FreeBSD/Linux Kernel Cross Reference
sys/netncp/ncp_ncp.c
1 /*
2 * Copyright (c) 1999, 2000, 2001 Boris Popov
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $FreeBSD: releng/5.1/sys/netncp/ncp_ncp.c 114983 2003-05-13 20:36:02Z jhb $
33 *
34 * Core of NCP protocol
35 */
36
37 #include <sys/param.h>
38 #include <sys/errno.h>
39 #include <sys/systm.h>
40 #include <sys/proc.h>
41 #include <sys/signalvar.h>
42 #include <sys/sysctl.h>
43 #include <sys/mbuf.h>
44 #include <sys/lock.h>
45 #include <sys/mutex.h>
46 #include <sys/uio.h>
47
48 #include <netipx/ipx.h>
49 #include <netipx/ipx_var.h>
50
51 #include <netncp/ncp.h>
52 #include <netncp/ncp_conn.h>
53 #include <netncp/ncp_sock.h>
54 #include <netncp/ncp_subr.h>
55 #include <netncp/ncp_ncp.h>
56 #include <netncp/ncp_rq.h>
57 #include <netncp/nwerror.h>
58
59 #ifdef NCP_DATA_DEBUG
60 static
61 void m_dumpm(struct mbuf *m) {
62 char *p;
63 int len;
64 printf("d=");
65 while(m) {
66 p=mtod(m,char *);
67 len=m->m_len;
68 printf("(%d)",len);
69 while(len--){
70 printf("%02x ",((int)*(p++)) & 0xff);
71 }
72 m=m->m_next;
73 };
74 printf("\n");
75 }
76 #endif /* NCP_DATA_DEBUG */
77
78 int
79 ncp_chkintr(struct ncp_conn *conn, struct thread *td)
80 {
81 struct proc *p;
82 sigset_t tmpset;
83
84 if (td == NULL)
85 return 0;
86 p = td->td_proc;
87 PROC_LOCK(p);
88 tmpset = p->p_siglist;
89 SIGSETOR(tmpset, td->td_siglist);
90 SIGSETNAND(tmpset, td->td_sigmask);
91 mtx_lock(&p->p_sigacts->ps_mtx);
92 SIGSETNAND(tmpset, p->p_sigacts->ps_sigignore);
93 mtx_unlock(&p->p_sigacts->ps_mtx);
94 if (SIGNOTEMPTY(td->td_siglist) && NCP_SIGMASK(tmpset)) {
95 PROC_UNLOCK(p);
96 return EINTR;
97 }
98 PROC_UNLOCK(p);
99 return 0;
100 }
101
102 /*
103 * Process initial NCP handshake (attach)
104 * NOTE: Since all functions below may change conn attributes, they
105 * should be called with LOCKED connection, also they use procp & ucred
106 */
107 int
108 ncp_ncp_connect(struct ncp_conn *conn)
109 {
110 struct ncp_rq *rqp;
111 struct ncp_rphdr *rp;
112 int error;
113
114 error = ncp_rq_alloc_any(NCP_ALLOC_SLOT, 0, conn, conn->td, conn->ucred, &rqp);
115 if (error)
116 return error;
117
118 conn->flags &= ~(NCPFL_SIGNACTIVE | NCPFL_SIGNWANTED |
119 NCPFL_ATTACHED | NCPFL_LOGGED | NCPFL_INVALID);
120 conn->seq = 0;
121 error = ncp_request_int(rqp);
122 if (!error) {
123 rp = mtod(rqp->rp.md_top, struct ncp_rphdr*);
124 conn->connid = rp->conn_low + (rp->conn_high << 8);
125 }
126 ncp_rq_done(rqp);
127 if (error)
128 return error;
129 conn->flags |= NCPFL_ATTACHED | NCPFL_WASATTACHED;
130 return 0;
131 }
132
133 int
134 ncp_ncp_disconnect(struct ncp_conn *conn)
135 {
136 struct ncp_rq *rqp;
137 int error;
138
139 NCPSDEBUG("for connid=%d\n",conn->nc_id);
140 #ifdef NCPBURST
141 ncp_burst_disconnect(conn);
142 #endif
143 if (conn->flags & NCPFL_ATTACHED) {
144 error = ncp_rq_alloc_any(NCP_FREE_SLOT, 0, conn, conn->td, conn->ucred, &rqp);
145 if (!error) {
146 ncp_request_int(rqp);
147 ncp_rq_done(rqp);
148 }
149 }
150 ncp_conn_invalidate(conn);
151 ncp_sock_disconnect(conn);
152 return 0;
153 }
154
155 /*
156 * All negotiation functions expect a locked connection
157 */
158
159 int
