2 * Copyright (c) 1999, 2000, 2001 Boris Popov
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * Core of NCP protocol
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/errno.h>
34 #include <sys/systm.h>
36 #include <sys/signalvar.h>
37 #include <sys/sysctl.h>
40 #include <sys/mutex.h>
43 #include <netipx/ipx.h>
44 #include <netipx/ipx_var.h>
46 #include <netncp/ncp.h>
47 #include <netncp/ncp_conn.h>
48 #include <netncp/ncp_sock.h>
49 #include <netncp/ncp_subr.h>
50 #include <netncp/ncp_ncp.h>
51 #include <netncp/ncp_rq.h>
52 #include <netncp/nwerror.h>
56 void m_dumpm(struct mbuf *m) {
65 printf("%02x ",((int)*(p++)) & 0xff);
71 #endif /* NCP_DATA_DEBUG */
74 ncp_chkintr(struct ncp_conn *conn, struct thread *td)
83 tmpset = p->p_siglist;
84 SIGSETOR(tmpset, td->td_siglist);
85 SIGSETNAND(tmpset, td->td_sigmask);
86 mtx_lock(&p->p_sigacts->ps_mtx);
87 SIGSETNAND(tmpset, p->p_sigacts->ps_sigignore);
88 mtx_unlock(&p->p_sigacts->ps_mtx);
89 if (SIGNOTEMPTY(td->td_siglist) && NCP_SIGMASK(tmpset)) {
98 * Process initial NCP handshake (attach)
99 * NOTE: Since all functions below may change conn attributes, they
100 * should be called with LOCKED connection, also they use procp & ucred
103 ncp_ncp_connect(struct ncp_conn *conn)
106 struct ncp_rphdr *rp;
109 error = ncp_rq_alloc_any(NCP_ALLOC_SLOT, 0, conn, conn->td, conn->ucred, &rqp);
113 conn->flags &= ~(NCPFL_SIGNACTIVE | NCPFL_SIGNWANTED |
114 NCPFL_ATTACHED | NCPFL_LOGGED | NCPFL_INVALID);
116 error = ncp_request_int(rqp);
118 rp = mtod(rqp->rp.md_top, struct ncp_rphdr*);
119 conn->connid = rp->conn_low + (rp->conn_high << 8);
124 conn->flags |= NCPFL_ATTACHED | NCPFL_WASATTACHED;
129 ncp_ncp_disconnect(struct ncp_conn *conn)
134 NCPSDEBUG("for connid=%d\n",conn->nc_id);
136 ncp_burst_disconnect(conn);
138 if (conn->flags & NCPFL_ATTACHED) {
139 error = ncp_rq_alloc_any(NCP_FREE_SLOT, 0, conn, conn->td, conn->ucred, &rqp);
141 ncp_request_int(rqp);
145 ncp_conn_invalidate(conn);
146 ncp_sock_disconnect(conn);
151 * All negotiation functions expect a locked connection
155 ncp_negotiate_buffersize(struct ncp_conn *conn, int size, int *target)
161 error = ncp_rq_alloc(0x21, conn, conn->td, conn->ucred, &rqp);
164 mb_put_uint16be(&rqp->rq, size);
165 error = ncp_request(rqp);
168 md_get_uint16be(&rqp->rp, &bsize);
169 *target = min(bsize, size);
175 ncp_negotiate_size_and_options(struct ncp_conn *conn, int size, int options,
176 int *ret_size, u_int8_t *ret_options)
182 error = ncp_rq_alloc(0x61, conn, conn->td, conn->ucred, &rqp);
185 mb_put_uint16be(&rqp->rq, size);
186 mb_put_uint8(&rqp->rq, options);
187 rqp->nr_minrplen = 2 + 2 + 1;
188 error = ncp_request(rqp);
191 md_get_uint16be(&rqp->rp, &rs);
192 *ret_size = (rs == 0) ? size : min(rs, size);
193 md_get_uint16be(&rqp->rp, &rs); /* skip echo socket */
