s3:lib/memcache: use uint8_t instead of uint8
[Samba.git] / auth / gensec / gensec.c
blob8b5c02d111cef7a8d36bd9b50051de680f88c35f
1 /*
2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "includes.h"
24 #include "system/network.h"
25 #define TEVENT_DEPRECATED 1
26 #include <tevent.h>
27 #include "lib/tsocket/tsocket.h"
28 #include "lib/util/tevent_ntstatus.h"
29 #include "auth/gensec/gensec.h"
30 #include "auth/gensec/gensec_internal.h"
31 #include "librpc/gen_ndr/dcerpc.h"
34 wrappers for the gensec function pointers
36 _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
37 uint8_t *data, size_t length,
38 const uint8_t *whole_pdu, size_t pdu_length,
39 const DATA_BLOB *sig)
41 if (!gensec_security->ops->unseal_packet) {
42 return NT_STATUS_NOT_IMPLEMENTED;
44 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
45 return NT_STATUS_INVALID_PARAMETER;
48 return gensec_security->ops->unseal_packet(gensec_security,
49 data, length,
50 whole_pdu, pdu_length,
51 sig);
54 _PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
55 const uint8_t *data, size_t length,
56 const uint8_t *whole_pdu, size_t pdu_length,
57 const DATA_BLOB *sig)
59 if (!gensec_security->ops->check_packet) {
60 return NT_STATUS_NOT_IMPLEMENTED;
62 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
63 return NT_STATUS_INVALID_PARAMETER;
66 return gensec_security->ops->check_packet(gensec_security, data, length, whole_pdu, pdu_length, sig);
69 _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
70 TALLOC_CTX *mem_ctx,
71 uint8_t *data, size_t length,
72 const uint8_t *whole_pdu, size_t pdu_length,
73 DATA_BLOB *sig)
75 if (!gensec_security->ops->seal_packet) {
76 return NT_STATUS_NOT_IMPLEMENTED;
78 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
79 return NT_STATUS_INVALID_PARAMETER;
81 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
82 return NT_STATUS_INVALID_PARAMETER;
85 return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
88 _PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
89 TALLOC_CTX *mem_ctx,
90 const uint8_t *data, size_t length,
91 const uint8_t *whole_pdu, size_t pdu_length,
92 DATA_BLOB *sig)
94 if (!gensec_security->ops->sign_packet) {
95 return NT_STATUS_NOT_IMPLEMENTED;
97 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
98 return NT_STATUS_INVALID_PARAMETER;
101 return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
104 _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size)
106 if (!gensec_security->ops->sig_size) {
107 return 0;
109 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
110 return 0;
113 return gensec_security->ops->sig_size(gensec_security, data_size);
116 _PUBLIC_ size_t gensec_max_wrapped_size(struct gensec_security *gensec_security)
118 if (!gensec_security->ops->max_wrapped_size) {
119 return (1 << 17);
122 return gensec_security->ops->max_wrapped_size(gensec_security);
125 _PUBLIC_ size_t gensec_max_input_size(struct gensec_security *gensec_security)
127 if (!gensec_security->ops->max_input_size) {
128 return (1 << 17) - gensec_sig_size(gensec_security, 1 << 17);
131 return gensec_security->ops->max_input_size(gensec_security);
134 _PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
135 TALLOC_CTX *mem_ctx,
136 const DATA_BLOB *in,
137 DATA_BLOB *out)
139 if (!gensec_security->ops->wrap) {
140 return NT_STATUS_NOT_IMPLEMENTED;
142 return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out);
145 _PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
146 TALLOC_CTX *mem_ctx,
147 const DATA_BLOB *in,
148 DATA_BLOB *out)
150 if (!gensec_security->ops->unwrap) {
151 return NT_STATUS_NOT_IMPLEMENTED;
153 return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out);
156 _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
157 TALLOC_CTX *mem_ctx,
158 DATA_BLOB *session_key)
160 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SESSION_KEY)) {
161 return NT_STATUS_NO_USER_SESSION_KEY;
164 if (!gensec_security->ops->session_key) {
165 return NT_STATUS_NOT_IMPLEMENTED;
168 return gensec_security->ops->session_key(gensec_security, mem_ctx, session_key);
172 * Return the credentials of a logged on user, including session keys
173 * etc.
175 * Only valid after a successful authentication
177 * May only be called once per authentication.
