CVE-2021-23192 rpc: Give dcerpc_util.c its own header

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875

(cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c)

12 files changed, 113 insertions, 74 deletions

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 3d622b2be49..6a160e12023 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -25,6 +25,7 @@
 #include "lib/tsocket/tsocket.h"
 #include "lib/util/tevent_ntstatus.h"
 #include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "rpc_common.h"
 #include "lib/util/bitmap.h"
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
new file mode 100644
index 00000000000..0ecaf428c3c
--- /dev/null
+++ b/librpc/rpc/dcerpc_util.h
@@ -0,0 +1,103 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2010-2011
+   Copyright (C) Andrew Tridgell 2010-2011
+   Copyright (C) Simo Sorce 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__
+#define __LIBRPC_RPC_DCERPC_UTIL_H__
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/data_blob.h"
+#include "librpc/rpc/rpc_common.h"
+#include "librpc/gen_ndr/dcerpc.h"
+
+void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
+uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
+void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
+uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
+uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
+uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
+uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
+					      enum dcerpc_transport_t transport,
+					      const struct ndr_interface_table *table);
+
+NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
+				  const DATA_BLOB *blob,
+				  struct ncacn_packet *r);
+
+/**
+* @brief	Pull a dcerpc_auth structure, taking account of any auth
+*		padding in the blob. For request/response packets we pass
+*		the whole data blob, so auth_data_only must be set to false
+*		as the blob contains data+pad+auth and no just pad+auth.
+*
+* @param pkt		- The ncacn_packet strcuture
+* @param mem_ctx	- The mem_ctx used to allocate dcerpc_auth elements
+* @param pkt_trailer	- The packet trailer data, usually the trailing
+*			  auth_info blob, but in the request/response case
+*			  this is the stub_and_verifier blob.
+* @param auth		- A preallocated dcerpc_auth *empty* structure
+* @param auth_length	- The length of the auth trail, sum of auth header
+*			  lenght and pkt->auth_length
+* @param auth_data_only	- Whether the pkt_trailer includes only the auth_blob
+*			  (+ padding) or also other data.
+*
+* @return		- A NTSTATUS error code.
+*/
+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
+				  TALLOC_CTX *mem_ctx,
+				  const DATA_BLOB *pkt_trailer,
+				  struct dcerpc_auth *auth,
+				  uint32_t *auth_length,
+				  bool auth_data_only);
+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
+					   enum dcerpc_pkt_type ptype,
+					   size_t max_auth_info,
+					   uint8_t required_flags,
+					   uint8_t optional_flags);
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
+				    struct gensec_security *gensec,
+				    TALLOC_CTX *mem_ctx,
+				    enum dcerpc_pkt_type ptype,
+				    uint8_t required_flags,
+				    uint8_t optional_flags,
+				    uint8_t payload_offset,
+				    DATA_BLOB *payload_and_verifier,
+				    DATA_BLOB *raw_packet,
+				    const struct ncacn_packet *pkt);
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
+				    struct gensec_security *gensec,
+				    TALLOC_CTX *mem_ctx,
+				    DATA_BLOB *raw_packet,
+				    size_t sig_size,
+				    uint8_t payload_offset,
+				    const DATA_BLOB *payload,
+				    const struct ncacn_packet *pkt);
+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *ev,
+						 struct tstream_context *stream);
+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
+				       TALLOC_CTX *mem_ctx,
+				       struct ncacn_packet **pkt,
+				       DATA_BLOB *buffer);
+
+#endif
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 8ac90f2a2bd..f7919ebf575 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "librpc/rpc/dcesrv_core.h"
 #include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 88838121f2f..ad7b02194ec 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -24,6 +24,7 @@
 #include "includes.h"
 #include "librpc/rpc/dcesrv_core.h"
 #include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "librpc/gen_ndr/auth.h"
 #include "auth/gensec/gensec.h"
 #include "lib/util/dlinklist.h"
diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c
index 96bd98f53e1..5b4429956e7 100644
--- a/librpc/rpc/dcesrv_reply.c
+++ b/librpc/rpc/dcesrv_reply.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "librpc/rpc/dcesrv_core.h"
 #include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "auth/gensec/gensec.h"
 #include "lib/util/dlinklist.h"
 #include "param/param.h"
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index a606a29ed31..785cd985cfb 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -163,80 +163,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t);
 enum dcerpc_transport_t dcerpc_transport_by_name(const char *name);
 enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower);
 
