1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* 28 * Server-side NDR stream (PDU) operations. Stream operations should 29 * return TRUE (non-zero) on success or FALSE (zero or a null pointer) 30 * on failure. When an operation returns FALSE, including ndo_malloc() 31 * returning NULL, it should set the nds->error to indicate what went 32 * wrong. 33 * 34 * When available, the relevant ndr reference is passed to the 35 * operation but keep in mind that it may be a null pointer. 36 * 37 * Functions ndo_get_pdu(), ndo_put_pdu(), and ndo_pad_pdu() 38 * must never grow the PDU data. A request for out-of-bounds data is 39 * an error. The swap_bytes flag is 1 if NDR knows that the byte- 40 * order in the PDU is different from the local system. 41 */ 42 43 #include <sys/types.h> 44 #include <stdarg.h> 45 #include <ctype.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <strings.h> 49 #include <string.h> 50 #include <assert.h> 51 52 #include <smbsrv/libsmb.h> 53 #include <smbsrv/libmlrpc.h> 54 55 #define NDOBUFSZ 128 56 57 #define NDR_PDU_BLOCK_SIZE (4*1024) 58 #define NDR_PDU_BLOCK_MASK (NDR_PDU_BLOCK_SIZE - 1) 59 #define NDR_PDU_ALIGN(N) \ 60 (((N) + NDR_PDU_BLOCK_SIZE) & ~NDR_PDU_BLOCK_MASK) 61 #define NDR_PDU_MAX_SIZE (64*1024*1024) 62 63 static char *ndo_malloc(ndr_stream_t *, unsigned, ndr_ref_t *); 64 static int ndo_free(ndr_stream_t *, char *, ndr_ref_t *); 65 static int ndo_grow_pdu(ndr_stream_t *, unsigned long, ndr_ref_t *); 66 static int ndo_pad_pdu(ndr_stream_t *, unsigned long, unsigned long, 67 ndr_ref_t *); 68 static int ndo_get_pdu(ndr_stream_t *, unsigned long, unsigned long, 69 char *, int, ndr_ref_t *); 70 static int ndo_put_pdu(ndr_stream_t *, unsigned long, unsigned long, 71 char *, int, ndr_ref_t *); 72 static void ndo_tattle(ndr_stream_t *, char *, ndr_ref_t *); 73 static void ndo_tattle_error(ndr_stream_t *, ndr_ref_t *); 74 static int ndo_reset(ndr_stream_t *); 75 static void ndo_destruct(ndr_stream_t *); 76 static void ndo_hexfmt(uint8_t *, int, int, char *, int); 77 78 /* 79 * The ndr stream operations table. 80 */ 81 static ndr_stream_ops_t nds_ops = { 82 ndo_malloc, 83 ndo_free, 84 ndo_grow_pdu, 85 ndo_pad_pdu, 86 ndo_get_pdu, 87 ndo_put_pdu, 88 ndo_tattle, 89 ndo_tattle_error, 90 ndo_reset, 91 ndo_destruct 92 }; 93 94 /* 95 * nds_bswap 96 * 97 * Copies len bytes from src to dst such that dst contains the bytes 98 * from src in reverse order. 99 * 100 * We expect to be dealing with bytes, words, dwords etc. So the 101 * length must be non-zero and a power of 2. 102 */ 103 void 104 nds_bswap(void *srcbuf, void *dstbuf, size_t len) 105 { 106 uint8_t *src = (uint8_t *)srcbuf; 107 uint8_t *dst = (uint8_t *)dstbuf; 108 109 if ((len != 0) && ((len & (len - 1)) == 0)) { 110 src += len; 111 112 while (len--) 113 *dst++ = *(--src); 114 } 115 } 116 117 /* 118 * nds_initialize 119 * 120 * Initialize a stream. Sets up the PDU parameters and assigns the stream 121 * operations and the reference to the heap. An external heap is provided 122 * to the stream, rather than each stream creating its own heap. 123 */ 124 int 125 nds_initialize(ndr_stream_t *nds, unsigned pdu_size_hint, 126 int composite_op, ndr_heap_t *heap) 127 { 128 unsigned size; 129 130 assert(nds); 131 assert(heap); 132 133 bzero(nds, sizeof (*nds)); 134 nds->ndo = &nds_ops; 135 nds->heap = (struct ndr_heap *)heap; 136 137 if (pdu_size_hint > NDR_PDU_MAX_SIZE) { 138 nds->error = NDR_ERR_BOUNDS_CHECK; 139 nds->error_ref = __LINE__; 140 NDS_TATTLE_ERROR(nds, NULL, NULL); 141 return (NDR_DRC_FAULT_RESOURCE_1); 142 } 143 144 size = (pdu_size_hint == 0) ? NDR_PDU_BLOCK_SIZE : pdu_size_hint; 145 146 if ((nds->pdu_base_addr = malloc(size)) == NULL) { 147 nds->error = NDR_ERR_MALLOC_FAILED; 148 nds->error_ref = __LINE__; 149 NDS_TATTLE_ERROR(nds, NULL, NULL); 150 return (NDR_DRC_FAULT_OUT_OF_MEMORY); 151 } 152 153 nds->pdu_max_size = size; 154 nds->pdu_size = 0; 155 nds->pdu_base_offset = (unsigned long)nds->pdu_base_addr; 156 157 nds->m_op = NDR_MODE_TO_M_OP(composite_op); 158 nds->dir = NDR_MODE_TO_DIR(composite_op); 159 160 nds->outer_queue_tailp = &nds->outer_queue_head; 161 return (0); 162 } 163 164 /* 165 * nds_destruct 166 * 167 * Destroy a stream. This is an external interface to provide access to 168 * the stream's destruct operation. 169 */ 170 void 171 nds_destruct(ndr_stream_t *nds) 172 { 173 if ((nds == NULL) || (nds->ndo == NULL)) 174 return; 175 176 NDS_DESTRUCT(nds); 177 } 178 179 /* 180 * Print NDR stream state. 181 */ 182 void 183 nds_show_state(ndr_stream_t *nds) 184 { 185 if (nds == NULL) { 186 ndo_printf(NULL, NULL, "nds: <null"); 187 return; 188 } 189 190 ndo_printf(NULL, NULL, "nds: base=0x%x, size=%d, max=%d, scan=%d", 191 nds->pdu_base_offset, nds->pdu_size, nds->pdu_max_size, 192 nds->pdu_scan_offset); 193 } 194 195 /* 196 * ndo_malloc 197 * 198 * Allocate memory from the stream heap. 199 */ 200 /*ARGSUSED*/ 201 static char * 202 ndo_malloc(ndr_stream_t *nds, unsigned len, ndr_ref_t *ref) 203 { 204 return (ndr_heap_malloc((ndr_heap_t *)nds->heap, len)); 205 } 206 207 /* 208 * ndo_free 209 * 210 * Always succeeds: cannot free individual stream allocations. 211 */ 212 /*ARGSUSED*/ 213 static int 214 ndo_free(ndr_stream_t *nds, char *p, ndr_ref_t *ref) 215 { 216 return (1); 217 } 218 219 /* 220 * ndo_grow_pdu 221 * 222 * This is the only place that should change the size of the PDU. If the 223 * desired offset is beyond the current PDU size, we realloc the PDU 224 * buffer to accommodate the request. For efficiency, the PDU is always 225 * extended to a NDR_PDU_BLOCK_SIZE boundary. Requests to grow the PDU 226 * beyond NDR_PDU_MAX_SIZE are rejected. 227 * 228 * Returns 1 to indicate success. Otherwise 0 to indicate failure. 229 */ 230 static int 231 ndo_grow_pdu(ndr_stream_t *nds, unsigned long want_end_offset, ndr_ref_t *ref) 232 { 233 unsigned char *pdu_addr; 234 unsigned pdu_max_size; 235 236 ndo_printf(nds, ref, "grow %d", want_end_offset); 237 238 pdu_max_size = nds->pdu_max_size; 239 240 if (want_end_offset > pdu_max_size) { 241 pdu_max_size = NDR_PDU_ALIGN(want_end_offset); 242 243 if (pdu_max_size >= NDR_PDU_MAX_SIZE) 244 return (0); 245 246 pdu_addr = realloc(nds->pdu_base_addr, pdu_max_size); 247 if (pdu_addr == 0) 248 return (0); 249 250 nds->pdu_max_size = pdu_max_size; 251 nds->pdu_base_addr = pdu_addr; 252 nds->pdu_base_offset = (unsigned long)pdu_addr; 253 } 254 255 nds->pdu_size = want_end_offset; 256 return (1); 257 } 258 259 static int 260 ndo_pad_pdu(ndr_stream_t *nds, unsigned long pdu_offset, 261 unsigned long n_bytes, ndr_ref_t *ref) 262 { 263 unsigned char *data; 264 265 data = (unsigned char *)nds->pdu_base_offset; 266 data += pdu_offset; 267 268 ndo_printf(nds, ref, "pad %d@%-3d", n_bytes, pdu_offset); 269 270 bzero(data, n_bytes); 271 return (1); 272 } 273 274 /* 275 * ndo_get_pdu 276 * 277 * The swap flag is 1 if NDR knows that the byte-order in the PDU 278 * is different from the local system. 