| blob | 46b0e3bfe21e16e9330ebdf425df1c38d2e4e389 |
1 /*
2 Unix SMB/CIFS implementation.
4 RFC2478 Compliant SPNEGO implementation
6 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2008
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
26 #include <tevent.h>
37 #undef strcasecmp
42 SPNEGO_SERVER_START,
43 SPNEGO_CLIENT_START,
44 SPNEGO_SERVER_TARG,
45 SPNEGO_CLIENT_TARG,
46 SPNEGO_FALLBACK,
47 SPNEGO_DONE
48 };
58 DATA_BLOB mech_types;
69 /*
70 * The following is used to implement
71 * the update token fragmentation
72 */
74 DATA_BLOB in_frag;
76 DATA_BLOB out_frag;
77 NTSTATUS out_status;
78 };
81 {
84 }
87 {
93 }
108 }
111 {
117 }
132 }
134 /** Fallback to another GENSEC mechanism, based on magic strings
135 *
136 * This is the 'fallback' case, where we don't get SPNEGO, and have to
137 * try all the other options (and hope they all have a magic string
138 * they check)
139 */
145 {
153 NTSTATUS nt_status;
157 {
159 }
163 }
169 }
170 }
173 }
177 }
182 }
187 gensec_security,
192 }
193 /* select the sub context */
198 }
201 }
204 }
206 /*
207 Parse the netTokenInit, either from the client, to the server, or
208 from the server to the client.
209 */
217 {
227 }
233 out_mem_ctx,
234 mechType,
235 GENSEC_OID_SPNEGO);
238 mechType,
243 }
251 }
254 gensec_security,
258 }
259 /* select the sub context */
263 /*
264 * Pretend we never started it
265 */
268 }
271 /* no optimistic token */
275 /*
276 * Indicate the downgrade and request a
277 * mic.
278 */
282 }
285 out_mem_ctx,
286 ev,
287 unwrapped_in,
288 unwrapped_out);
291 }
298 /*
299 * Pretend we never started it
300 */
303 }
307 }
310 }
311 }
316 }
317 }
319 /* Having tried any optimistic token from the client (if we
320 * were the server), if we didn't get anywhere, walk our list
321 * in our preference order */
327 gensec_security,
331 }
332 /* select the sub context */
336 /*
337 * Pretend we never started it.
338 */
341 }
345 /* only get the helping start blob for the first OID */
347 out_mem_ctx,
348 ev,
349 unwrapped_in,
350 unwrapped_out);
353 }
355 /* it is likely that a NULL input token will
356 * not be liked by most server mechs, but if
357 * we are in the client, we want the first
358 * update packet to be able to abort the use
359 * of this mech */
372 }
378 {
385 }
389 principal,
392 /*
393 * Pretend we never started it.
394 */
397 }
398 }
401 }
402 }
405 /* it is likely that a NULL input token will
406 * not be liked by most server mechs, but this
407 * does the right thing in the CIFS client.
408 * just push us along the merry-go-round
409 * again, and hope for better luck next
410 * time */
415 }
421 /* We started the mech correctly, and the
422 * input from the other side was valid.
423 * Return the error (say bad password, invalid
424 * ticket) */
427 }
430 }
433 /* we could re-negotiate here, but it would only work
434 * if the client or server lied about what it could
435 * support the first time. Lets keep this code to
436 * reality */
439 }
441 /** create a negTokenInit
442 *
443 * This is the same packet, no matter if the client or server sends it first, but it is always the first packet
444 */
450 {
461 out_mem_ctx,
462 mechTypes,
463 GENSEC_OID_SPNEGO);
470 gensec_security,
474 }
475 /* select the sub context */
481 }
483 /* In the client, try and produce the first (optimistic) packet */
486 out_mem_ctx,
487 ev,
488 data_blob_null,
492 }
502 }
508 {
515 }
519 principal,
522 /*
523 * Pretend we never started it
524 */
527 }
528 }
536 send_mech_types,
541 }
543 /* List the remaining mechs as options */
553 }
560 }
562 /* set next state */
571 }
574 }
579 }
587 {
592 NTSTATUS status;
597 /* The server offers a list of mechanisms */
604 }
605 }
608 spnego_state,
609 out_mem_ctx,
610 ev,
611 spnego_in,
615 }
618 /* compose reply */
629 }
632 my_mechs,
637 }
639 /* set next state */
644 }
646 /** create a server negTokenTarg
647 *
648 * This is the case, where the client is the first one who sends data
649 */
653 NTSTATUS nt_status,
655 DATA_BLOB mech_list_mic,
657 {
660 /* compose reply */
673 }
678 }
686 }
691 }
697 }
705 {
708 NTSTATUS status;
711 spnego_state,
712 out_mem_ctx,
713 ev,
714 spnego_in,
718 /*
719 * Windows 2000 returns the unwrapped token
720 * also in the mech_list_mic field.
721 *
722 * In order to verify our client code,
723 * we need a way to have a server with this
724 * broken behaviour
725 */
727 }
730 out_mem_ctx,
731 status,
732 sub_out,
733 mech_list_mic,
734 out);
735 }
742 {
750 /* and switch into the state machine */
755 spnego_state,
760 {
769 }
773 }
775 /* Server didn't like our choice of mech, and chose something else */
786 gensec_security,
790 }
791 /* select the sub context */
796 }
802 };
803 }
809 /*
810 * Windows 2000 has a bug, it repeats the
811 * responseToken in the mechListMIC field.
