bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
RPC_AUTH_SCHANNEL_CHK * chk,
prs_struct *ps, int depth)
{
if (chk == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_rpc_auth_schannel_chk");
depth++;
if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
return False;
if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
return False;
if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
return False;
if ( auth_len == RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ) {
if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )
return False;
}
return True;
}
BOOL smb_io_pol_hnd(const char *desc, POLICY_HND *pol, prs_struct *ps, int depth)
{
if (pol == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_pol_hnd");
depth++;
if(!prs_align(ps))
return False;
if(UNMARSHALLING(ps))
ZERO_STRUCTP(pol);
if (!prs_uint32("data1", ps, depth, &pol->data1))
return False;
if (!prs_uint32("data2", ps, depth, &pol->data2))
return False;
if (!prs_uint16("data3", ps, depth, &pol->data3))
return False;
if (!prs_uint16("data4", ps, depth, &pol->data4))
return False;
if(!prs_uint8s (False, "data5", ps, depth, pol->data5, sizeof(pol->data5)))
return False;
return True;
}
static bool prs_hbin_block(const char *desc, prs_struct *ps,
int depth, REGF_HBIN *hbin)
{
uint32 block_size2;
depth++;
if(!prs_uint8s("header", ps, depth, hbin->header, sizeof(hbin->header)))
return false;
if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off ))
return false;
/* The dosreg.cpp comments say that the block size is at 0x1c.
According to a WINXP NTUSER.dat file, this is wrong. The block_size
is at 0x08 */
if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size ))
return false;
block_size2 = hbin->block_size;
prs_set_offset( ps, 0x1c );
if ( !prs_uint32( "block_size2", ps, depth, &block_size2 ))
return false;
if ( !ps->io )
hbin->dirty = true;
return true;
}
static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS *trust)
{
prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
depth++;
if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) )
return False;
if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) )
return False;
if ( !prs_uint32( "flags", ps, depth, &trust->flags ) )
return False;
if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) )
return False;
if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) )
return False;
if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) )
return False;
if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) )
return False;
if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) )
return False;
return True;
}
static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob )
{
uint8 header[REC_HDR_SIZE] = "";
uint32 record_size;
uint32 curr_off, block_size;
bool found = false;
prs_struct *ps = &hbin->ps;
curr_off = ps->data_offset;
if ( curr_off == 0 )
prs_set_offset( ps, HBIN_HEADER_REC_SIZE );
/* assume that the current offset is at the reacord header
and we need to backup to read the record size */
curr_off -= sizeof(uint32);
block_size = ps->buffer_size;
record_size = 0;
while ( !found )
{
curr_off = curr_off+record_size;
if ( curr_off >= block_size )
break;
if ( !prs_set_offset( &hbin->ps, curr_off) )
return false;
if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
return false;
if ( !prs_uint8s("header", ps, 0, header, REC_HDR_SIZE ) )
return false;
if ( record_size & 0x80000000 ) {
/* absolute_value(record_size) */
record_size = (record_size ^ 0xffffffff) + 1;
}
if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
found = true;
curr_off += sizeof(uint32);
}
}
/* mark prs_struct as done ( at end ) if no more SK records */
/* mark end-of-block as true */
if ( !found )
{
prs_set_offset( &hbin->ps, hbin->ps.buffer_size );
*eob = true;
return false;
}
if (!prs_set_offset(ps, curr_off))
return false;
return true;
}
static bool hbin_prs_lf_records(const char *desc, REGF_HBIN *hbin,
int depth, REGF_NK_REC *nk)
{
int i;
REGF_LF_REC *lf = &nk->subkeys;
uint32 data_size, start_off, end_off;
depth++;
/* check if we have anything to do first */
if ( nk->num_subkeys == 0 )
return true;
/* move to the LF record */
if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
return false;
/* backup and get the data_size */