279 * 280 * Returns 1 on success or 0 to indicate failure. 281 */ 282 static int 283 ndo_get_pdu(ndr_stream_t *nds, unsigned long pdu_offset, 284 unsigned long n_bytes, char *buf, int swap_bytes, ndr_ref_t *ref) 285 { 286 unsigned char *data; 287 char hexbuf[NDOBUFSZ]; 288 289 data = (unsigned char *)nds->pdu_base_offset; 290 data += pdu_offset; 291 292 ndo_hexfmt(data, n_bytes, swap_bytes, hexbuf, NDOBUFSZ); 293 294 ndo_printf(nds, ref, "get %d@%-3d = %s", 295 n_bytes, pdu_offset, hexbuf); 296 297 if (!swap_bytes) 298 bcopy(data, buf, n_bytes); 299 else 300 nds_bswap(data, (unsigned char *)buf, n_bytes); 301 302 return (1); 303 } 304 305 /* 306 * ndo_put_pdu 307 * 308 * This is a receiver makes right protocol. So we do not need 309 * to be concerned about the byte-order of an outgoing PDU. 310 */ 311 /*ARGSUSED*/ 312 static int 313 ndo_put_pdu(ndr_stream_t *nds, unsigned long pdu_offset, 314 unsigned long n_bytes, char *buf, int swap_bytes, ndr_ref_t *ref) 315 { 316 unsigned char *data; 317 char hexbuf[NDOBUFSZ]; 318 319 data = (unsigned char *)nds->pdu_base_offset; 320 data += pdu_offset; 321 322 ndo_hexfmt((uint8_t *)buf, n_bytes, 0, hexbuf, NDOBUFSZ); 323 324 ndo_printf(nds, ref, "put %d@%-3d = %s", 325 n_bytes, pdu_offset, hexbuf); 326 327 bcopy(buf, data, n_bytes); 328 return (1); 329 } 330 331 static void 332 ndo_tattle(ndr_stream_t *nds, char *what, ndr_ref_t *ref) 333 { 334 ndo_printf(nds, ref, what); 335 } 336 337 static void 338 ndo_tattle_error(ndr_stream_t *nds, ndr_ref_t *ref) 339 { 340 unsigned char *data; 341 char hexbuf[NDOBUFSZ]; 342 343 if (nds->pdu_base_addr != NULL) { 344 data = (unsigned char *)nds->pdu_base_offset; 345 if (ref) 346 data += ref->pdu_offset; 347 else 348 data += nds->pdu_scan_offset; 349 350 ndo_hexfmt(data, 16, 0, hexbuf, NDOBUFSZ); 351 } else { 352 bzero(hexbuf, NDOBUFSZ); 353 } 354 355 ndo_printf(nds, ref, "ERROR=%d REF=%d OFFSET=%d SIZE=%d/%d", 356 nds->error, nds->error_ref, nds->pdu_scan_offset, 357 nds->pdu_size, nds->pdu_max_size); 358 ndo_printf(nds, ref, " %s", hexbuf); 359 } 360 361 /* 362 * ndo_reset 363 * 364 * Reset a stream: zap the outer_queue. We don't need to tamper 365 * with the stream heap: it's handled externally to the stream. 366 */ 367 static int 368 ndo_reset(ndr_stream_t *nds) 369 { 370 ndo_printf(nds, 0, "reset"); 371 372 nds->pdu_size = 0; 373 nds->pdu_scan_offset = 0; 374 nds->outer_queue_head = 0; 375 nds->outer_current = 0; 376 nds->outer_queue_tailp = &nds->outer_queue_head; 377 378 return (1); 379 } 380 381 /* 382 * ndo_destruct 383 * 384 * Destruct a stream: zap the outer_queue. 385 * Note: heap management (creation/destruction) is external to the stream. 386 */ 387 static void 388 ndo_destruct(ndr_stream_t *nds) 389 { 390 391 ndo_printf(nds, 0, "destruct"); 392 393 if (nds == NULL) 394 return; 395 396 if (nds->pdu_base_addr != NULL) { 397 free(nds->pdu_base_addr); 398 nds->pdu_base_addr = NULL; 399 nds->pdu_base_offset = 0; 400 } 401 402 nds->outer_queue_head = 0; 403 nds->outer_current = 0; 404 nds->outer_queue_tailp = &nds->outer_queue_head; 405 } 406 407 /* 408 * Printf style formatting for NDR operations. 