search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbd: use req->xconn in files.c
[Samba.git] / source4 / librpc / rpc / dcerpc_auth.c
blob2d60d38732bdd86432a6d0bb9cd23d180de483f7
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include <tevent.h>
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29 #include "librpc/rpc/dcerpc_proto.h"
30 #include "param/param.h"
31
32 /*
33 return the rpc syntax and transfer syntax given the pipe uuid and version
34 */
35 static NTSTATUS dcerpc_init_syntaxes(const struct ndr_interface_table *table,
36 uint32_t pipe_flags,
37 struct ndr_syntax_id *syntax,
38 struct ndr_syntax_id *transfer_syntax)
39 {
40 syntax->uuid = table->syntax_id.uuid;
41 syntax->if_version = table->syntax_id.if_version;
42
43 if (pipe_flags & DCERPC_NDR64) {
44 *transfer_syntax = ndr_transfer_syntax_ndr64;
45 } else {
46 *transfer_syntax = ndr_transfer_syntax_ndr;
47 }
48
49 return NT_STATUS_OK;
50 }
51
52
53 /*
54 Send request to do a non-authenticated dcerpc bind
55 */
56 static void dcerpc_bind_auth_none_done(struct tevent_req *subreq);
57
58 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
59 struct dcerpc_pipe *p,
60 const struct ndr_interface_table *table)
61 {
62 struct ndr_syntax_id syntax;
63 struct ndr_syntax_id transfer_syntax;
64
65 struct composite_context *c;
66 struct tevent_req *subreq;
67
68 c = composite_create(mem_ctx, p->conn->event_ctx);
69 if (c == NULL) return NULL;
70
71 c->status = dcerpc_init_syntaxes(table, p->conn->flags,
72 &syntax, &transfer_syntax);
73 if (!NT_STATUS_IS_OK(c->status)) {
74 DEBUG(2,("Invalid uuid string in "
75 "dcerpc_bind_auth_none_send\n"));
76 composite_error(c, c->status);
77 return c;
78 }
79
80 subreq = dcerpc_bind_send(mem_ctx, p->conn->event_ctx, p,
81 &syntax, &transfer_syntax);
82 if (composite_nomem(subreq, c)) return c;
83 tevent_req_set_callback(subreq, dcerpc_bind_auth_none_done, c);
84
85 return c;
86 }
87
88 static void dcerpc_bind_auth_none_done(struct tevent_req *subreq)
89 {
90 struct composite_context *ctx =
91 tevent_req_callback_data(subreq,
92 struct composite_context);
93
94 ctx->status = dcerpc_bind_recv(subreq);
95 TALLOC_FREE(subreq);
96 if (!composite_is_ok(ctx)) return;
97
98 composite_done(ctx);
99 }
100
101 /*
102 Receive result of a non-authenticated dcerpc bind
103 */
104 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
105 {
106 NTSTATUS result = composite_wait(ctx);
107 TALLOC_FREE(ctx);
108 return result;
109 }
110
111
112 /*
113 Perform sync non-authenticated dcerpc bind
114 */
115 _PUBLIC_ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
116 const struct ndr_interface_table *table)
117 {
118 struct composite_context *ctx;
119
120 ctx = dcerpc_bind_auth_none_send(p, p, table);
121 return dcerpc_bind_auth_none_recv(ctx);
122 }
123
124
125 struct bind_auth_state {
126 struct dcerpc_pipe *pipe;
127 DATA_BLOB credentials;
128 bool more_processing; /* Is there anything more to do after the
129 * first bind itself received? */
130 };
131
132 static void bind_auth_recv_alter(struct tevent_req *subreq);
133
134 static void bind_auth_next_step(struct composite_context *c)
135 {
136 struct bind_auth_state *state;
137 struct dcecli_security *sec;
138 struct tevent_req *subreq;
139 bool more_processing = false;
140
141 state = talloc_get_type(c->private_data, struct bind_auth_state);
142 sec = &state->pipe->conn->security_state;
143
144 /* The status value here, from GENSEC is vital to the security
145 * of the system. Even if the other end accepts, if GENSEC
146 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
147 * feeding it blobs, or else the remote host/attacker might
148 * avoid mutal authentication requirements.