181 _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
182 TALLOC_CTX *mem_ctx,
183 struct auth_session_info **session_info)
185 if (!gensec_security->ops->session_info) {
186 return NT_STATUS_NOT_IMPLEMENTED;
188 return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info);
191 _PUBLIC_ void gensec_set_max_update_size(struct gensec_security *gensec_security,
192 uint32_t max_update_size)
194 gensec_security->max_update_size = max_update_size;
197 _PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security)
199 if (gensec_security->max_update_size == 0) {
200 return UINT32_MAX;
203 return gensec_security->max_update_size;
206 _PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security,
207 TALLOC_CTX *out_mem_ctx,
208 struct tevent_context *ev,
209 const DATA_BLOB in, DATA_BLOB *out)
211 NTSTATUS status;
212 const struct gensec_security_ops *ops = gensec_security->ops;
213 TALLOC_CTX *frame = NULL;
214 struct tevent_req *subreq = NULL;
215 bool ok;
217 if (ops->update_send == NULL) {
219 if (ev == NULL) {
220 frame = talloc_stackframe();
222 ev = samba_tevent_context_init(frame);
223 if (ev == NULL) {
224 status = NT_STATUS_NO_MEMORY;
225 goto fail;
229 * TODO: remove this hack once the backends
230 * are fixed.
232 tevent_loop_allow_nesting(ev);
235 status = ops->update(gensec_security, out_mem_ctx,
236 ev, in, out);
237 TALLOC_FREE(frame);
238 if (!NT_STATUS_IS_OK(status)) {
239 return status;
243 * Because callers using the
244 * gensec_start_mech_by_auth_type() never call
245 * gensec_want_feature(), it isn't sensible for them
246 * to have to call gensec_have_feature() manually, and
247 * these are not points of negotiation, but are
248 * asserted by the client
250 switch (gensec_security->dcerpc_auth_level) {
251 case DCERPC_AUTH_LEVEL_INTEGRITY:
252 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
253 DEBUG(0,("Did not manage to negotiate mandetory feature "
254 "SIGN for dcerpc auth_level %u\n",
255 gensec_security->dcerpc_auth_level));
256 return NT_STATUS_ACCESS_DENIED;
258 break;
259 case DCERPC_AUTH_LEVEL_PRIVACY:
260 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
261 DEBUG(0,("Did not manage to negotiate mandetory feature "
262 "SIGN for dcerpc auth_level %u\n",
263 gensec_security->dcerpc_auth_level));
264 return NT_STATUS_ACCESS_DENIED;
266 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
267 DEBUG(0,("Did not manage to negotiate mandetory feature "
268 "SEAL for dcerpc auth_level %u\n",
269 gensec_security->dcerpc_auth_level));
270 return NT_STATUS_ACCESS_DENIED;
272 break;
273 default:
274 break;
277 return NT_STATUS_OK;
280 frame = talloc_stackframe();
282 if (ev == NULL) {
283 ev = samba_tevent_context_init(frame);
284 if (ev == NULL) {
285 status = NT_STATUS_NO_MEMORY;
286 goto fail;
290 * TODO: remove this hack once the backends
291 * are fixed.
293 tevent_loop_allow_nesting(ev);
296 subreq = ops->update_send(frame, ev, gensec_security, in);
297 if (subreq == NULL) {
298 status = NT_STATUS_NO_MEMORY;
299 goto fail;
301 ok = tevent_req_poll_ntstatus(subreq, ev, &status);
302 if (!ok) {
303 goto fail;
305 status = ops->update_recv(subreq, out_mem_ctx, out);
306 fail:
307 TALLOC_FREE(frame);
308 return status;
312 * Next state function for the GENSEC state machine
314 * @param gensec_security GENSEC State
315 * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
316 * @param in The request, as a DATA_BLOB
317 * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
318 * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
319 * or NT_STATUS_OK if the user is authenticated.
322 _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security,
323 TALLOC_CTX *out_mem_ctx,
324 const DATA_BLOB in, DATA_BLOB *out)
326 return gensec_update_ev(gensec_security, out_mem_ctx, NULL, in, out);
329 struct gensec_update_state {
330 const struct gensec_security_ops *ops;
331 struct tevent_req *subreq;
332 struct gensec_security *gensec_security;
333 DATA_BLOB out;
336 * only for sync backends, we should remove this
337 * once all backends are async.