409 */ 410 void 411 ndo_printf(ndr_stream_t *nds, ndr_ref_t *ref, const char *fmt, ...) 412 { 413 va_list ap; 414 char buf[NDOBUFSZ]; 415 416 va_start(ap, fmt); 417 (void) vsnprintf(buf, NDOBUFSZ, fmt, ap); 418 va_end(ap); 419 420 if (nds) 421 ndo_fmt(nds, ref, buf); 422 else 423 ndo_trace(buf); 424 } 425 426 /* 427 * Main output formatter for NDR operations. 428 * 429 * UI 03 ... rpc_vers get 1@0 = 5 {05} 430 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00} 431 * 432 * U Marshalling flag (M=marshal, U=unmarshal) 433 * I Direction flag (I=in, O=out) 434 * ... Field name 435 * get PDU operation (get or put) 436 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0) 437 * {05} Value 438 */ 439 void 440 ndo_fmt(ndr_stream_t *nds, ndr_ref_t *ref, char *note) 441 { 442 ndr_ref_t *p; 443 int indent; 444 char ref_name[NDOBUFSZ]; 445 char buf[NDOBUFSZ]; 446 int m_op_c = '?', dir_c = '?'; 447 448 switch (nds->m_op) { 449 case 0: m_op_c = '-'; break; 450 case NDR_M_OP_MARSHALL: m_op_c = 'M'; break; 451 case NDR_M_OP_UNMARSHALL: m_op_c = 'U'; break; 452 default: m_op_c = '?'; break; 453 } 454 455 switch (nds->dir) { 456 case 0: dir_c = '-'; break; 457 case NDR_DIR_IN: dir_c = 'I'; break; 458 case NDR_DIR_OUT: dir_c = 'O'; break; 459 default: dir_c = '?'; break; 460 } 461 462 for (indent = 0, p = ref; p; p = p->enclosing) 463 indent++; 464 465 if (ref && ref->name) { 466 if (*ref->name == '[' && ref->enclosing) { 467 indent--; 468 (void) snprintf(ref_name, NDOBUFSZ, "%s%s", 469 ref->enclosing->name, ref->name); 470 } else { 471 (void) strlcpy(ref_name, ref->name, NDOBUFSZ); 472 } 473 } else { 474 (void) strlcpy(ref_name, "----", NDOBUFSZ); 475 } 476 477 (void) snprintf(buf, NDOBUFSZ, "%c%c %-.*s %-*s %s", 478 m_op_c, dir_c, indent, 479 "....+....+....+....+....+....", 480 20 - indent, ref_name, note); 481 482 ndo_trace(buf); 483 } 484 485 /*ARGSUSED*/ 486 void 487 ndo_trace(const char *s) 488 { 489 /* 490 * Temporary fbt for dtrace until user space sdt enabled. 491 */ 492 } 493 494 /* 495 * Format data as hex bytes (limit is 10 bytes): 496 * 497 * 1188689424 {10 f6 d9 46} 498 * 499 * If the input data is greater than 10 bytes, an ellipsis will 500 * be inserted before the closing brace. 501 */ 502 static void 503 ndo_hexfmt(uint8_t *data, int size, int swap_bytes, char *buf, int len) 504 { 505 char *p = buf; 506 int interp = 1; 507 uint32_t c; 508 int n; 509 int i; 510 511 n = (size > 10) ? 10 : size; 512 if (n > len-1) 513 n = len-1; 514 515 switch (size) { 516 case 1: 517 c = *(uint8_t *)data; 518 break; 519 case 2: 520 if (swap_bytes == 0) /*LINTED E_BAD_PTR_CAST_ALIGN*/ 521 c = *(uint16_t *)data; 522 else 523 c = (data[0] << 8) | data[1]; 524 break; 525 case 4: 526 if (swap_bytes == 0) { /*LINTED E_BAD_PTR_CAST_ALIGN*/ 527 c = *(uint32_t *)data; 528 } else { 529 c = (data[0] << 24) | (data[1] << 16) 530 | (data[2] << 8) | data[3]; 531 } 532 break; 533 default: 534 c = 0; 535 interp = 0; 536 break; 537 } 538 539 if (interp) 540 p += sprintf(p, "%4u {", c); 541 else 542 p += sprintf(p, " {"); 543 544 p += sprintf(p, "%02x", data[0]); 545 for (i = 1; i < n; i++) 546 p += sprintf(p, " %02x", data[i]); 547 if (size > 10) 548 p += sprintf(p, " ...}"); 549 else 550 p += sprintf(p, "}"); 551 552 /* 553 * Show c if it's a printable character or wide-char. 554 */ 555 if (size < 4 && isprint((uint8_t)c)) 556 (void) sprintf(p, " %c", (uint8_t)c); 557 } 558