149 *
150 * Likewise, you must not feed GENSEC too much (after the OK),
151 * it doesn't like that either
152 */
153
154 state->pipe->inhibit_timeout_processing = true;
155 state->pipe->timed_out = false;
156
157 c->status = gensec_update_ev(sec->generic_state, state,
158 state->pipe->conn->event_ctx,
159 sec->auth_info->credentials,
160 &state->credentials);
161 if (state->pipe->timed_out) {
162 composite_error(c, NT_STATUS_IO_TIMEOUT);
163 return;
164 }
165 state->pipe->inhibit_timeout_processing = false;
166
167 data_blob_free(&sec->auth_info->credentials);
168
169 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
170 more_processing = true;
171 c->status = NT_STATUS_OK;
172 }
173
174 if (!composite_is_ok(c)) return;
175
176 if (state->credentials.length == 0) {
177 composite_done(c);
178 return;
179 }
180
181 sec->auth_info->credentials = state->credentials;
182
183 if (!more_processing) {
184 /* NO reply expected, so just send it */
185 c->status = dcerpc_auth3(state->pipe, state);
186 data_blob_free(&state->credentials);
187 sec->auth_info->credentials = data_blob(NULL, 0);
188 if (!composite_is_ok(c)) return;
189
190 composite_done(c);
191 return;
192 }
193
194 /* We are demanding a reply, so use a request that will get us one */
195
196 subreq = dcerpc_alter_context_send(state, state->pipe->conn->event_ctx,
197 state->pipe,
198 &state->pipe->syntax,
199 &state->pipe->transfer_syntax);
200 data_blob_free(&state->credentials);
201 sec->auth_info->credentials = data_blob(NULL, 0);
202 if (composite_nomem(subreq, c)) return;
203 tevent_req_set_callback(subreq, bind_auth_recv_alter, c);
204 }
205
206
207 static void bind_auth_recv_alter(struct tevent_req *subreq)
208 {
209 struct composite_context *c =
210 tevent_req_callback_data(subreq,
211 struct composite_context);
212
213 c->status = dcerpc_alter_context_recv(subreq);
214 TALLOC_FREE(subreq);
215 if (!composite_is_ok(c)) return;
216
217 bind_auth_next_step(c);
218 }
219
220
221 static void bind_auth_recv_bindreply(struct tevent_req *subreq)
222 {
223 struct composite_context *c =
224 tevent_req_callback_data(subreq,
225 struct composite_context);
226 struct bind_auth_state *state = talloc_get_type(c->private_data,
227 struct bind_auth_state);
228
229 c->status = dcerpc_bind_recv(subreq);
230 TALLOC_FREE(subreq);
231 if (!composite_is_ok(c)) return;
232
233 if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
234 struct dcecli_security *sec = &state->pipe->conn->security_state;
235
236 gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
237 }
238
239 if (!state->more_processing) {
240 /* The first gensec_update has not requested a second run, so
241 * we're done here. */
242 composite_done(c);
243 return;
244 }
245
246 bind_auth_next_step(c);
247 }
248
249
250 /**
251 Bind to a DCE/RPC pipe, send async request
252 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
253 @param p The dcerpc_pipe to bind (must already be connected)
254 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
255 @param credentials The credentials of the account to connect with
256 @param auth_type Select the authentication scheme to use
257 @param auth_level Chooses between unprotected (connect), signed or sealed
258 @param service The service (used by Kerberos to select the service principal to contact)
259 @retval A composite context describing the partial state of the bind
260 */
261
262 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
263 struct dcerpc_pipe *p,
264 const struct ndr_interface_table *table,
265 struct cli_credentials *credentials,
266 struct gensec_settings *gensec_settings,
267 uint8_t auth_type, uint8_t auth_level,
268 const char *service)
269 {
270 struct composite_context *c;
271 struct bind_auth_state *state;
272 struct dcecli_security *sec;
273 struct tevent_req *subreq;
274 struct ndr_syntax_id syntax, transfer_syntax;
275 const char *target_principal = NULL;
276
277 /* composite context allocation and setup */
278 c = composite_create(mem_ctx, p->conn->event_ctx);
279 if (c == NULL) return NULL;
280
281 state = talloc(c, struct bind_auth_state);
282 if (composite_nomem(state, c)) return c;
283 c->private_data = state;
284
285 state->pipe = p;
286
287 c->status = dcerpc_init_syntaxes(table, p->conn->flags,
288 &syntax,
289 &transfer_syntax);
290 if (!composite_is_ok(c)) return c;
291
292 sec = &p->conn->security_state;
293
294 c->status = gensec_client_start(p, &sec->generic_state,
295 gensec_settings);
296 if (!NT_STATUS_IS_OK(c->status)) {
297 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
298 nt_errstr(c->status)));
299 composite_error(c, c->status);
300 return c;
301 }
302
303 c->status = gensec_set_credentials(sec->generic_state, credentials);
304 if (!NT_STATUS_IS_OK(c->status)) {
305 DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
306 nt_errstr(c->status)));
307 composite_error(c, c->status);
308 return c;
309 }
310
311 c->status = gensec_set_target_hostname(sec->generic_state,
312 dcerpc_server_name(p));
313 if (!NT_STATUS_IS_OK(c->status)) {
314 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