if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
return false;
start_off = hbin->ps.data_offset;
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
return false;
if(!prs_uint8s("header", &hbin->ps, depth,
lf->header, sizeof(lf->header)))
return false;
if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
return false;
if ( hbin->ps.io ) {
if ( !(lf->hashes = (REGF_HASH_REC*)zcalloc(sizeof(REGF_HASH_REC), lf->num_keys )) )
return false;
}
for ( i=0; i<lf->num_keys; i++ ) {
if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
return false;
}
end_off = hbin->ps.data_offset;
/* data_size must be divisible by 8 and large enough to hold the original record */
data_size = ((start_off - end_off) & 0xfffffff8 );
/* if ( data_size > lf->rec_size )*/
/*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));*/
if ( !hbin->ps.io )
hbin->dirty = true;
return true;
}
static bool prs_regf_block(const char *desc, prs_struct *ps,
int depth, REGF_FILE *file)
{
depth++;
if(!prs_uint8s("header", ps, depth, file->header, sizeof(file->header)))
return false;
/* yes, these values are always identical so store them only once */
if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
return false;
if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
return false;
/* get the modtime */
if ( !prs_set_offset( ps, 0x0c ) )
return false;
if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
return false;
/* constants */
if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
return false;
if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
return false;
if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
return false;
if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
return false;
/* get file offsets */
if ( !prs_set_offset( ps, 0x24 ) )
return false;
if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
return false;
if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
return false;
/* one more constant */
if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
return false;
/* get the checksum */
if ( !prs_set_offset( ps, 0x01fc ) )
return false;
if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
return false;
return true;
}
static BOOL net_io_id_info2(char *desc, NET_ID_INFO_2 *id, prs_struct *ps, int depth)
{
if (id == NULL)
return False;
prs_debug(ps, depth, desc, "net_io_id_info2");
depth++;
if(!prs_align(ps))
return False;
if(!prs_uint32("ptr_id_info2", ps, depth, &id->ptr_id_info2))
return False;
if (id->ptr_id_info2 != 0) {
if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
return False;
if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
return False;
if(!smb_io_logon_id("", &id->logon_id, ps, depth))
return False;
if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
return False;
if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
return False;
if(!prs_uint8s (False, "lm_chal", ps, depth, id->lm_chal, 8)) /* lm 8 byte challenge */
return False;
if(!smb_io_strhdr("hdr_nt_chal_resp", &id->hdr_nt_chal_resp, ps, depth))
return False;
if(!smb_io_strhdr("hdr_lm_chal_resp", &id->hdr_lm_chal_resp, ps, depth))
return False;
if(!smb_io_unistr2("uni_domain_name", &id->uni_domain_name,
id->hdr_domain_name.buffer, ps, depth))
return False;
if(!smb_io_unistr2("uni_user_name ", &id->uni_user_name,
id->hdr_user_name.buffer, ps, depth))
return False;
if(!smb_io_unistr2("uni_wksta_name ", &id->uni_wksta_name,
id->hdr_wksta_name.buffer, ps, depth))
return False;
if(!smb_io_string2("nt_chal_resp", &id->nt_chal_resp,
id->hdr_nt_chal_resp.buffer, ps, depth))
return False;
if(!smb_io_string2("lm_chal_resp", &id->lm_chal_resp,
id->hdr_lm_chal_resp.buffer, ps, depth))
return False;
}
return True;
}
static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash )
{
depth++;
if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
return false;
if ( !prs_uint8s("keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
return false;
return true;
}
BOOL smb_io_chal(const char *desc, DOM_CHAL *chal, prs_struct *ps, int depth)
{
if (chal == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_chal");
depth++;
if(!prs_uint8s (False, "data", ps, depth, chal->data, 8))
return False;
return True;
}
BOOL smb_io_uuid(const char *desc, struct uuid *uuid,
