2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29 #include "librpc/rpc/dcerpc_proto.h"
30 #include "param/param.h"
33 return the rpc syntax and transfer syntax given the pipe uuid and version
35 static NTSTATUS
dcerpc_init_syntaxes(const struct ndr_interface_table
*table
,
37 struct ndr_syntax_id
*syntax
,
38 struct ndr_syntax_id
*transfer_syntax
)
40 syntax
->uuid
= table
->syntax_id
.uuid
;
41 syntax
->if_version
= table
->syntax_id
.if_version
;
43 if (pipe_flags
& DCERPC_NDR64
) {
44 *transfer_syntax
= ndr_transfer_syntax_ndr64
;
46 *transfer_syntax
= ndr_transfer_syntax_ndr
;
54 Send request to do a non-authenticated dcerpc bind
56 static void dcerpc_bind_auth_none_done(struct tevent_req
*subreq
);
58 struct composite_context
*dcerpc_bind_auth_none_send(TALLOC_CTX
*mem_ctx
,
59 struct dcerpc_pipe
*p
,
60 const struct ndr_interface_table
*table
)
62 struct ndr_syntax_id syntax
;
63 struct ndr_syntax_id transfer_syntax
;
65 struct composite_context
*c
;
66 struct tevent_req
*subreq
;
68 c
= composite_create(mem_ctx
, p
->conn
->event_ctx
);
69 if (c
== NULL
) return NULL
;
71 c
->status
= dcerpc_init_syntaxes(table
, p
->conn
->flags
,
72 &syntax
, &transfer_syntax
);
73 if (!NT_STATUS_IS_OK(c
->status
)) {
74 DEBUG(2,("Invalid uuid string in "
75 "dcerpc_bind_auth_none_send\n"));
76 composite_error(c
, c
->status
);
80 subreq
= dcerpc_bind_send(mem_ctx
, p
->conn
->event_ctx
, p
,
81 &syntax
, &transfer_syntax
);
82 if (composite_nomem(subreq
, c
)) return c
;
83 tevent_req_set_callback(subreq
, dcerpc_bind_auth_none_done
, c
);
88 static void dcerpc_bind_auth_none_done(struct tevent_req
*subreq
)
90 struct composite_context
*ctx
=
91 tevent_req_callback_data(subreq
,
92 struct composite_context
);
94 ctx
->status
= dcerpc_bind_recv(subreq
);
96 if (!composite_is_ok(ctx
)) return;
102 Receive result of a non-authenticated dcerpc bind
104 NTSTATUS
dcerpc_bind_auth_none_recv(struct composite_context
*ctx
)
106 NTSTATUS result
= composite_wait(ctx
);
113 Perform sync non-authenticated dcerpc bind
115 _PUBLIC_ NTSTATUS
dcerpc_bind_auth_none(struct dcerpc_pipe
*p
,
116 const struct ndr_interface_table
*table
)
118 struct composite_context
*ctx
;
120 ctx
= dcerpc_bind_auth_none_send(p
, p
, table
);
121 return dcerpc_bind_auth_none_recv(ctx
);
125 struct bind_auth_state
{
126 struct dcerpc_pipe
*pipe
;
127 DATA_BLOB credentials
;
128 bool more_processing
; /* Is there anything more to do after the
129 * first bind itself received? */
132 static void bind_auth_recv_alter(struct tevent_req
*subreq
);
134 static void bind_auth_next_step(struct composite_context
*c
)
136 struct bind_auth_state
*state
;
137 struct dcecli_security
*sec
;
138 struct tevent_req
*subreq
;
139 bool more_processing
= false;
141 state
= talloc_get_type(c
->private_data
, struct bind_auth_state
);
142 sec
= &state
->pipe
->conn
->security_state
;
144 /* The status value here, from GENSEC is vital to the security
145 * of the system. Even if the other end accepts, if GENSEC
146 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
147 * feeding it blobs, or else the remote host/attacker might
148 * avoid mutal authentication requirements.