194 md_get_uint8(&rqp->rp, ret_options);
200 ncp_renegotiate_connparam(struct ncp_conn *conn, int buffsize, u_int8_t in_options)
203 int neg_buffsize, error, sl, ckslevel;
206 sl = conn->li.sig_level;
208 in_options |= NCP_SECURITY_LEVEL_SIGN_HEADERS;
209 if (conn->li.saddr.sa_family == AF_IPX) {
210 ilen = sizeof(ckslevel);
211 error = kernel_sysctlbyname(curthread, "net.ipx.ipx.checksum",
212 &ckslevel, &ilen, NULL, 0, NULL, 0);
216 in_options |= NCP_IPX_CHECKSUM;
218 error = ncp_negotiate_size_and_options(conn, buffsize, in_options,
219 &neg_buffsize, &options);
221 if (conn->li.saddr.sa_family == AF_IPX &&
222 ((options ^ in_options) & NCP_IPX_CHECKSUM)) {
224 printf("Server refuses to support IPX checksums\n");
225 return NWE_REQUESTER_FAILURE;
227 in_options |= NCP_IPX_CHECKSUM;
230 if ((options ^ in_options) & 2) {
231 if (sl == 0 || sl == 3)
232 return NWE_SIGNATURE_LEVEL_CONFLICT;
234 in_options |= NCP_SECURITY_LEVEL_SIGN_HEADERS;
239 error = ncp_negotiate_size_and_options(conn,
240 buffsize, in_options, &neg_buffsize, &options);
241 if ((options ^ in_options) & 3) {
242 return NWE_SIGNATURE_LEVEL_CONFLICT;
246 in_options &= ~NCP_SECURITY_LEVEL_SIGN_HEADERS;
247 error = ncp_negotiate_buffersize(conn, NCP_DEFAULT_BUFSIZE,
250 if (error) return error;
251 if ((neg_buffsize < 512) || (neg_buffsize > NCP_MAX_BUFSIZE))
253 conn->buffer_size = neg_buffsize;
254 if (in_options & NCP_SECURITY_LEVEL_SIGN_HEADERS)
255 conn->flags |= NCPFL_SIGNWANTED;
256 if (conn->li.saddr.sa_family == AF_IPX)
257 ncp_sock_checksum(conn, in_options & NCP_IPX_CHECKSUM);
262 ncp_check_rq(struct ncp_conn *conn)
265 if (conn->flags & NCPFL_INTR)
267 /* first, check for signals */
268 if (ncp_chkintr(conn, conn->td))
269 conn->flags |= NCPFL_INTR;
274 ncp_get_bindery_object_id(struct ncp_conn *conn,
275 u_int16_t object_type, char *object_name,
276 struct ncp_bindery_object *target,
277 struct thread *td, struct ucred *cred)
282 error = ncp_rq_alloc_subfn(23, 53, conn, conn->td, conn->ucred, &rqp);
283 mb_put_uint16be(&rqp->rq, object_type);
284 ncp_rq_pstring(rqp, object_name);
285 rqp->nr_minrplen = 54;
286 error = ncp_request(rqp);
289 md_get_uint32be(&rqp->rp, &target->object_id);
290 md_get_uint16be(&rqp->rp, &target->object_type);
291 md_get_mem(&rqp->rp, (caddr_t)target->object_name, 48, MB_MSYSTEM);
297 * target is a 8-byte buffer
300 ncp_get_encryption_key(struct ncp_conn *conn, char *target)
305 error = ncp_rq_alloc_subfn(23, 23, conn, conn->td, conn->ucred, &rqp);
308 rqp->nr_minrplen = 8;
309 error = ncp_request(rqp);
312 md_get_mem(&rqp->rp, target, 8, MB_MSYSTEM);
318 * Initialize packet signatures. They a slightly modified MD4.
319 * The first 16 bytes of logindata are the shuffled password,
320 * the last 8 bytes the encryption key as received from the server.
