117 		while (len--)
118 			*dst++ = *(--src);
119 	}
120 }
121 
122 /*
123  * mlnds_initialize
124  *
125  * Initialize a stream. Sets up the PDU parameters and assigns the stream
126  * operations and the reference to the heap. An external heap is provided
127  * to the stream, rather than each stream creating its own heap.
128  */
129 void
130 mlnds_initialize(struct mlndr_stream *mlnds, unsigned pdu_size_hint,
131     int composite_op, mlrpc_heap_t *heap)
132 {
133 	unsigned size;
134 
135 	assert(mlnds);
136 	assert(heap);
137 
138 	bzero(mlnds, sizeof (*mlnds));
139 
140 	if (pdu_size_hint > NDR_PDU_MAX_SIZE)
141 		return;
142 
143 	size = (pdu_size_hint == 0) ? NDR_PDU_BLOCK_SIZE : pdu_size_hint;
144 	mlnds->pdu_base_addr = malloc(size);
145 	assert(mlnds->pdu_base_addr);
146 
147 	mlnds->pdu_max_size = size;
148 	mlnds->pdu_size = 0;
149 	mlnds->pdu_base_offset = (unsigned long)mlnds->pdu_base_addr;
150 
151 	mlnds->mlndo = &mlnds_ops;
152 	mlnds->heap = (struct mlrpc_heap *)heap;
153 
154 	mlnds->m_op = composite_op & 0x0F;
155 	mlnds->dir  = composite_op & 0xF0;
156 
157 	mlnds->outer_queue_tailp = &mlnds->outer_queue_head;
158 }
159 
160 void
161 mlnds_finalize(struct mlndr_stream *mlnds, ndr_fraglist_t *frags)
162 {
163 	iovec_t *iov;
164 	ndr_frag_t *frag;
165 	uint32_t size = 0;
166 
167 	bzero(frags, sizeof (ndr_fraglist_t));
168 
169 	for (frag = mlnds->frags.head; frag; frag = frag->next)
170 		size += frag->len;
171 
172 	if (size == 0 || size >= NDR_PDU_MAX_SIZE)
173 		return;
174 
175 	frags->iov = malloc(mlnds->frags.nfrag * sizeof (iovec_t));
176 	if (frags->iov == NULL)
177 		return;
178 
179 	frags->head = mlnds->frags.head;
180 	frags->tail = mlnds->frags.tail;
181 	frags->nfrag = mlnds->frags.nfrag;
182 	bzero(&mlnds->frags, sizeof (ndr_fraglist_t));
183 
184 	frags->uio.uio_iov = frags->iov;
185 	frags->uio.uio_iovcnt = frags->nfrag;
186 	frags->uio.uio_offset = 0;
187 	frags->uio.uio_segflg = UIO_USERSPACE;
188 	frags->uio.uio_resid = size;
189 
190 	iov = frags->uio.uio_iov;
191 	for (frag = frags->head; frag; frag = frag->next) {
192 		iov->iov_base = (caddr_t)frag->buf;
193 		iov->iov_len = frag->len;
194 		++iov;
195 	}
196 }
197 
198 /*
199  * mlnds_destruct
200  *
201  * Destroy a stream. This is an external interface to provide access to
202  * the stream's destruct operation.
203  */
204 void
205 mlnds_destruct(struct mlndr_stream *mlnds)
206 {
207 	MLNDS_DESTRUCT(mlnds);
208 }
209 
210 /*
211  * mlndo_malloc
212  *
213  * Allocate memory from the stream heap.
214  */
215 /*ARGSUSED*/
216 static char *
217 mlndo_malloc(struct mlndr_stream *mlnds, unsigned len,
218     struct ndr_reference *ref)
219 {
220 	return (mlrpc_heap_malloc((mlrpc_heap_t *)mlnds->heap, len));
221 }
222 
223 /*
224  * mlndo_free
225  *
226  * Always succeeds: cannot free individual stream allocations.