150 * Likewise, you must not feed GENSEC too much (after the OK),
151 * it doesn't like that either
154 state
->pipe
->inhibit_timeout_processing
= true;
155 state
->pipe
->timed_out
= false;
157 c
->status
= gensec_update_ev(sec
->generic_state
, state
,
158 state
->pipe
->conn
->event_ctx
,
159 sec
->auth_info
->credentials
,
160 &state
->credentials
);
161 if (state
->pipe
->timed_out
) {
162 composite_error(c
, NT_STATUS_IO_TIMEOUT
);
165 state
->pipe
->inhibit_timeout_processing
= false;
167 data_blob_free(&sec
->auth_info
->credentials
);
169 if (NT_STATUS_EQUAL(c
->status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
170 more_processing
= true;
171 c
->status
= NT_STATUS_OK
;
174 if (!composite_is_ok(c
)) return;
176 if (state
->credentials
.length
== 0) {
181 sec
->auth_info
->credentials
= state
->credentials
;
183 if (!more_processing
) {
184 /* NO reply expected, so just send it */
185 c
->status
= dcerpc_auth3(state
->pipe
, state
);
186 data_blob_free(&state
->credentials
);
187 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
188 if (!composite_is_ok(c
)) return;
194 /* We are demanding a reply, so use a request that will get us one */
196 subreq
= dcerpc_alter_context_send(state
, state
->pipe
->conn
->event_ctx
,
198 &state
->pipe
->syntax
,
199 &state
->pipe
->transfer_syntax
);
200 data_blob_free(&state
->credentials
);
201 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
202 if (composite_nomem(subreq
, c
)) return;
203 tevent_req_set_callback(subreq
, bind_auth_recv_alter
, c
);
207 static void bind_auth_recv_alter(struct tevent_req
*subreq
)
209 struct composite_context
*c
=
210 tevent_req_callback_data(subreq
,
211 struct composite_context
);
213 c
->status
= dcerpc_alter_context_recv(subreq
);
215 if (!composite_is_ok(c
)) return;
217 bind_auth_next_step(c
);
221 static void bind_auth_recv_bindreply(struct tevent_req
*subreq
)
223 struct composite_context
*c
=
224 tevent_req_callback_data(subreq
,
225 struct composite_context
);
226 struct bind_auth_state
*state
= talloc_get_type(c
->private_data
,
227 struct bind_auth_state
);
229 c
->status
= dcerpc_bind_recv(subreq
);
231 if (!composite_is_ok(c
)) return;
233 if (state
->pipe
->conn
->flags
& DCERPC_HEADER_SIGNING
) {
234 struct dcecli_security
*sec
= &state
->pipe
->conn
->security_state
;
236 gensec_want_feature(sec
->generic_state
, GENSEC_FEATURE_SIGN_PKT_HEADER
);
239 if (!state
->more_processing
) {
240 /* The first gensec_update has not requested a second run, so
241 * we're done here. */
246 bind_auth_next_step(c
);
251 Bind to a DCE/RPC pipe, send async request
252 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
253 @param p The dcerpc_pipe to bind (must already be connected)
254 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
255 @param credentials The credentials of the account to connect with
256 @param auth_type Select the authentication scheme to use
257 @param auth_level Chooses between unprotected (connect), signed or sealed
258 @param service The service (used by Kerberos to select the service principal to contact)
259 @retval A composite context describing the partial state of the bind
262 struct composite_context
*dcerpc_bind_auth_send(TALLOC_CTX
*mem_ctx
,
263 struct dcerpc_pipe
*p
,
264 const struct ndr_interface_table
*table
,
265 struct cli_credentials
*credentials
,
266 struct gensec_settings
*gensec_settings
,
267 uint8_t auth_type
, uint8_t auth_level
,
270 struct composite_context
*c
;
271 struct bind_auth_state
*state
;
272 struct dcecli_security
*sec
;
273 struct tevent_req
*subreq
;
274 struct ndr_syntax_id syntax
, transfer_syntax
;
275 const char *target_principal
= NULL
;
277 /* composite context allocation and setup */
278 c
= composite_create(mem_ctx
, p
->conn
->event_ctx
);
279 if (c
== NULL
) return NULL
;
281 state
= talloc(c
, struct bind_auth_state
);
282 if (composite_nomem(state
, c
)) return c
;
283 c
->private_data
= state
;
287 c
->status
= dcerpc_init_syntaxes(table
, p
->conn
->flags
,
290 if (!composite_is_ok(c
)) return c
;
292 sec
= &p
->conn
->security_state
;
294 c
->status
= gensec_client_start(p
, &sec
->generic_state
,
296 if (!NT_STATUS_IS_OK(c
->status
)) {
297 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
298 nt_errstr(c
->status
)));
299 composite_error(c
, c
->status
);
303 c
->status
= gensec_set_credentials(sec
->generic_state
, credentials
);
304 if (!NT_STATUS_IS_OK(c
->status
)) {
305 DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
306 nt_errstr(c
->status
)));
307 composite_error(c
, c
->status
);
311 c
->status
= gensec_set_target_hostname(sec
->generic_state
,
312 dcerpc_server_name(p
));
313 if (!NT_STATUS_IS_OK(c
->status
)) {
314 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
315 nt_errstr(c
->status
)));
316 composite_error(c
, c
->status
);
320 if (service
!= NULL
) {
321 c
->status
= gensec_set_target_service(sec
->generic_state
,
323 if (!NT_STATUS_IS_OK(c
->status
)) {
324 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
325 nt_errstr(c
->status
)));
326 composite_error(c
, c
->status
);
331 if (p
->binding
!= NULL
) {
332 target_principal
= dcerpc_binding_get_string_option(p
->binding
,
335 if (target_principal
!= NULL
) {
336 c
->status
= gensec_set_target_principal(sec
->generic_state
,
338 if (!NT_STATUS_IS_OK(c
->status
)) {
339 DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
340 target_principal
, nt_errstr(c
->status
)));
341 composite_error(c
, c
->status
);
346 c
->status
= gensec_start_mech_by_authtype(sec
->generic_state
,
347 auth_type
, auth_level
);
348 if (!NT_STATUS_IS_OK(c
->status
)) {
349 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
350 gensec_get_name_by_authtype(sec
->generic_state
, auth_type
),
351 nt_errstr(c
->status
)));
352 composite_error(c
, c
->status
);
356 sec
->auth_info
= talloc(p
, struct dcerpc_auth
);
357 if (composite_nomem(sec
->auth_info
, c
)) return c
;
359 sec
->auth_info
->auth_type
= auth_type
;
360 sec
->auth_info
->auth_level
= auth_level
,
361 sec
->auth_info
->auth_pad_length
= 0;
362 sec
->auth_info
->auth_reserved
= 0;
363 sec
->auth_info
->auth_context_id
= random();
364 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
366 /* The status value here, from GENSEC is vital to the security
367 * of the system. Even if the other end accepts, if GENSEC
368 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
369 * feeding it blobs, or else the remote host/attacker might
370 * avoid mutal authentication requirements.