prs_struct *ps, int depth)
{
if (uuid == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_uuid");
depth++;
if(!prs_uint32 ("data ", ps, depth, &uuid->time_low))
return False;
if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid))
return False;
if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version))
return False;
if(!prs_uint8s (False, "data ", ps, depth, uuid->clock_seq, sizeof(uuid->clock_seq)))
return False;
if(!prs_uint8s (False, "data ", ps, depth, uuid->node, sizeof(uuid->node)))
return False;
return True;
}
static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk )
{
prs_struct *ps = &hbin->ps;
uint16 tag = 0xFFFF;
uint32 data_size, start_off, end_off;
depth++;
if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
return false;
/* backup and get the data_size */
if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
return false;
start_off = hbin->ps.data_offset;
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
return false;
if (!prs_uint8s("header", ps, depth, sk->header, sizeof(sk->header)))
return false;
if ( !prs_uint16( "tag", ps, depth, &tag))
return false;
if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
return false;
if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
return false;
if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
return false;
if ( !prs_uint32( "size", ps, depth, &sk->size))
return false;
if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth ))
return false;
end_off = hbin->ps.data_offset;
/* data_size must be divisible by 8 and large enough to hold the original record */
data_size = ((start_off - end_off) & 0xfffffff8 );
/* if ( data_size > sk->rec_size )*/
/*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));*/
if ( !hbin->ps.io )
hbin->dirty = true;
return true;
}
BOOL smb_io_owf_info(const char *desc, OWF_INFO *hash, prs_struct *ps, int depth)
{
if (hash == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_owf_info");
depth++;
if(!prs_align(ps))
return False;
if(!prs_uint8s (False, "data", ps, depth, hash->data, 16))
return False;
return True;
}
static bool smb_io_rpc_addr_str(const char *desc, RPC_ADDR_STR *str, prs_struct *ps, int depth)
{
if (str == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
depth++;
if(!prs_align(ps))
return False;
if(!prs_uint16 ( "len", ps, depth, &str->len))
return False;
if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
return False;
return True;
}
static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic)
{
DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
if ( UNMARSHALLING(ps) )
p = *basic = (DSROLE_PRIMARY_DOMAIN_INFO_BASIC *)prs_alloc_mem(ps, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
if ( !p )
return False;
if ( !prs_uint16("machine_role", ps, depth, &p->machine_role) )
return False;
if ( !prs_uint16("unknown", ps, depth, &p->unknown) )
return False;
if ( !prs_uint32("flags", ps, depth, &p->flags) )
return False;
if ( !prs_uint32("netbios_ptr", ps, depth, &p->netbios_ptr) )
return False;
if ( !prs_uint32("dnsname_ptr", ps, depth, &p->dnsname_ptr) )
return False;
if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) )
return False;
if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) )
return False;
if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) )
return False;
if ( !prs_align(ps) )
return False;
if ( !smb_io_unistr2( "dns_domain", &p->dns_domain, p->dnsname_ptr, ps, depth) )
return False;
if ( !prs_align(ps) )
return False;
if ( !smb_io_unistr2( "forest_domain", &p->forest_domain, p->forestname_ptr, ps, depth) )
return False;
if ( !prs_align(ps) )
return False;
return True;
}
BOOL echo_io_r_echo_data(const char *desc, ECHO_R_ECHO_DATA *q_d,
prs_struct *ps, int depth)
{
if (!prs_uint32("size", ps, 0, &q_d->size))
return False;
if (UNMARSHALLING(ps)) {
q_d->data = PRS_ALLOC_MEM(ps, char, q_d->size);
if (!q_d->data)
return False;
}
if (!prs_uint8s(False, "data", ps, depth, (unsigned char *)q_d->data, q_d->size))
return False;
return True;
}
BOOL net_io_q_srv_pwset(char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth)
{
if (q_s == NULL)
return False;
prs_debug(ps, depth, desc, "net_io_q_srv_pwset");
depth++;
if(!prs_align(ps))
return False;
if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */
return False;
if(!prs_uint8s (False, "pwd", ps, depth, q_s->pwd, 16)) /* new password - undocumented */
return False;
return True;
}
BOOL smb_io_rpc_blob(const char *desc, RPC_DATA_BLOB *blob, prs_struct *ps, int depth)
{
prs_debug(ps, depth, desc, "smb_io_rpc_blob");
depth++;
prs_align(ps);
if ( !prs_uint32("buf_len", ps, depth, &blob->buf_len) )
return False;
if ( blob->buf_len == 0 )
return True;
if (UNMARSHALLING(ps)) {
blob->buffer = PRS_ALLOC_MEM(ps, uint8, blob->buf_len);
if (!blob->buffer) {
return False;
}
}
if ( !prs_uint8s(True, "buffer", ps, depth, blob->buffer, blob->buf_len) )
return False;
return True;
}
static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth,
REGF_VK_REC *vk, REGF_FILE *file )
{
uint32 offset;
uint16 name_length;
prs_struct *ps = &hbin->ps;
uint32 data_size, start_off, end_off;
depth++;
/* backup and get the data_size */
if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
return false;
start_off = hbin->ps.data_offset;
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
return false;
if ( !prs_uint8s("header", ps, depth, vk->header, sizeof( vk->header )) )
return false;
if ( !hbin->ps.io )
name_length = strlen(vk->valuename);
if ( !prs_uint16( "name_length", ps, depth, &name_length ))
return false;
if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
return false;
if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
return false;
if ( !prs_uint32( "type", ps, depth, &vk->type))
return false;
if ( !prs_uint16( "flag", ps, depth, &vk->flag))
return false;
offset = ps->data_offset;
offset += 2; /* skip 2 bytes */
prs_set_offset( ps, offset );
/* get the name */
if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
if ( hbin->ps.io ) {
if ( !(vk->valuename = (char*)zcalloc(sizeof(char), name_length+1 )))
return false;
}
if ( !prs_uint8s("name", ps, depth,
(uint8*)vk->valuename, name_length) )
return false;
}
end_off = hbin->ps.data_offset;
/* get the data if necessary */
if ( vk->data_size != 0 )
{
/* the data is stored in the offset if the size <= 4 */
if ( !(vk->data_size & VK_DATA_IN_OFFSET) )
{
REGF_HBIN *hblock = hbin;
uint32 data_rec_size;
if ( hbin->ps.io )
{
if ( !(vk->data = (uint8*)zcalloc(sizeof(uint8), vk->data_size) ) )
return false;
}
/* this data can be in another hbin */
if ( !hbin_contains_offset( hbin, vk->data_off ) )
{
if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
return false;
}
if (!(prs_set_offset(&hblock->ps,
(vk->data_off
+ HBIN_HDR_SIZE
- hblock->first_hbin_off)
- sizeof(uint32))))
{ return false; }
if ( !hblock->ps.io )
{
data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
}
if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
return false;
if(!prs_uint8s("data", &hblock->ps, depth,
vk->data, vk->data_size))
return false;
if ( !hblock->ps.io )
hblock->dirty = true;
}
else
{
if(!(vk->data = zcalloc(sizeof(uint8), 4)))
return false;
SIVAL( vk->data, 0, vk->data_off );
}
}
/* data_size must be divisible by 8 and large enough to hold the original record */
data_size = ((start_off - end_off ) & 0xfffffff8 );
/* XXX: should probably print a warning here */
/*if ( data_size != vk->rec_size )
DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));*/
if ( !hbin->ps.io )
hbin->dirty = true;
return true;
}
/** Structure of response seems to be:
DWORD num_bytes_in_resp -- MUST be the same as q_u->max_read_size
for i=0..n
EVENTLOGRECORD record
DWORD sent_size -- sum of EVENTLOGRECORD lengths if records returned, 0 otherwise
DWORD real_size -- 0 if records returned, otherwise length of next record to be returned
WERROR status */
BOOL eventlog_io_r_read_eventlog(const char *desc,
EVENTLOG_Q_READ_EVENTLOG *q_u,
EVENTLOG_R_READ_EVENTLOG *r_u,
prs_struct *ps,
int depth)
{
Eventlog_entry *entry;
uint32 record_written = 0;
uint32 record_total = 0;
if(r_u == NULL)
return False;
prs_debug(ps, depth, desc, "eventlog_io_r_read_eventlog");
depth++;
/* First, see if we've read more logs than we can output */
if(r_u->num_bytes_in_resp > q_u->max_read_size) {
entry = r_u->entry;
/* remove the size of the last entry from the list */
while(entry->next != NULL)
entry = entry->next;
r_u->num_bytes_in_resp -= entry->record.length;
/* do not output the last log entry */
r_u->num_records--;