227  */
228 /*ARGSUSED*/
229 static int
230 mlndo_free(struct mlndr_stream *mlnds, char *p, struct ndr_reference *ref)
231 {
232 	return (1);
233 }
234 
235 /*
236  * mlndo_grow_pdu
237  *
238  * This is the only place that should change the size of the PDU. If the
239  * desired offset is beyond the current PDU size, we realloc the PDU
240  * buffer to accommodate the request. For efficiency, the PDU is always
241  * extended to a NDR_PDU_BLOCK_SIZE boundary. Requests to grow the PDU
242  * beyond NDR_PDU_MAX_SIZE are rejected.
243  *
244  * Returns 1 to indicate success. Otherwise 0 to indicate failure.
245  */
246 static int
247 mlndo_grow_pdu(struct mlndr_stream *mlnds, unsigned long want_end_offset,
248     struct ndr_reference *ref)
249 {
250 	unsigned char *pdu_addr;
251 	unsigned pdu_max_size;
252 
253 	mlndo_printf(mlnds, ref, "grow %d", want_end_offset);
254 
255 	pdu_max_size = mlnds->pdu_max_size;
256 
257 	if (want_end_offset > pdu_max_size) {
258 		pdu_max_size = NDR_PDU_ALIGN(want_end_offset);
259 
260 		if (pdu_max_size >= NDR_PDU_MAX_SIZE)
261 			return (0);
262 
263 		pdu_addr = realloc(mlnds->pdu_base_addr, pdu_max_size);
264 		if (pdu_addr == 0)
265 			return (0);
266 
267 		mlnds->pdu_max_size = pdu_max_size;
268 		mlnds->pdu_base_addr = pdu_addr;
269 		mlnds->pdu_base_offset = (unsigned long)pdu_addr;
270 	}
271 
272 	mlnds->pdu_size = want_end_offset;
273 	return (1);
274 }
275 
276 static int
277 mlndo_pad_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset,
278     unsigned long n_bytes, struct ndr_reference *ref)
279 {
280 	unsigned char *data;
281 
282 	data = (unsigned char *)mlnds->pdu_base_offset;
283 	data += pdu_offset;
284 
285 	mlndo_printf(mlnds, ref, "pad %d@%-3d", n_bytes, pdu_offset);
286 
287 	bzero(data, n_bytes);
288 	return (1);
289 }
290 
291 /*
292  * mlndo_get_pdu
293  *
294  * The swap flag is 1 if NDR knows that the byte-order in the PDU
295  * is different from the local system.
296  *
297  * Returns 1 on success or 0 to indicate failure.
298  */
299 static int
300 mlndo_get_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset,
301     unsigned long n_bytes, char *buf, int swap_bytes,
302     struct ndr_reference *ref)
303 {
304 	unsigned char *data;
305 	char hexbuf[NDOBUFSZ];
306 
307 	data = (unsigned char *)mlnds->pdu_base_offset;
308 	data += pdu_offset;
309 
310 	mlndo_hexfmt(data, n_bytes, swap_bytes, hexbuf, NDOBUFSZ);
311 
312 	mlndo_printf(mlnds, ref, "get %d@%-3d = %s",
313 	    n_bytes, pdu_offset, hexbuf);
314 
315 	if (!swap_bytes)
316 		bcopy(data, buf, n_bytes);
317 	else
318 		mlnds_bswap(data, (unsigned char *)buf, n_bytes);
319 
320 	return (1);
321 }
322 
323 /*
324  * mlndo_put_pdu
325  *
326  * This is a receiver makes right protocol. So we do not need
327  * to be concerned about the byte-order of an outgoing PDU.