372 * Likewise, you must not feed GENSEC too much (after the OK),
373 * it doesn't like that either
376 state
->pipe
->inhibit_timeout_processing
= true;
377 state
->pipe
->timed_out
= false;
378 c
->status
= gensec_update_ev(sec
->generic_state
, state
,
380 sec
->auth_info
->credentials
,
381 &state
->credentials
);
382 if (state
->pipe
->timed_out
) {
383 composite_error(c
, NT_STATUS_IO_TIMEOUT
);
386 state
->pipe
->inhibit_timeout_processing
= false;
388 if (!NT_STATUS_IS_OK(c
->status
) &&
389 !NT_STATUS_EQUAL(c
->status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
390 composite_error(c
, c
->status
);
394 state
->more_processing
= NT_STATUS_EQUAL(c
->status
,
395 NT_STATUS_MORE_PROCESSING_REQUIRED
);
397 if (state
->credentials
.length
== 0) {
402 sec
->auth_info
->credentials
= state
->credentials
;
404 if (gensec_have_feature(sec
->generic_state
, GENSEC_FEATURE_SIGN_PKT_HEADER
)) {
405 if (auth_level
>= DCERPC_AUTH_LEVEL_INTEGRITY
) {
406 state
->pipe
->conn
->flags
|= DCERPC_PROPOSE_HEADER_SIGNING
;
410 /* The first request always is a dcerpc_bind. The subsequent ones
411 * depend on gensec results */
412 subreq
= dcerpc_bind_send(state
, p
->conn
->event_ctx
, p
,
413 &syntax
, &transfer_syntax
);
414 data_blob_free(&state
->credentials
);
415 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
416 if (composite_nomem(subreq
, c
)) return c
;
417 tevent_req_set_callback(subreq
, bind_auth_recv_bindreply
, c
);
424 Bind to a DCE/RPC pipe, receive result
425 @param creq A composite context describing state of async call
426 @retval NTSTATUS code
429 NTSTATUS
dcerpc_bind_auth_recv(struct composite_context
*creq
)
431 NTSTATUS result
= composite_wait(creq
);
432 struct bind_auth_state
*state
= talloc_get_type(creq
->private_data
,
433 struct bind_auth_state
);
435 if (NT_STATUS_IS_OK(result
)) {
437 after a successful authenticated bind the session
438 key reverts to the generic session key
440 state
->pipe
->conn
->security_state
.session_key
= dcerpc_generic_session_key
;
449 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
450 @param p The dcerpc_pipe to bind (must already be connected)
451 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
452 @param credentials The credentials of the account to connect with
453 @param auth_type Select the authentication scheme to use
454 @param auth_level Chooses between unprotected (connect), signed or sealed
455 @param service The service (used by Kerberos to select the service principal to contact)
456 @retval NTSTATUS status code
459 _PUBLIC_ NTSTATUS
dcerpc_bind_auth(struct dcerpc_pipe
*p
,
460 const struct ndr_interface_table
*table
,
461 struct cli_credentials
*credentials
,
462 struct gensec_settings
*gensec_settings
,
463 uint8_t auth_type
, uint8_t auth_level
,
466 struct composite_context
*creq
;
467 creq
= dcerpc_bind_auth_send(p
, p
, table
, credentials
, gensec_settings
,
468 auth_type
, auth_level
, service
);
469 return dcerpc_bind_auth_recv(creq
);