decode_tds.c

/*
  decode_tds.c

  Tabular Data Stream (Sybase, Microsoft SQL). See www.freetds.org.

  Thanks to antilove!@#$% and Ben Lowery <blowery@monkey.org> for
  providing me with packet traces.
  
  Copyright (c) 2000 Dug Song <dugsong@monkey.org>
 
  $Id: decode_tds.c,v 1.8 2000/11/06 14:08:43 dugsong Exp $
*/

#include "config.h"

#include <sys/types.h>
#include <stdio.h>
#include <string.h>
#include "decode.h"

struct tds_hdr {
	u_char		type;
	u_char		last;
	u_short		size;
	u_int32_t	zero;
};

struct tds_login {
	char		hostname[30];
	u_char		hostlen;
	char		username[30];
	u_char		userlen;
	char		password[30];
	u_char		passlen;
	char		process[30];
	u_char		proclen;
	char		magic1[6];
	u_char		bulkcopy;
	char		magic2[9];
	char		appname[30];
	u_char		applen;
	char		servername[30];
	u_char		serverlen;
	u_char		zero;
	u_char		pass2len;
	char		password2[30];
	char		magic3[223];
	u_char		pass2len2;
	char		version[4];
	char		libname[10];
	u_char		liblen;
	char		magic4[3];
	char		language[30];
	u_char		langlen;
	u_char		nolang;
	u_short		magic5;
	u_char		encrypted;
	char		magic6[10];
	char		charset[30];
	u_char		charlen;
	u_char		magic7;
	char		blocksize[6];
	u_char		blocklen;
	char		magic8[4];	/* 4.2: 8, 4.6: 4, 5.0: 25 */
};

u_char tds7_magic1[] = {
	0x6, 0x83, 0xf2, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x03, 0x0,
	0x0, 0x88, 0xff, 0xff, 0xff, 0x36, 0x04, 0x00, 0x00
};

struct tds7_login {
	u_short	size;
	char	zero1[5];
	u_char	byte1;		/* 0x70 */
	char	zero2[7];
	char	magic1[21];
	u_short	userpos;	/* XXX - freetds got this wrong? */
	u_short	userlen;
	u_short	passpos;
	u_short	passlen;
	u_short	somepos;
	u_short	somelen;
	u_short	apppos;
	u_short	applen;
	u_short	servpos;
	u_short	servlen;
	char	zero4[4];
	u_short	libpos;
	u_short	liblen;
	char	skip1[8];
	char	magic2[6];
	char	skip2[8];
	/* char username[userlen]; */
	/* char password[passlen]; */
	/* char appname[applen]; */
	/* char server[servlen]; */
	/* char library[liblen]; */
	/* char	magic3[48]; */
};

void
deunicode(u_char *buf, int len)
{
	int i;
	
	for (i = 0; i < len; i++) {
		buf[i] = buf[i * 2];
	}
	buf[i] = '\0';
}

#if 0
void
tds7_decrypt(u_char *buf, int len)
{
	int i;
	
	for (i = 0; i < len; i++) {
		buf[i] = ((buf[i] << 4) | (buf[i] >> 4)) ^ 0x5a;
	}
	buf[i] = '\0';
}
#endif

int
decode_tds(u_char *buf, int len, u_char *obuf, int olen)
{
	struct tds_hdr *th;
	struct tds_login *tl;
	struct tds7_login *t7l;
	u_char *user, *pass;
	u_short userlen, passlen;
	
	obuf[0] = '\0';

	for (th = (struct tds_hdr *)buf;
	     len > sizeof(*th) && len >= ntohs(th->size);
	     buf += ntohs(th->size), len -= ntohs(th->size)) {
		
		if (th->type == 2) {
			/* Version 4.x, 5.0 */
			if (len < sizeof(*th) + sizeof(*tl))
				return (0);
			
			tl = (struct tds_login *)(th + 1);
			
			if (tl->userlen > sizeof(tl->username))
				return (0);
			
			tl->username[tl->userlen] = '\0';
			strlcat(obuf, tl->username, olen);
			strlcat(obuf, "\n", olen);
			
			if (tl->passlen > sizeof(tl->password))
				return (0);
			
			tl->password[tl->passlen] = '\0';
			strlcat(obuf, tl->password, olen);
			strlcat(obuf, "\n", olen);
		}
		else if (th->type == 16 && th->last == 1) {
			/* Version 7.0 */
			if (len < sizeof(*th) + sizeof(*t7l))
				return (0);
			
			t7l = (struct tds7_login *)(th + 1);
			
			userlen = pletohs(&t7l->userlen);
			passlen = pletohs(&t7l->passlen);
			
			if (len < sizeof(*th) + sizeof(*t7l) +
			    (2 * (userlen + passlen))) {
				return (0);
			}
			user = (u_char *)(t7l + 1);
			pass = user + (2 * userlen);
			
			deunicode(user, userlen);
#if 0
			/* XXX - when to call? */
			tds7_decrypt(pass, 2 * passlen);
#endif
			deunicode(pass, passlen);
			
			snprintf(obuf + strlen(obuf),
				 olen - strlen(obuf),
				 "%s\n%s\n", user, pass);
		}
	}
	return (strlen(obuf));
}