}
entry = r_u->entry;
record_total = r_u->num_records;
if(r_u->num_bytes_in_resp != 0)
r_u->sent_size = r_u->num_bytes_in_resp;
else
r_u->real_size = r_u->bytes_in_next_record;
if(!(prs_align(ps)))
return False;
if(!(prs_uint32("bytes in resp", ps, depth, &(q_u->max_read_size))))
return False;
while(entry != NULL && record_written < record_total)
{
DEBUG(11, ("eventlog_io_r_read_eventlog: writing record [%d] out of [%d].\n", record_written, record_total));
/* Encode the actual eventlog record record */
if(!(prs_uint32("length", ps, depth, &(entry->record.length))))
return False;
if(!(prs_uint32("reserved", ps, depth, &(entry->record.reserved1))))
return False;
if(!(prs_uint32("record number", ps, depth, &(entry->record.record_number))))
return False;
if(!(prs_uint32("time generated", ps, depth, &(entry->record.time_generated))))
return False;
if(!(prs_uint32("time written", ps, depth, &(entry->record.time_written))))
return False;
if(!(prs_uint32("event id", ps, depth, &(entry->record.event_id))))
return False;
if(!(prs_uint16("event type", ps, depth, &(entry->record.event_type))))
return False;
if(!(prs_uint16("num strings", ps, depth, &(entry->record.num_strings))))
return False;
if(!(prs_uint16("event category", ps, depth, &(entry->record.event_category))))
return False;
if(!(prs_uint16("reserved2", ps, depth, &(entry->record.reserved2))))
return False;
if(!(prs_uint32("closing record", ps, depth, &(entry->record.closing_record_number))))
return False;
if(!(prs_uint32("string offset", ps, depth, &(entry->record.string_offset))))
return False;
if(!(prs_uint32("user sid length", ps, depth, &(entry->record.user_sid_length))))
return False;
if(!(prs_uint32("user sid offset", ps, depth, &(entry->record.user_sid_offset))))
return False;
if(!(prs_uint32("data length", ps, depth, &(entry->record.data_length))))
return False;
if(!(prs_uint32("data offset", ps, depth, &(entry->record.data_offset))))
return False;
if(!(prs_align(ps)))
return False;
/* Now encoding data */
if(!(prs_uint8s(False, "buffer", ps, depth, entry->data,
entry->record.length - sizeof(Eventlog_record) - sizeof(entry->record.length))))
{
return False;
}
if(!(prs_align(ps)))
return False;
if(!(prs_uint32("length 2", ps, depth, &(entry->record.length))))
return False;
entry = entry->next;
record_written++;
} /* end of encoding EVENTLOGRECORD */
/* Now pad with whitespace until the end of the response buffer */
if (q_u->max_read_size - r_u->num_bytes_in_resp) {
if (!r_u->end_of_entries_padding) {
return False;
}
if(!(prs_uint8s(False, "end of entries padding", ps,
depth, r_u->end_of_entries_padding,
(q_u->max_read_size - r_u->num_bytes_in_resp)))) {
free(r_u->end_of_entries_padding);
return False;
}
free(r_u->end_of_entries_padding);
}
/* We had better be DWORD aligned here */
if(!(prs_uint32("sent size", ps, depth, &(r_u->sent_size))))
return False;
if(!(prs_uint32("real size", ps, depth, &(r_u->real_size))))
return False;
if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
return False;
return True;
}
static bool prs_nk_rec( const char *desc, prs_struct *ps,
int depth, REGF_NK_REC *nk )
{
uint16 class_length, name_length;
uint32 start;
uint32 data_size, start_off, end_off;
uint32 unknown_off = REGF_OFFSET_NONE;
nk->hbin_off = ps->data_offset;
start = nk->hbin_off;
depth++;
/* back up and get the data_size */
if ( !prs_set_offset( ps, ps->data_offset-sizeof(uint32)) )
return false;
start_off = ps->data_offset;
if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
return false;
if (!prs_uint8s("header", ps, depth, nk->header, sizeof(nk->header)))
return false;
if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
return false;
if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
return false;
if ( !prs_set_offset( ps, start+0x0010 ) )
return false;
if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
return false;
if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
return false;
if ( !prs_set_offset( ps, start+0x001c ) )
return false;
if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
return false;
if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
return false;
if ( !prs_set_offset( ps, start+0x0024 ) )
return false;
if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