315 nt_errstr(c->status)));
316 composite_error(c, c->status);
317 return c;
318 }
319
320 if (service != NULL) {
321 c->status = gensec_set_target_service(sec->generic_state,
322 service);
323 if (!NT_STATUS_IS_OK(c->status)) {
324 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
325 nt_errstr(c->status)));
326 composite_error(c, c->status);
327 return c;
328 }
329 }
330
331 if (p->binding != NULL) {
332 target_principal = dcerpc_binding_get_string_option(p->binding,
333 "target_principal");
334 }
335 if (target_principal != NULL) {
336 c->status = gensec_set_target_principal(sec->generic_state,
337 target_principal);
338 if (!NT_STATUS_IS_OK(c->status)) {
339 DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
340 target_principal, nt_errstr(c->status)));
341 composite_error(c, c->status);
342 return c;
343 }
344 }
345
346 c->status = gensec_start_mech_by_authtype(sec->generic_state,
347 auth_type, auth_level);
348 if (!NT_STATUS_IS_OK(c->status)) {
349 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
350 gensec_get_name_by_authtype(sec->generic_state, auth_type),
351 nt_errstr(c->status)));
352 composite_error(c, c->status);
353 return c;
354 }
355
356 sec->auth_info = talloc(p, struct dcerpc_auth);
357 if (composite_nomem(sec->auth_info, c)) return c;
358
359 sec->auth_info->auth_type = auth_type;
360 sec->auth_info->auth_level = auth_level,
361 sec->auth_info->auth_pad_length = 0;
362 sec->auth_info->auth_reserved = 0;
363 sec->auth_info->auth_context_id = random();
364 sec->auth_info->credentials = data_blob(NULL, 0);
365
366 /* The status value here, from GENSEC is vital to the security
367 * of the system. Even if the other end accepts, if GENSEC
368 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
369 * feeding it blobs, or else the remote host/attacker might
370 * avoid mutal authentication requirements.
371 *
372 * Likewise, you must not feed GENSEC too much (after the OK),
373 * it doesn't like that either
374 */
375
376 state->pipe->inhibit_timeout_processing = true;
377 state->pipe->timed_out = false;
378 c->status = gensec_update_ev(sec->generic_state, state,
379 p->conn->event_ctx,
380 sec->auth_info->credentials,
381 &state->credentials);
382 if (state->pipe->timed_out) {
383 composite_error(c, NT_STATUS_IO_TIMEOUT);
384 return c;
385 }
386 state->pipe->inhibit_timeout_processing = false;
387
388 if (!NT_STATUS_IS_OK(c->status) &&
389 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
390 composite_error(c, c->status);
391 return c;
392 }
393
394 state->more_processing = NT_STATUS_EQUAL(c->status,
395 NT_STATUS_MORE_PROCESSING_REQUIRED);
396
397 if (state->credentials.length == 0) {
398 composite_done(c);
399 return c;
400 }
401
402 sec->auth_info->credentials = state->credentials;
403
404 if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER)) {
405 if (auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
406 state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING;
407 }
408 }
409
410 /* The first request always is a dcerpc_bind. The subsequent ones
411 * depend on gensec results */
412 subreq = dcerpc_bind_send(state, p->conn->event_ctx, p,
413 &syntax, &transfer_syntax);
414 data_blob_free(&state->credentials);
415 sec->auth_info->credentials = data_blob(NULL, 0);
416 if (composite_nomem(subreq, c)) return c;
417 tevent_req_set_callback(subreq, bind_auth_recv_bindreply, c);
418
419 return c;
420 }
421
422
423 /**
424 Bind to a DCE/RPC pipe, receive result
425 @param creq A composite context describing state of async call
426 @retval NTSTATUS code
427 */
428
429 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
430 {
431 NTSTATUS result = composite_wait(creq);
432 struct bind_auth_state *state = talloc_get_type(creq->private_data,
433 struct bind_auth_state);
434
435 if (NT_STATUS_IS_OK(result)) {
436 /*
437 after a successful authenticated bind the session
438 key reverts to the generic session key
439 */
440 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
441 }
442
443 talloc_free(creq);
444 return result;
445 }
446
447
448 /**
449 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
450 @param p The dcerpc_pipe to bind (must already be connected)
451 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
452 @param credentials The credentials of the account to connect with
453 @param auth_type Select the authentication scheme to use
454 @param auth_level Chooses between unprotected (connect), signed or sealed
455 @param service The service (used by Kerberos to select the service principal to contact)
456 @retval NTSTATUS status code
457 */
458
459 _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
460 const struct ndr_interface_table *table,
461 struct cli_credentials *credentials,
462 struct gensec_settings *gensec_settings,
463 uint8_t auth_type, uint8_t auth_level,
464 const char *service)
465 {
466 struct composite_context *creq;
467 creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
468 auth_type, auth_level, service);
469 return dcerpc_bind_auth_recv(creq);
470 }
Samba GIT mirror