-/* The following definitions come from ../librpc/rpc/dcerpc_util.c  */
-
-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
-uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
-uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
-uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
-uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
-uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
-					      enum dcerpc_transport_t transport,
-					      const struct ndr_interface_table *table);
-
-NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
-				  const DATA_BLOB *blob,
-				  struct ncacn_packet *r);
-
-/**
-* @brief	Pull a dcerpc_auth structure, taking account of any auth
-*		padding in the blob. For request/response packets we pass
-*		the whole data blob, so auth_data_only must be set to false
-*		as the blob contains data+pad+auth and no just pad+auth.
-*
-* @param pkt		- The ncacn_packet strcuture
-* @param mem_ctx	- The mem_ctx used to allocate dcerpc_auth elements
-* @param pkt_trailer	- The packet trailer data, usually the trailing
-*			  auth_info blob, but in the request/response case
-*			  this is the stub_and_verifier blob.
-* @param auth		- A preallocated dcerpc_auth *empty* structure
-* @param auth_length	- The length of the auth trail, sum of auth header
-*			  lenght and pkt->auth_length
-* @param auth_data_only	- Whether the pkt_trailer includes only the auth_blob
-*			  (+ padding) or also other data.
-*
-* @return		- A NTSTATUS error code.
-*/
-NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
-				  TALLOC_CTX *mem_ctx,
-				  const DATA_BLOB *pkt_trailer,
-				  struct dcerpc_auth *auth,
-				  uint32_t *auth_length,
-				  bool auth_data_only);
-NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
-					   enum dcerpc_pkt_type ptype,
-					   size_t max_auth_info,
-					   uint8_t required_flags,
-					   uint8_t optional_flags);
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
-				    struct gensec_security *gensec,
-				    TALLOC_CTX *mem_ctx,
-				    enum dcerpc_pkt_type ptype,
-				    uint8_t required_flags,
-				    uint8_t optional_flags,
-				    uint8_t payload_offset,
-				    DATA_BLOB *payload_and_verifier,
-				    DATA_BLOB *raw_packet,
-				    const struct ncacn_packet *pkt);
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
-				    struct gensec_security *gensec,
-				    TALLOC_CTX *mem_ctx,
-				    DATA_BLOB *raw_packet,
-				    size_t sig_size,
-				    uint8_t payload_offset,
-				    const DATA_BLOB *payload,
-				    const struct ncacn_packet *pkt);
-struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
-						 struct tevent_context *ev,
-						 struct tstream_context *stream);
-NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
-				       TALLOC_CTX *mem_ctx,
-				       struct ncacn_packet **pkt,
-				       DATA_BLOB *buffer);
-
 /* The following definitions come from ../librpc/rpc/binding_handle.c  */
 
 struct dcerpc_binding_handle_ops {
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 1f67987561c..c609efd5b07 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -20,6 +20,7 @@
 
 #include "includes.h"
 #include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "librpc/crypto/gse.h"
 #include "auth/gensec/gensec.h"
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8227ef0b0bd..408c0063baf 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -30,6 +30,7 @@
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "librpc/gen_ndr/ndr_netlogon_c.h"
 #include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "rpc_dce.h"
 #include "cli_pipe.h"
 #include "libsmb/libsmb.h"
diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
index 9dc5c5634fc..b24023661ff 100644
--- a/source3/rpc_client/rpc_transport_np.c
+++ b/source3/rpc_client/rpc_transport_np.c
@@ -19,6 +19,7 @@
 
 #include "includes.h"
 #include "../lib/util/tevent_ntstatus.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "rpc_client/rpc_transport.h"
 #include "librpc/ndr/ndr_table.h"
 #include "libcli/smb/smbXcli_base.h"
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 11f8a9b0602..cf50b1b481f 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -37,6 +37,7 @@
 #include "rpc_server/rpc_config.h"
 #include "librpc/ndr/ndr_table.h"
 #include "rpc_server/rpc_server.h"
+#include "librpc/rpc/dcerpc_util.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 87a99a8df89..f97263dcc5b 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -26,6 +26,7 @@
 #include "lib/events/events.h"
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "auth/gensec/gensec.h"
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c
index e431689d419..2abafb0bab5 100644
--- a/source4/librpc/rpc/dcerpc_roh_channel_out.c
+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c
@@ -37,6 +37,7 @@
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_roh.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
 #include "libcli/http/http.h"
 
 struct roh_request_state {