return false;
if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
return false;
if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
return false;
if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
return false;
if (!prs_uint32("max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
return false;
if ( !prs_uint32( "max_bytes_subkeyclassname", ps,
depth, &nk->max_bytes_subkeyclassname))
{ return false; }
if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
return false;
if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
return false;
if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
return false;
name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
class_length = nk->classname ? strlen(nk->classname) : 0 ;
if ( !prs_uint16( "name_length", ps, depth, &name_length ))
return false;
if ( !prs_uint16( "class_length", ps, depth, &class_length ))
return false;
if ( class_length )
{
/* XXX: why isn't this parsed? */
;;
}
if ( name_length )
{
if(ps->io && !(nk->keyname = (char*)zcalloc(sizeof(char), name_length+1)))
return false;
if(!prs_uint8s("name", ps, depth, (uint8*)nk->keyname, name_length))
return false;
if(ps->io)
nk->keyname[name_length] = '\0';
}
end_off = ps->data_offset;
/* data_size must be divisible by 8 and large enough to hold
the original record */
data_size = ((start_off - end_off) & 0xfffffff8 );
/*if ( data_size > nk->rec_size )
DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));*/
if ( !ps->io )
nk->hbin->dirty = true;
return true;
}
static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth)
{
int i;
if (usr == NULL)
return False;
prs_debug(ps, depth, desc, "lsa_io_lsa_user_info");
depth++;
if(!prs_align(ps))
return False;
if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info))
return False;
if (usr->ptr_user_info == 0)
return True;
if(!smb_io_time("time", &usr->logon_time, ps, depth)) /* logon time */
return False;
if(!smb_io_time("time", &usr->logoff_time, ps, depth)) /* logoff time */
return False;
if(!smb_io_time("time", &usr->kickoff_time, ps, depth)) /* kickoff time */
return False;
if(!smb_io_time("time", &usr->pass_last_set_time, ps, depth)) /* password last set time */
return False;
if(!smb_io_time("time", &usr->pass_can_change_time , ps, depth)) /* password can change time */
return False;
if(!smb_io_time("time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
return False;
if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count)) /* logon count */
return False;
if(!prs_uint16("bad_pw_count ", ps, depth, &usr->bad_pw_count)) /* bad password count */
return False;
if(!prs_uint32("user_id ", ps, depth, &usr->user_id)) /* User ID */
return False;
if(!prs_uint32("group_id ", ps, depth, &usr->group_id)) /* Group ID */
return False;
if(!prs_uint32("num_groups ", ps, depth, &usr->num_groups)) /* num groups */
return False;
if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */
return False;
if(!prs_uint32("user_flgs ", ps, depth, &usr->user_flgs)) /* user flags */
return False;
if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
return False;
if(!smb_io_unihdr("unihdr", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
return False;
if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
return False;
if(!prs_uint8s (False, "padding ", ps, depth, usr->padding, 40)) /* unused padding bytes? */
return False;
if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */
return False;
if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
return False;
if(!prs_align(ps))
return False;
if(!prs_uint32("num_groups2 ", ps, depth, &usr->num_groups2)) /* num groups */
return False;
SMB_ASSERT_ARRAY(usr->gids, usr->num_groups2);
for (i = 0; i < usr->num_groups2; i++) {
if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */
return False;
}
if(!smb_io_unistr2("unistr2", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
return False;
if(!smb_io_unistr2("unistr2", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
return False;
if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */
return False;
SMB_ASSERT_ARRAY(usr->other_sids, usr->num_other_sids);
for (i = 0; i < usr->num_other_sids; i++) {
if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
return False;
}
return True;
}