search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14542: Remove librpc, libndr and libnbt from includes.h
[Samba.git] / source / librpc / rpc / dcerpc_auth.c
blob88132b15fecc121362c8314e4ab34b2a949b79cd
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29
30 /*
31 do a non-athenticated dcerpc bind
32 */
33
34 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
35 struct dcerpc_pipe *p,
36 const struct dcerpc_interface_table *table)
37 {
38 struct dcerpc_syntax_id syntax;
39 struct dcerpc_syntax_id transfer_syntax;
40
41 struct composite_context *c;
42
43 c = talloc_zero(mem_ctx, struct composite_context);
44 if (c == NULL) return NULL;
45
46 c->status = dcerpc_init_syntaxes(table,
47 &syntax, &transfer_syntax);
48 if (!NT_STATUS_IS_OK(c->status)) {
49 DEBUG(2,("Invalid uuid string in "
50 "dcerpc_bind_auth_none_send\n"));
51 composite_error(c, c->status);
52 return c;
53 }
54
55 /* c was only allocated as a container for a possible error */
56 talloc_free(c);
57
58 return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
59 }
60
61 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
62 {
63 return dcerpc_bind_recv(ctx);
64 }
65
66 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
67 const struct dcerpc_interface_table *table)
68 {
69 struct composite_context *ctx;
70 ctx = dcerpc_bind_auth_none_send(p, p, table);
71 return dcerpc_bind_auth_none_recv(ctx);
72 }
73
74 struct bind_auth_state {
75 struct dcerpc_pipe *pipe;
76 DATA_BLOB credentials;
77 BOOL more_processing; /* Is there anything more to do after the
78 * first bind itself received? */
79 };
80
81 static void bind_auth_recv_alter(struct composite_context *creq);
82
83 static void bind_auth_next_step(struct composite_context *c)
84 {
85 struct bind_auth_state *state =
86 talloc_get_type(c->private_data, struct bind_auth_state);
87 struct dcerpc_security *sec = &state->pipe->conn->security_state;
88 struct composite_context *creq;
89 BOOL more_processing = False;
90
91 /* The status value here, from GENSEC is vital to the security
92 * of the system. Even if the other end accepts, if GENSEC
93 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
94 * feeding it blobs, or else the remote host/attacker might
95 * avoid mutal authentication requirements.
96 *
97 * Likewise, you must not feed GENSEC too much (after the OK),
98 * it doesn't like that either
99 */
100
101 c->status = gensec_update(sec->generic_state, state,
102 sec->auth_info->credentials,
103 &state->credentials);
104
105 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
106 more_processing = True;
107 c->status = NT_STATUS_OK;
108 }
109
110 if (!composite_is_ok(c)) return;
111
112 if (state->credentials.length == 0) {
113 composite_done(c);
114 return;
115 }
116
117 sec->auth_info->credentials = state->credentials;
118
119 if (!more_processing) {
120 /* NO reply expected, so just send it */
121 c->status = dcerpc_auth3(state->pipe->conn, state);
122 if (!composite_is_ok(c)) return;
123 composite_done(c);
124 return;
125 }
126
127 /* We are demanding a reply, so use a request that will get us one */
128
129 creq = dcerpc_alter_context_send(state->pipe, state,
130 &state->pipe->syntax,
131 &state->pipe->transfer_syntax);
132 composite_continue(c, creq, bind_auth_recv_alter, c);
133 }
134
135 static void bind_auth_recv_alter(struct composite_context *creq)
136 {
137 struct composite_context *c =
138 talloc_get_type(creq->async.private_data,
139 struct composite_context);
140
141 c->status = dcerpc_alter_context_recv(creq);
142 if (!composite_is_ok(c)) return;
143
144 bind_auth_next_step(c);
145 }
146
147 static void bind_auth_recv_bindreply(struct composite_context *creq)
148 {
149 struct composite_context *c =
150 talloc_get_type(creq->async.private_data,
151 struct composite_context);
152 struct bind_auth_state *state =
153 talloc_get_type(c->private_data, struct bind_auth_state);
154
155 c->status = dcerpc_bind_recv(creq);
156 if (!composite_is_ok(c)) return;
157
158 if (!state->more_processing) {
159 /* The first gensec_update has not requested a second run, so
160 * we're done here. */
161 composite_done(c);
162 return;
163 }
164
165 bind_auth_next_step(c);
166 }
167
168 /**
169 Bind to a DCE/RPC pipe, async
170 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
171 @param p The dcerpc_pipe to bind (must already be connected)
172 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
173 @param credentials The credentials of the account to connect with
174 @param auth_type Select the authentication scheme to use
175 @param auth_level Chooses between unprotected (connect), signed or sealed
176 @param service The service (used by Kerberos to select the service principal to contact)
177 @retval A composite context describing the partial state of the bind
178 */
179
180 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
181 struct dcerpc_pipe *p,
182 const struct dcerpc_interface_table *table,
183 struct cli_credentials *credentials,
184 uint8_t auth_type, uint8_t auth_level,
185 const char *service)
186 {
187 struct composite_context *c, *creq;