328  */
329 /*ARGSUSED*/
330 static int
331 mlndo_put_pdu(struct mlndr_stream *mlnds, unsigned long pdu_offset,
332     unsigned long n_bytes, char *buf, int swap_bytes,
333     struct ndr_reference *ref)
334 {
335 	unsigned char *data;
336 	char hexbuf[NDOBUFSZ];
337 
338 	data = (unsigned char *)mlnds->pdu_base_offset;
339 	data += pdu_offset;
340 
341 	mlndo_hexfmt((uint8_t *)buf, n_bytes, 0, hexbuf, NDOBUFSZ);
342 
343 	mlndo_printf(mlnds, ref, "put %d@%-3d = %s",
344 	    n_bytes, pdu_offset, hexbuf);
345 
346 	bcopy(buf, data, n_bytes);
347 	return (1);
348 }
349 
350 static void
351 mlndo_tattle(struct mlndr_stream *mlnds, char *what,
352     struct ndr_reference *ref)
353 {
354 	mlndo_printf(mlnds, ref, what);
355 }
356 
357 static void
358 mlndo_tattle_error(struct mlndr_stream *mlnds, struct ndr_reference *ref)
359 {
360 	unsigned char *data;
361 	char hexbuf[NDOBUFSZ];
362 
363 	data = (unsigned char *)mlnds->pdu_base_offset;
364 	if (ref)
365 		data += ref->pdu_offset;
366 	else
367 		data += mlnds->pdu_scan_offset;
368 
369 	mlndo_hexfmt(data, 16, 0, hexbuf, NDOBUFSZ);
370 
371 	mlndo_printf(mlnds, ref, "ERROR=%d REF=%d OFFSET=%d SIZE=%d/%d",
372 	    mlnds->error, mlnds->error_ref, mlnds->pdu_scan_offset,
373 	    mlnds->pdu_size, mlnds->pdu_max_size);
374 	mlndo_printf(mlnds, ref, "      %s", hexbuf);
375 }
376 
377 /*
378  * mlndo_reset
379  *
380  * Reset a stream: zap the outer_queue. We don't need to tamper
381  * with the stream heap: it's handled externally to the stream.
382  */
383 static int
384 mlndo_reset(struct mlndr_stream *mlnds)
385 {
386 	mlndo_printf(mlnds, 0, "reset");
387 
388 	mlnds->pdu_size = 0;
389 	mlnds->pdu_scan_offset = 0;
390 	mlnds->outer_queue_head = 0;
391 	mlnds->outer_current = 0;
392 	mlnds->outer_queue_tailp = &mlnds->outer_queue_head;
393 
394 	return (1);
395 }
396 
397 /*
398  * mlndo_destruct
399  *
400  * Destruct a stream: zap the outer_queue.
401  * Note: heap management (creation/destruction) is external to the stream.
402  */
403 static void
404 mlndo_destruct(struct mlndr_stream *mlnds)
405 {
406 	ndr_frag_t *frag;
407 
408 	mlndo_printf(mlnds, 0, "destruct");
409 
410 	if (mlnds->pdu_base_addr != NULL) {
411 		free(mlnds->pdu_base_addr);
412 		mlnds->pdu_base_addr = NULL;
413 		mlnds->pdu_base_offset = 0;
414 	}
415 
416 	while ((frag = mlnds->frags.head) != NULL) {
417 		mlnds->frags.head = frag->next;
418 		free(frag);
419 	}
420 
421 	bzero(&mlnds->frags, sizeof (ndr_fraglist_t));
422 
423 	mlnds->outer_queue_head = 0;
424 	mlnds->outer_current = 0;
425 	mlnds->outer_queue_tailp = &mlnds->outer_queue_head;
426 }
427 
428 /*
429  * Printf style formatting for NDR operations.
430  */
431 void
432 mlndo_printf(struct mlndr_stream *mlnds, struct ndr_reference *ref,
433     const char *fmt, ...)
434 {
435 	va_list ap;
436 	char buf[NDOBUFSZ];
437 
438 	va_start(ap, fmt);
439 	(void) vsnprintf(buf, NDOBUFSZ, fmt, ap);
440 	va_end(ap);
441 
442 	if (mlnds)
443 		mlndo_fmt(mlnds, ref, buf);
444 	else
445 		mlndo_trace(buf);
446 }
447 
448 /*
449  * Main output formatter for NDR operations.