339 struct tevent_immediate *im;
340 DATA_BLOB in;
343 static void gensec_update_async_trigger(struct tevent_context *ctx,
344 struct tevent_immediate *im,
345 void *private_data);
346 static void gensec_update_subreq_done(struct tevent_req *subreq);
349 * Next state function for the GENSEC state machine async version
351 * @param mem_ctx The memory context for the request
352 * @param ev The event context for the request
353 * @param gensec_security GENSEC State
354 * @param in The request, as a DATA_BLOB
356 * @return The request handle or NULL on no memory failure
359 _PUBLIC_ struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
360 struct tevent_context *ev,
361 struct gensec_security *gensec_security,
362 const DATA_BLOB in)
364 struct tevent_req *req;
365 struct gensec_update_state *state = NULL;
367 req = tevent_req_create(mem_ctx, &state,
368 struct gensec_update_state);
369 if (req == NULL) {
370 return NULL;
373 state->ops = gensec_security->ops;
374 state->gensec_security = gensec_security;
376 if (state->ops->update_send == NULL) {
377 state->in = in;
378 state->im = tevent_create_immediate(state);
379 if (tevent_req_nomem(state->im, req)) {
380 return tevent_req_post(req, ev);
383 tevent_schedule_immediate(state->im, ev,
384 gensec_update_async_trigger,
385 req);
387 return req;
390 state->subreq = state->ops->update_send(state, ev, gensec_security, in);
391 if (tevent_req_nomem(state->subreq, req)) {
392 return tevent_req_post(req, ev);
395 tevent_req_set_callback(state->subreq,
396 gensec_update_subreq_done,
397 req);
399 return req;
402 static void gensec_update_async_trigger(struct tevent_context *ctx,
403 struct tevent_immediate *im,
404 void *private_data)
406 struct tevent_req *req =
407 talloc_get_type_abort(private_data, struct tevent_req);
408 struct gensec_update_state *state =
409 tevent_req_data(req, struct gensec_update_state);
410 NTSTATUS status;
412 status = state->ops->update(state->gensec_security, state, ctx,
413 state->in, &state->out);
414 if (tevent_req_nterror(req, status)) {
415 return;
418 tevent_req_done(req);
421 static void gensec_update_subreq_done(struct tevent_req *subreq)
423 struct tevent_req *req =
424 tevent_req_callback_data(subreq,
425 struct tevent_req);
426 struct gensec_update_state *state =
427 tevent_req_data(req,
428 struct gensec_update_state);
429 NTSTATUS status;
431 state->subreq = NULL;
433 status = state->ops->update_recv(subreq, state, &state->out);
434 TALLOC_FREE(subreq);
435 if (tevent_req_nterror(req, status)) {
436 return;
440 * Because callers using the
441 * gensec_start_mech_by_authtype() never call
442 * gensec_want_feature(), it isn't sensible for them
443 * to have to call gensec_have_feature() manually, and
444 * these are not points of negotiation, but are
445 * asserted by the client
447 switch (state->gensec_security->dcerpc_auth_level) {
448 case DCERPC_AUTH_LEVEL_INTEGRITY:
449 if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SIGN)) {
450 DEBUG(0,("Did not manage to negotiate mandetory feature "
451 "SIGN for dcerpc auth_level %u\n",
452 state->gensec_security->dcerpc_auth_level));
453 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
454 return;
456 break;
457 case DCERPC_AUTH_LEVEL_PRIVACY:
458 if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SIGN)) {
459 DEBUG(0,("Did not manage to negotiate mandetory feature "
460 "SIGN for dcerpc auth_level %u\n",
461 state->gensec_security->dcerpc_auth_level));
462 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
463 return;
465 if (!gensec_have_feature(state->gensec_security, GENSEC_FEATURE_SEAL)) {
466 DEBUG(0,("Did not manage to negotiate mandetory feature "
467 "SEAL for dcerpc auth_level %u\n",
468 state->gensec_security->dcerpc_auth_level));
469 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
470 return;
472 break;
473 default:
474 break;
477 tevent_req_done(req);
481 * Next state function for the GENSEC state machine
483 * @param req request state
484 * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
485 * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
486 * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
487 * or NT_STATUS_OK if the user is authenticated.
489 _PUBLIC_ NTSTATUS gensec_update_recv(struct tevent_req *req,
490 TALLOC_CTX *out_mem_ctx,
491 DATA_BLOB *out)
493 struct gensec_update_state *state =
494 tevent_req_data(req, struct gensec_update_state);
495 NTSTATUS status;
497 if (tevent_req_is_nterror(req, &status)) {
498 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
499 tevent_req_received(req);
500 return status;
502 } else {
503 status = NT_STATUS_OK;
506 *out = state->out;
507 talloc_steal(out_mem_ctx, out->data);
509 tevent_req_received(req);
510 return status;
514 * Set the requirement for a certain feature on the connection
518 _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security,
519 uint32_t feature)
521 if (!gensec_security->ops || !gensec_security->ops->want_feature) {
522 gensec_security->want_features |= feature;
523 return;
525 gensec_security->ops->want_feature(gensec_security, feature);
529 * Check the requirement for a certain feature on the connection
533 _PUBLIC_ bool gensec_have_feature(struct gensec_security *gensec_security,
534 uint32_t feature)
536 if (!gensec_security->ops->have_feature) {
537 return false;
540 /* We might 'have' features that we don't 'want', because the
541 * other end demanded them, or we can't neotiate them off */
542 return gensec_security->ops->have_feature(gensec_security, feature);
545 _PUBLIC_ NTTIME gensec_expire_time(struct gensec_security *gensec_security)
547 if (!gensec_security->ops->expire_time) {
548 return GENSEC_EXPIRE_TIME_INFINITY;
551 return gensec_security->ops->expire_time(gensec_security);
554 * Return the credentials structure associated with a GENSEC context
558 _PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
560 if (!gensec_security) {
561 return NULL;
563 return gensec_security->credentials;
567 * Set the target service (such as 'http' or 'host') on a GENSEC context - ensures it is talloc()ed
571 _PUBLIC_ NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service)
573 gensec_security->target.service = talloc_strdup(gensec_security, service);
574 if (!gensec_security->target.service) {
575 return NT_STATUS_NO_MEMORY;
577 return NT_STATUS_OK;
580 _PUBLIC_ const char *gensec_get_target_service(struct gensec_security *gensec_security)
582 if (gensec_security->target.service) {
583 return gensec_security->target.service;
586 return "host";
590 * Set the target hostname (suitable for kerberos resolutation) on a GENSEC context - ensures it is talloc()ed
594 _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname)
596 gensec_security->target.hostname = talloc_strdup(gensec_security, hostname);
597 if (hostname && !gensec_security->target.hostname) {
598 return NT_STATUS_NO_MEMORY;
600 return NT_STATUS_OK;
603 _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
605 /* We allow the target hostname to be overriden for testing purposes */
606 if (gensec_security->settings->target_hostname) {
607 return gensec_security->settings->target_hostname;
610 if (gensec_security->target.hostname) {
611 return gensec_security->target.hostname;
614 /* We could add use the 'set sockaddr' call, and do a reverse
615 * lookup, but this would be both insecure (compromising the
616 * way kerberos works) and add DNS timeouts */
617 return NULL;
621 * Set (and copy) local and peer socket addresses onto a socket
622 * context on the GENSEC context.
624 * This is so that kerberos can include these addresses in
625 * cryptographic tokens, to avoid certain attacks.
629 * @brief Set the local gensec address.
631 * @param gensec_security The gensec security context to use.
633 * @param remote The local address to set.
635 * @return On success NT_STATUS_OK is returned or an NT_STATUS
636 * error.
638 _PUBLIC_ NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
639 const struct tsocket_address *local)
641 TALLOC_FREE(gensec_security->local_addr);
643 if (local == NULL) {
644 return NT_STATUS_OK;
647 gensec_security->local_addr = tsocket_address_copy(local, gensec_security);
648 if (gensec_security->local_addr == NULL) {
649 return NT_STATUS_NO_MEMORY;
652 return NT_STATUS_OK;
656 * @brief Set the remote gensec address.
658 * @param gensec_security The gensec security context to use.
660 * @param remote The remote address to set.
662 * @return On success NT_STATUS_OK is returned or an NT_STATUS
663 * error.
665 _PUBLIC_ NTSTATUS gensec_set_remote_address(struct gensec_security *gensec_security,
666 const struct tsocket_address *remote)
668 TALLOC_FREE(gensec_security->remote_addr);
670 if (remote == NULL) {
671 return NT_STATUS_OK;
674 gensec_security->remote_addr = tsocket_address_copy(remote, gensec_security);
675 if (gensec_security->remote_addr == NULL) {
676 return NT_STATUS_NO_MEMORY;
679 return NT_STATUS_OK;
683 * @brief Get the local address from a gensec security context.
685 * @param gensec_security The security context to get the address from.
687 * @return The address as tsocket_address which could be NULL if
688 * no address is set.
690 _PUBLIC_ const struct tsocket_address *gensec_get_local_address(struct gensec_security *gensec_security)
692 if (gensec_security == NULL) {
693 return NULL;
695 return gensec_security->local_addr;
699 * @brief Get the remote address from a gensec security context.
701 * @param gensec_security The security context to get the address from.
703 * @return The address as tsocket_address which could be NULL if
704 * no address is set.
706 _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_security *gensec_security)
708 if (gensec_security == NULL) {
709 return NULL;
711 return gensec_security->remote_addr;
715 * Set the target principal (assuming it it known, say from the SPNEGO reply)
716 * - ensures it is talloc()ed
720 _PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
722 gensec_security->target.principal = talloc_strdup(gensec_security, principal);
723 if (!gensec_security->target.principal) {
724 return NT_STATUS_NO_MEMORY;
726 return NT_STATUS_OK;
729 _PUBLIC_ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
731 if (gensec_security->target.principal) {
732 return gensec_security->target.principal;
735 return NULL;