812 */
819 }
820 }
821 }
826 }
827 }
833 }
837 /*
838 * In this case we don't require
839 * a mechListMIC from the server.
840 *
841 * This works around bugs in the Azure
842 * and Apple spnego implementations.
843 *
844 * See
845 * https://bugzilla.samba.org/show_bug.cgi?id=11994
846 */
850 }
862 }
866 }
875 }
878 }
881 }
888 GENSEC_FEATURE_SIGN);
891 }
893 GENSEC_FEATURE_NEW_SPNEGO);
899 /*
900 * the first exchange doesn't require
901 * verification
902 */
904 }
912 }
915 /*
916 * A downgrade should be protected if
917 * supported
918 */
920 }
922 /*
923 * The caller may just asked for
924 * GENSEC_FEATURE_SESSION_KEY, this
925 * is only reflected in the want_features.
926 *
927 * As it will imply
928 * gensec_have_features(GENSEC_FEATURE_SIGN)
929 * to return true.
930 */
933 }
936 }
937 /*
938 * Here we're sure our preferred mech was
939 * selected by the server and our caller doesn't
940 * need GENSEC_FEATURE_SIGN nor
941 * GENSEC_FEATURE_SEAL support.
942 *
943 * In this case we don't require
944 * a mechListMIC from the server.
945 *
946 * This works around bugs in the Azure
947 * and Apple spnego implementations.
948 *
949 * See
950 * https://bugzilla.samba.org/show_bug.cgi?id=11994
951 */
958 }
962 }
967 }
968 }
973 }
974 }
987 }
990 }
994 out_mem_ctx,
1004 }
1006 }
1010 }
1012 client_response:
1018 }
1021 /* compose reply */
1031 }
1038 /* all done - server has accepted, and we agree */
1042 /* unless of course it did not accept */
1045 }
1048 }
1051 }
1055 }
1059 }
1066 {
1071 /* and switch into the state machine */
1076 spnego_state,
1081 {
1082 NTSTATUS nt_status;
1091 }
1097 }
1111 }
1113 }
1122 }
1125 }
1128 }
1131 GENSEC_FEATURE_SIGN);
1134 }
1136 GENSEC_FEATURE_NEW_SPNEGO);
1139 }
1144 }
1157 }
1161 }
1165 out_mem_ctx,
1175 }
1177 }
1181 }
1183 server_response:
1185 out_mem_ctx,
1186 nt_status,
1187 unwrapped_out,
1188 mech_list_mic,
1189 out);
1192 }
1196 }
1200 }
1205 DATA_BLOB full_in;
1208 NTSTATUS status;
1209 DATA_BLOB out;
1210 };
1214 {
1223 /*
1224 * A fatal error, further updates are not allowed.
1225 */
1230 }
1231 }
1244 {
1250 NTSTATUS status;
1251 ssize_t len;
1257 }
1266 }
1273 }
1278 }
1286 }
1289 }
1291 /* Check if we got a valid SPNEGO blob... */
1302 }
1304 /* fall through */
1309 /* create_negTokenInit later */
1311 }
1323 }
1325 /*
1326 * This is the 'fallback' case, where we don't get
1327 * SPNEGO, and have to try all the other options (and
1328 * hope they all have a magic string they check)
1329 */
1331 spnego_state,
1332 state,
1336 }
1338 /*
1339 * We'll continue with SPNEGO_FALLBACK below...
1340 */
1342 }
1345 /* OK, so it's real SPNEGO, check the packet's the one we expect */
1354 }
1361 }
1363 /* and switch into the state machine */
1375 /* client to produce negTokenInit */
1380 }
1382 /* fall through */
1392 /* server to produce negTokenInit */
1397 }
1399 /* fall through */
1410 }
1415 }
1423 reset_full);
1426 }
1427 }
1436 }
1441 }
1446 {
1468 }
1474 /*
1475 * try to work out the size of the full
1476 * input token, it might be fragmented
1477 */
1481 }
1486 /*
1487 * If it is not an asn1 message
1488 * just call the next layer.
1489 */
1491 }
1492 }
1495 /*
1496 * limit the incoming message to 0xFFFF
1497 * to avoid DoS attacks.
1498 */
1500 }
1503 /*
1504 * If we reach this, we know we got at least
1505 * part of an asn1 message, getting 0 means
1506 * the remote peer wants us to spin.
1507 */
1509 }
1513 /*
1514 * we got more than expected
1515 */
1517 }
1520 /*
1521 * if the in.length contains the full blob
1522 * we are done.
1523 *
1524 * Note: this implies spnego_state->in_frag.length == 0,
1525 * but we do not need to check this explicitly
1526 * because we already know that we did not get
1527 * more than expected.
1528 */
1532 }
1538 }
1542 }
1549 }
1554 {
1562 /*
1563 * Fast path, we can deliver everything
1564 */
1570 }
1574 }
1576 /*
1577 * We're completely done, further updates are not allowed.
1578 */
1582 }
1586 /*
1587 * copy the remaining bytes
1588 */
1594 }
1596 /*
1597 * truncate the buffer
1598 */
1603 }
1608 }
1613 {
1617 NTSTATUS status;
1624 }
1631 }
1634 GENSEC_OID_SPNEGO,
1635 NULL
1636 };
1664 };
1667 {
1668 NTSTATUS ret;
1674 }
1677 }