160 ncp_negotiate_buffersize(struct ncp_conn *conn, int size, int *target)
161 {
162 struct ncp_rq *rqp;
163 u_int16_t bsize;
164 int error;
165
166 error = ncp_rq_alloc(0x21, conn, conn->td, conn->ucred, &rqp);
167 if (error)
168 return error;
169 mb_put_uint16be(&rqp->rq, size);
170 error = ncp_request(rqp);
171 if (error)
172 return error;
173 md_get_uint16be(&rqp->rp, &bsize);
174 *target = min(bsize, size);
175 ncp_rq_done(rqp);
176 return error;
177 }
178
179 static int
180 ncp_negotiate_size_and_options(struct ncp_conn *conn, int size, int options,
181 int *ret_size, u_int8_t *ret_options)
182 {
183 struct ncp_rq *rqp;
184 u_int16_t rs;
185 int error;
186
187 error = ncp_rq_alloc(0x61, conn, conn->td, conn->ucred, &rqp);
188 if (error)
189 return error;
190 mb_put_uint16be(&rqp->rq, size);
191 mb_put_uint8(&rqp->rq, options);
192 rqp->nr_minrplen = 2 + 2 + 1;
193 error = ncp_request(rqp);
194 if (error)
195 return error;
196 md_get_uint16be(&rqp->rp, &rs);
197 *ret_size = (rs == 0) ? size : min(rs, size);
198 md_get_uint16be(&rqp->rp, &rs); /* skip echo socket */
199 md_get_uint8(&rqp->rp, ret_options);
200 ncp_rq_done(rqp);
201 return error;
202 }
203
204 int
205 ncp_renegotiate_connparam(struct ncp_conn *conn, int buffsize, u_int8_t in_options)
206 {
207 u_int8_t options;
208 int neg_buffsize, error, sl, ckslevel, ilen;
209
210 sl = conn->li.sig_level;
211 if (sl >= 2)
212 in_options |= NCP_SECURITY_LEVEL_SIGN_HEADERS;
213 if (conn->li.saddr.sa_family == AF_IPX) {
214 ilen = sizeof(ckslevel);
215 error = kernel_sysctlbyname(curthread, "net.ipx.ipx.checksum",
216 &ckslevel, &ilen, NULL, 0, NULL);
217 if (error)
218 return error;
219 if (ckslevel == 2)
220 in_options |= NCP_IPX_CHECKSUM;
221 }
222 error = ncp_negotiate_size_and_options(conn, buffsize, in_options,
223 &neg_buffsize, &options);
224 if (!error) {
225 if (conn->li.saddr.sa_family == AF_IPX &&
226 ((options ^ in_options) & NCP_IPX_CHECKSUM)) {
227 if (ckslevel == 2) {
228 printf("Server refuses to support IPX checksums\n");
229 return NWE_REQUESTER_FAILURE;
230 }
231 in_options |= NCP_IPX_CHECKSUM;
232 error = 1;
233 }
234 if ((options ^ in_options) & 2) {
235 if (sl == 0 || sl == 3)
236 return NWE_SIGNATURE_LEVEL_CONFLICT;
237 if (sl == 1) {
238 in_options |= NCP_SECURITY_LEVEL_SIGN_HEADERS;
239 error = 1;
240 }
241 }
242 if (error) {
243 error = ncp_negotiate_size_and_options(conn,
244 buffsize, in_options, &neg_buffsize, &options);
245 if ((options ^ in_options) & 3) {
246 return NWE_SIGNATURE_LEVEL_CONFLICT;
247 }
248 }
249 } else {
250 in_options &= ~NCP_SECURITY_LEVEL_SIGN_HEADERS;
251 error = ncp_negotiate_buffersize(conn, NCP_DEFAULT_BUFSIZE,
252 &neg_buffsize);
253 }
254 if (error) return error;
255 if ((neg_buffsize < 512) || (neg_buffsize > NCP_MAX_BUFSIZE))
256 return EINVAL;
257 conn->buffer_size = neg_buffsize;
258 if (in_options & NCP_SECURITY_LEVEL_SIGN_HEADERS)
259 conn->flags |= NCPFL_SIGNWANTED;
260 if (conn->li.saddr.sa_family == AF_IPX)
261 ncp_sock_checksum(conn, in_options & NCP_IPX_CHECKSUM);
262 return 0;
263 }
264
265 void
266 ncp_check_rq(struct ncp_conn *conn)
267 {
268 return;
269 if (conn->flags & NCPFL_INTR)