450  *
451  *	UI 03 ... rpc_vers           get 1@0   =    5 {05}
452  *	UI 03 ... rpc_vers_minor     get 1@1   =    0 {00}
453  *
454  *	U       Marshalling flag (M=marshal, U=unmarshal)
455  *	I       Direction flag (I=in, O=out)
456  *	...     Field name
457  *	get     PDU operation (get or put)
458  *	1@0	Bytes @ offset (i.e. 1 byte at offset 0)
459  *	{05}    Value
460  */
461 void
462 mlndo_fmt(struct mlndr_stream *mlnds, struct ndr_reference *ref, char *note)
463 {
464 	struct ndr_reference *p;
465 	int			indent;
466 	char			ref_name[NDOBUFSZ];
467 	char			buf[NDOBUFSZ];
468 	int			m_op_c = '?', dir_c = '?';
469 
470 	switch (mlnds->m_op) {
471 	case 0:				m_op_c = '-';	break;
472 	case NDR_M_OP_MARSHALL:		m_op_c = 'M';	break;
473 	case NDR_M_OP_UNMARSHALL:	m_op_c = 'U';	break;
474 	default:			m_op_c = '?';	break;
475 	}
476 
477 	switch (mlnds->dir) {
478 	case 0:				dir_c = '-';	break;
479 	case NDR_DIR_IN:		dir_c = 'I';	break;
480 	case NDR_DIR_OUT:		dir_c = 'O';	break;
481 	default:			dir_c = '?';	break;
482 	}
483 
484 	for (indent = 0, p = ref; p; p = p->enclosing)
485 		indent++;
486 
487 	if (ref && ref->name) {
488 		if (*ref->name == '[' && ref->enclosing) {
489 			indent--;
490 			(void) snprintf(ref_name, NDOBUFSZ, "%s%s",
491 			    ref->enclosing->name, ref->name);
492 		} else {
493 			(void) strlcpy(ref_name, ref->name, NDOBUFSZ);
494 		}
495 	} else {
496 		(void) strlcpy(ref_name, "----", NDOBUFSZ);
497 	}
498 
499 	(void) snprintf(buf, NDOBUFSZ, "%c%c %02d %-.*s %-*s  %s",
500 	    m_op_c, dir_c, indent, indent,
501 	    "....+....+....+....+....+....",
502 	    20 - indent, ref_name, note);
503 
504 	mlndo_trace(buf);
505 }
506 
507 /*ARGSUSED*/
508 void
509 mlndo_trace(const char *s)
510 {
511 	/*
512 	 * Temporary fbt for dtrace until user space sdt enabled.
513 	 */
514 }
515 
516 /*
517  * Format data as hex bytes (limit is 10 bytes):
518  *
519  *	1188689424 {10 f6 d9 46}
520  *
521  * If the input data is greater than 10 bytes, an ellipsis will
522  * be inserted before the closing brace.
523  */
524 static void
525 mlndo_hexfmt(uint8_t *data, int size, int swap_bytes, char *buf, int len)
526 {
527 	char *p = buf;
528 	int interp = 1;
529 	uint32_t c;
530 	int n;
531 	int i;
532 
533 	n = (size > 10) ? 10 : size;
534 	if (n > len-1)
535 		n = len-1;
536 
537 	switch (size) {
538 	case 1:
539 		c = *(uint8_t *)data;
540 		break;
541 	case 2:
542 		if (swap_bytes == 0) /*LINTED E_BAD_PTR_CAST_ALIGN*/
543 			c = *(uint16_t *)data;
544 		else
545 			c = (data[0] << 8) | data[1];
546 		break;
547 	case 4:
548 		if (swap_bytes == 0) { /*LINTED E_BAD_PTR_CAST_ALIGN*/
549 			c = *(uint32_t *)data;
550 		} else {
551 			c = (data[0] << 24) | (data[1] << 16)
552 			    | (data[2] << 8) | data[3];
553 		}
554 		break;
555 	default:
556 		c = 0;
557 		interp = 0;
558 		break;
559 	}
560 
561 	if (interp)
562 		p += sprintf(p, "%4u {", c);
563 	else
564 		p += sprintf(p, " {");
565 
566 	p += sprintf(p, "%02x", data[0]);
567 	for (i = 1; i < n; i++)
568 		p += sprintf(p, " %02x", data[i]);
569 	if (size > 10)
570 		p += sprintf(p, " ...}");
571 	else
572 		p += sprintf(p, "}");
573 
574 	/*
575 	 * Show c if it's a printable character or wide-char.
576 	 */
577 	if (size < 4 && isprint((uint8_t)c))
578 		(void) sprintf(p, " %c", (uint8_t)c);
579 }
580