188 struct bind_auth_state *state;
189 struct dcerpc_security *sec;
190
191 struct dcerpc_syntax_id syntax, transfer_syntax;
192
193 c = talloc_zero(mem_ctx, struct composite_context);
194 if (c == NULL) return NULL;
195
196 state = talloc(c, struct bind_auth_state);
197 if (state == NULL) {
198 c->status = NT_STATUS_NO_MEMORY;
199 goto failed;
200 }
201
202 c->state = COMPOSITE_STATE_IN_PROGRESS;
203 c->private_data = state;
204 c->event_ctx = p->conn->event_ctx;
205
206 state->pipe = p;
207
208 c->status = dcerpc_init_syntaxes(table,
209 &syntax,
210 &transfer_syntax);
211 if (!NT_STATUS_IS_OK(c->status)) goto failed;
212
213 sec = &p->conn->security_state;
214
215 c->status = gensec_client_start(p, &sec->generic_state,
216 p->conn->event_ctx);
217 if (!NT_STATUS_IS_OK(c->status)) {
218 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
219 nt_errstr(c->status)));
220 goto failed;
221 }
222
223 c->status = gensec_set_credentials(sec->generic_state, credentials);
224 if (!NT_STATUS_IS_OK(c->status)) {
225 DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
226 nt_errstr(c->status)));
227 goto failed;
228 }
229
230 c->status = gensec_set_target_hostname(
231 sec->generic_state, p->conn->transport.peer_name(p->conn));
232 if (!NT_STATUS_IS_OK(c->status)) {
233 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
234 nt_errstr(c->status)));
235 goto failed;
236 }
237
238 if (service != NULL) {
239 c->status = gensec_set_target_service(sec->generic_state,
240 service);
241 if (!NT_STATUS_IS_OK(c->status)) {
242 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
243 nt_errstr(c->status)));
244 goto failed;
245 }
246 }
247
248 c->status = gensec_start_mech_by_authtype(sec->generic_state,
249 auth_type, auth_level);
250 if (!NT_STATUS_IS_OK(c->status)) {
251 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
252 gensec_get_name_by_authtype(auth_type),
253 nt_errstr(c->status)));
254 goto failed;
255 }
256
257 sec->auth_info = talloc(p, struct dcerpc_auth);
258 if (sec->auth_info == NULL) {
259 c->status = NT_STATUS_NO_MEMORY;
260 goto failed;
261 }
262
263 sec->auth_info->auth_type = auth_type;
264 sec->auth_info->auth_level = auth_level,
265 sec->auth_info->auth_pad_length = 0;
266 sec->auth_info->auth_reserved = 0;
267 sec->auth_info->auth_context_id = random();
268 sec->auth_info->credentials = data_blob(NULL, 0);
269
270 /* The status value here, from GENSEC is vital to the security
271 * of the system. Even if the other end accepts, if GENSEC
272 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
273 * feeding it blobs, or else the remote host/attacker might
274 * avoid mutal authentication requirements.
275 *
276 * Likewise, you must not feed GENSEC too much (after the OK),
277 * it doesn't like that either
278 */
279
280 c->status = gensec_update(sec->generic_state, state,
281 sec->auth_info->credentials,
282 &state->credentials);
283 if (!NT_STATUS_IS_OK(c->status) &&
284 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
285 goto failed;
286 }
287
288 state->more_processing =
289 NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED);
290
291 if (state->credentials.length == 0) {
292 composite_done(c);
293 return c;
294 }
295
296 sec->auth_info->credentials = state->credentials;
297
298 /* The first request always is a dcerpc_bind. The subsequent ones
299 * depend on gensec results */
300 creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
301 if (creq == NULL) {
302 c->status = NT_STATUS_NO_MEMORY;
303 goto failed;
304 }
305
306 creq->async.fn = bind_auth_recv_bindreply;
307 creq->async.private_data = c;
308 return c;
309
310 failed:
311 composite_error(c, c->status);
312 return c;
313 }
314
315 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
316 {
317 NTSTATUS result = composite_wait(creq);
318 struct bind_auth_state *state = talloc_get_type(creq->private_data, struct bind_auth_state);
319
320 if (NT_STATUS_IS_OK(result)) {
321 /*
322 after a successful authenticated bind the session
323 key reverts to the generic session key
324 */
325 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
326 }
327
328 talloc_free(creq);
329 return result;
330 }
331
332 /**
333 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
334 @param p The dcerpc_pipe to bind (must already be connected)
335 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
336 @param credentials The credentials of the account to connect with
337 @param auth_type Select the authentication scheme to use
338 @param auth_level Chooses between unprotected (connect), signed or sealed
339 @param service The service (used by Kerberos to select the service principal to contact)
340 @retval NTSTATUS status code
341 */
342 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
343 const struct dcerpc_interface_table *table,
344 struct cli_credentials *credentials,
345 uint8_t auth_type, uint8_t auth_level,
346 const char *service)
347 {
348 struct composite_context *creq;
349 creq = dcerpc_bind_auth_send(p, p, table, credentials,
350 auth_type, auth_level, service);
351 return dcerpc_bind_auth_recv(creq);
352 }
Samba GIT mirror