270 return;
271 /* first, check for signals */
272 if (ncp_chkintr(conn, conn->td))
273 conn->flags |= NCPFL_INTR;
274 return;
275 }
276
277 int
278 ncp_get_bindery_object_id(struct ncp_conn *conn,
279 u_int16_t object_type, char *object_name,
280 struct ncp_bindery_object *target,
281 struct thread *td, struct ucred *cred)
282 {
283 struct ncp_rq *rqp;
284 int error;
285
286 error = ncp_rq_alloc_subfn(23, 53, conn, conn->td, conn->ucred, &rqp);
287 mb_put_uint16be(&rqp->rq, object_type);
288 ncp_rq_pstring(rqp, object_name);
289 rqp->nr_minrplen = 54;
290 error = ncp_request(rqp);
291 if (error)
292 return error;
293 md_get_uint32be(&rqp->rp, &target->object_id);
294 md_get_uint16be(&rqp->rp, &target->object_type);
295 md_get_mem(&rqp->rp, (caddr_t)target->object_name, 48, MB_MSYSTEM);
296 ncp_rq_done(rqp);
297 return 0;
298 }
299
300 /*
301 * target is a 8-byte buffer
302 */
303 int
304 ncp_get_encryption_key(struct ncp_conn *conn, char *target)
305 {
306 struct ncp_rq *rqp;
307 int error;
308
309 error = ncp_rq_alloc_subfn(23, 23, conn, conn->td, conn->ucred, &rqp);
310 if (error)
311 return error;
312 rqp->nr_minrplen = 8;
313 error = ncp_request(rqp);
314 if (error)
315 return error;
316 md_get_mem(&rqp->rp, target, 8, MB_MSYSTEM);
317 ncp_rq_done(rqp);
318 return error;
319 }
320
321 /*
322 * Initialize packet signatures. They a slightly modified MD4.
323 * The first 16 bytes of logindata are the shuffled password,
324 * the last 8 bytes the encryption key as received from the server.
325 */
326 static int
327 ncp_sign_start(struct ncp_conn *conn, char *logindata)
328 {
329 char msg[64];
330 u_int32_t state[4];
331
332 memcpy(msg, logindata, 24);
333 memcpy(msg + 24, "Authorized NetWare Client", 25);
334 bzero(msg + 24 + 25, sizeof(msg) - 24 - 25);
335
336 conn->sign_state[0] = 0x67452301;
337 conn->sign_state[1] = 0xefcdab89;
338 conn->sign_state[2] = 0x98badcfe;
339 conn->sign_state[3] = 0x10325476;
340 ncp_sign(conn->sign_state, msg, state);
341 conn->sign_root[0] = state[0];
342 conn->sign_root[1] = state[1];
343 conn->flags |= NCPFL_SIGNACTIVE;
344 return 0;
345 }
346
347
348 int
349 ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object,
350 const u_char *key, const u_char *passwd,
351 struct thread *td, struct ucred *cred)
352 {
353 struct ncp_rq *rqp;
354 struct mbchain *mbp;
355 u_int32_t tmpID = htonl(object->object_id);
356 u_char buf[16 + 8];
357 u_char encrypted[8];
358 int error;
359
360 nw_keyhash((u_char*)&tmpID, passwd, strlen(passwd), buf);
361 nw_encrypt(key, buf, encrypted);
362
363 error = ncp_rq_alloc_subfn(23, 24, conn, td, cred, &rqp);
364 if (error)
365 return error;
366 mbp = &rqp->rq;
367 mb_put_mem(mbp, encrypted, 8, MB_MSYSTEM);
368 mb_put_uint16be(mbp, object->object_type);
369 ncp_rq_pstring(rqp, object->object_name);
370 error = ncp_request(rqp);
371 if (!error)
372 ncp_rq_done(rqp);
373 if ((conn->flags & NCPFL_SIGNWANTED) &&
374 (error == 0 || error == NWE_PASSWORD_EXPIRED)) {
375 bcopy(key, buf + 16, 8);
376 error = ncp_sign_start(conn, buf);
377 }
378 return error;
379 }
380
381 int
382 ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type,
383 const char *object_name, const u_char *passwd,
384 struct thread *td, struct ucred *cred)
385 {
386 struct ncp_rq *rqp;
387 int error;
388
389 error = ncp_rq_alloc_subfn(23, 20, conn, td, cred, &rqp);
390 if (error)
391 return error;
392 mb_put_uint16be(&rqp->rq, object_type);
393 ncp_rq_pstring(rqp, object_name);
394 ncp_rq_pstring(rqp, passwd);
395 error = ncp_request(rqp);
396 if (!error)
397 ncp_rq_done(rqp);
398 return error;
399 }
400
401 int
402 ncp_read(struct ncp_conn *conn, ncp_fh *file, struct uio *uiop, struct ucred *cred)
403 {
404 struct ncp_rq *rqp;
405 struct mbchain *mbp;
406 u_int16_t retlen = 0 ;
407 int error = 0, len = 0, tsiz, burstio;
408
409 tsiz = uiop->uio_resid;
410 #ifdef NCPBURST
411 burstio = (ncp_burst_enabled && tsiz > conn->buffer_size);
412 #else
413 burstio = 0;
414 #endif
415
416 while (tsiz > 0) {
417 if (!burstio) {
418 len = min(4096 - (uiop->uio_offset % 4096), tsiz);
419 len = min(len, conn->buffer_size);
420 error = ncp_rq_alloc(72, conn, uiop->uio_td, cred, &rqp);
421 if (error)
422 break;
423 mbp = &rqp->rq;
424 mb_put_uint8(mbp, 0);
425 mb_put_mem(mbp, (caddr_t)file, 6, MB_MSYSTEM);
426 mb_put_uint32be(mbp, uiop->uio_offset);
427 mb_put_uint16be(mbp, len);
428 rqp->nr_minrplen = 2;
429 error = ncp_request(rqp);
430 if (error)
431 break;
432 md_get_uint16be(&rqp->rp, &retlen);
433 if (uiop->uio_offset & 1)
434 md_get_mem(&rqp->rp, NULL, 1, MB_MSYSTEM);
435 error = md_get_uio(&rqp->rp, uiop, retlen);
436 ncp_rq_done(rqp);
437 } else {
438 #ifdef NCPBURST
439 error = ncp_burst_read(conn, file, tsiz, &len, &retlen, uiop, cred);
440 #endif
441 }
442 if (error)
443 break;
444 tsiz -= retlen;
445 if (retlen < len)
446 break;
447 }
448 return (error);
449 }
450
451 int
452 ncp_write(struct ncp_conn *conn, ncp_fh *file, struct uio *uiop, struct ucred *cred)
453 {
454 struct ncp_rq *rqp;
455 struct mbchain *mbp;
456 int error = 0, len, tsiz, backup;
457
458 if (uiop->uio_iovcnt != 1) {
459 printf("%s: can't handle iovcnt>1 !!!\n", __func__);
460 return EIO;
461 }
462 tsiz = uiop->uio_resid;
463 while (tsiz > 0) {
464 len = min(4096 - (uiop->uio_offset % 4096), tsiz);
465 len = min(len, conn->buffer_size);
466 if (len == 0) {
467 printf("gotcha!\n");
468 }
469 /* rq head */
470 error = ncp_rq_alloc(73, conn, uiop->uio_td, cred, &rqp);
471 if (error)
472 break;
473 mbp = &rqp->rq;
474 mb_put_uint8(mbp, 0);
475 mb_put_mem(mbp, (caddr_t)file, 6, MB_MSYSTEM);
476 mb_put_uint32be(mbp, uiop->uio_offset);
477 mb_put_uint16be(mbp, len);
478 error = mb_put_uio(mbp, uiop, len);
479 if (error) {
480 ncp_rq_done(rqp);
481 break;
482 }
483 error = ncp_request(rqp);
484 if (!error)
485 ncp_rq_done(rqp);
486 if (len == 0)
487 break;
488 if (error) {
489 backup = len;
490 uiop->uio_iov->iov_base =
491 (char *)uiop->uio_iov->iov_base - backup;
492 uiop->uio_iov->iov_len += backup;
493 uiop->uio_offset -= backup;
494 uiop->uio_resid += backup;
495 break;
496 }
497 tsiz -= len;
498 }
499 if (error)
500 uiop->uio_resid = tsiz;
501 switch (error) {
502 case NWE_INSUFFICIENT_SPACE:
503 error = ENOSPC;
504 break;
505 }
506 return (error);
507 }
Cache object: cd9f85a9f409a6b7b7292f4699e1b5a5
|