323 ncp_sign_start(struct ncp_conn *conn, char *logindata)
328 memcpy(msg, logindata, 24);
329 memcpy(msg + 24, "Authorized NetWare Client", 25);
330 bzero(msg + 24 + 25, sizeof(msg) - 24 - 25);
332 conn->sign_state[0] = 0x67452301;
333 conn->sign_state[1] = 0xefcdab89;
334 conn->sign_state[2] = 0x98badcfe;
335 conn->sign_state[3] = 0x10325476;
336 ncp_sign(conn->sign_state, msg, state);
337 conn->sign_root[0] = state[0];
338 conn->sign_root[1] = state[1];
339 conn->flags |= NCPFL_SIGNACTIVE;
345 ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object,
346 const u_char *key, const u_char *passwd,
347 struct thread *td, struct ucred *cred)
351 u_int32_t tmpID = htonl(object->object_id);
356 nw_keyhash((u_char*)&tmpID, passwd, strlen(passwd), buf);
357 nw_encrypt(key, buf, encrypted);
359 error = ncp_rq_alloc_subfn(23, 24, conn, td, cred, &rqp);
363 mb_put_mem(mbp, encrypted, 8, MB_MSYSTEM);
364 mb_put_uint16be(mbp, object->object_type);
365 ncp_rq_pstring(rqp, object->object_name);
366 error = ncp_request(rqp);
369 if ((conn->flags & NCPFL_SIGNWANTED) &&
370 (error == 0 || error == NWE_PASSWORD_EXPIRED)) {
371 bcopy(key, buf + 16, 8);
372 error = ncp_sign_start(conn, buf);
378 ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type,
379 const char *object_name, const u_char *passwd,
380 struct thread *td, struct ucred *cred)
385 error = ncp_rq_alloc_subfn(23, 20, conn, td, cred, &rqp);
388 mb_put_uint16be(&rqp->rq, object_type);
389 ncp_rq_pstring(rqp, object_name);
390 ncp_rq_pstring(rqp, passwd);
391 error = ncp_request(rqp);
398 ncp_read(struct ncp_conn *conn, ncp_fh *file, struct uio *uiop, struct ucred *cred)
402 u_int16_t retlen = 0 ;
403 int error = 0, len = 0, tsiz, burstio;
405 tsiz = uiop->uio_resid;
407 burstio = (ncp_burst_enabled && tsiz > conn->buffer_size);
414 len = min(4096 - (uiop->uio_offset % 4096), tsiz);
415 len = min(len, conn->buffer_size);
416 error = ncp_rq_alloc(72, conn, uiop->uio_td, cred, &rqp);
420 mb_put_uint8(mbp, 0);
421 mb_put_mem(mbp, (caddr_t)file, 6, MB_MSYSTEM);
422 mb_put_uint32be(mbp, uiop->uio_offset);
423 mb_put_uint16be(mbp, len);
424 rqp->nr_minrplen = 2;
425 error = ncp_request(rqp);
428 md_get_uint16be(&rqp->rp, &retlen);
429 if (uiop->uio_offset & 1)
430 md_get_mem(&rqp->rp, NULL, 1, MB_MSYSTEM);
431 error = md_get_uio(&rqp->rp, uiop, retlen);
435 error = ncp_burst_read(conn, file, tsiz, &len, &retlen, uiop, cred);
448 ncp_write(struct ncp_conn *conn, ncp_fh *file, struct uio *uiop, struct ucred *cred)
452 int error = 0, len, tsiz, backup;
454 if (uiop->uio_iovcnt != 1) {
455 printf("%s: can't handle iovcnt>1 !!!\n", __func__);
458 tsiz = uiop->uio_resid;
460 len = min(4096 - (uiop->uio_offset % 4096), tsiz);
461 len = min(len, conn->buffer_size);
466 error = ncp_rq_alloc(73, conn, uiop->uio_td, cred, &rqp);
470 mb_put_uint8(mbp, 0);
471 mb_put_mem(mbp, (caddr_t)file, 6, MB_MSYSTEM);
472 mb_put_uint32be(mbp, uiop->uio_offset);
473 mb_put_uint16be(mbp, len);
474 error = mb_put_uio(mbp, uiop, len);
479 error = ncp_request(rqp);
486 uiop->uio_iov->iov_base =
487 (char *)uiop->uio_iov->iov_base - backup;
488 uiop->uio_iov->iov_len += backup;
489 uiop->uio_offset -= backup;
490 uiop->uio_resid += backup;
496 uiop->uio_resid = tsiz;
498 case NWE_INSUFFICIENT_SPACE: