search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r15021: Couple more comments and fixes in spirit of utility functions
[Samba/ekacnet.git] / source / librpc / rpc / dcerpc_auth.c
blobc6b718e2087b203528d386ea251422f70a5795ec
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29
30
31 /*
32 Send request to do a non-authenticated dcerpc bind
33 */
34 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
35 struct dcerpc_pipe *p,
36 const struct dcerpc_interface_table *table)
37 {
38 struct dcerpc_syntax_id syntax;
39 struct dcerpc_syntax_id transfer_syntax;
40
41 struct composite_context *c;
42
43 c = talloc_zero(mem_ctx, struct composite_context);
44 if (c == NULL) return NULL;
45
46 c->status = dcerpc_init_syntaxes(table,
47 &syntax, &transfer_syntax);
48 if (!NT_STATUS_IS_OK(c->status)) {
49 DEBUG(2,("Invalid uuid string in "
50 "dcerpc_bind_auth_none_send\n"));
51 composite_error(c, c->status);
52 return c;
53 }
54
55 /* c was only allocated as a container for a possible error */
56 talloc_free(c);
57
58 return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
59 }
60
61
62 /*
63 Receive result of a non-authenticated dcerpc bind
64 */
65 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
66 {
67 return dcerpc_bind_recv(ctx);
68 }
69
70
71 /*
72 Perform sync non-authenticated dcerpc bind
73 */
74 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
75 const struct dcerpc_interface_table *table)
76 {
77 struct composite_context *ctx;
78
79 ctx = dcerpc_bind_auth_none_send(p, p, table);
80 return dcerpc_bind_auth_none_recv(ctx);
81 }
82
83
84 struct bind_auth_state {
85 struct dcerpc_pipe *pipe;
86 DATA_BLOB credentials;
87 BOOL more_processing; /* Is there anything more to do after the
88 * first bind itself received? */
89 };
90
91 static void bind_auth_recv_alter(struct composite_context *creq);
92
93 static void bind_auth_next_step(struct composite_context *c)
94 {
95 struct bind_auth_state *state;
96 struct dcerpc_security *sec;
97 struct composite_context *creq;
98 BOOL more_processing = False;
99
100 state = talloc_get_type(c->private_data, struct bind_auth_state);
101 sec = &state->pipe->conn->security_state;
102
103 /* The status value here, from GENSEC is vital to the security
104 * of the system. Even if the other end accepts, if GENSEC
105 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
106 * feeding it blobs, or else the remote host/attacker might
107 * avoid mutal authentication requirements.
108 *
109 * Likewise, you must not feed GENSEC too much (after the OK),
110 * it doesn't like that either
111 */
112
113 c->status = gensec_update(sec->generic_state, state,
114 sec->auth_info->credentials,
115 &state->credentials);
116
117 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
118 more_processing = True;
119 c->status = NT_STATUS_OK;
120 }
121
122 if (!composite_is_ok(c)) return;
123
124 if (state->credentials.length == 0) {
125 composite_done(c);
126 return;
127 }
128
129 sec->auth_info->credentials = state->credentials;
130
131 if (!more_processing) {
132 /* NO reply expected, so just send it */
133 c->status = dcerpc_auth3(state->pipe->conn, state);
134 if (!composite_is_ok(c)) return;
135
136 composite_done(c);
137 return;
138 }
139
140 /* We are demanding a reply, so use a request that will get us one */
141
142 creq = dcerpc_alter_context_send(state->pipe, state,
143 &state->pipe->syntax,
144 &state->pipe->transfer_syntax);
145 if (composite_nomem(creq, c)) return;
146
147 composite_continue(c, creq, bind_auth_recv_alter, c);
148 }
149
150
151 static void bind_auth_recv_alter(struct composite_context *creq)
152 {
153 struct composite_context *c = talloc_get_type(creq->async.private_data,
154 struct composite_context);
155
156 c->status = dcerpc_alter_context_recv(creq);
157 if (!composite_is_ok(c)) return;
158
159 bind_auth_next_step(c);
160 }
161
162
163 static void bind_auth_recv_bindreply(struct composite_context *creq)
164 {
165 struct composite_context *c = talloc_get_type(creq->async.private_data,
166 struct composite_context);
167 struct bind_auth_state *state = talloc_get_type(c->private_data,
168 struct bind_auth_state);
169
170 c->status = dcerpc_bind_recv(creq);
171 if (!composite_is_ok(c)) return;
172
173 if (!state->more_processing) {
174 /* The first gensec_update has not requested a second run, so
175 * we're done here. */
176 composite_done(c);
177 return;
178 }
179
180 bind_auth_next_step(c);
181 }
182
183
184 /**
185 Bind to a DCE/RPC pipe, send async request
186 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
187 @param p The dcerpc_pipe to bind (must already be connected)
188 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
189 @param credentials The credentials of the account to connect with
190 @param auth_type Select the authentication scheme to use
191 @param auth_level Chooses between unprotected (connect), signed or sealed
192 @param service The service (used by Kerberos to select the service principal to contact)
193 @retval A composite context describing the partial state of the bind
194 */
195
196 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
197 struct dcerpc_pipe *p,
198 const struct dcerpc_interface_table *table,
199 struct cli_credentials *credentials,
200 uint8_t auth_type, uint8_t auth_level,
201 const char *service)
202 {
203 struct composite_context *c, *creq;
204 struct bind_auth_state *state;
205 struct dcerpc_security *sec;
206
207 struct dcerpc_syntax_id syntax, transfer_syntax;
208
209 /* composite context allocation and setup */
210 c = talloc_zero(mem_ctx, struct composite_context);
211 if (c == NULL) return NULL;
212
213 state = talloc(c, struct bind_auth_state);
214 if (composite_nomem(state, c)) return c;
215
216 c->state = COMPOSITE_STATE_IN_PROGRESS;
217 c->private_data = state;
218 c->event_ctx = p->conn->event_ctx;
219
220 state->pipe = p;
221
222 c->status = dcerpc_init_syntaxes(table,
223 &syntax,
224 &transfer_syntax);
225 if (!NT_STATUS_IS_OK(c->status)) goto failed;
226
227 sec = &p->conn->security_state;
228
229 c->status = gensec_client_start(p, &sec->generic_state,
230 p->conn->event_ctx);
231 if (!NT_STATUS_IS_OK(c->status)) {
232 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
233 nt_errstr(c->status)));
234 goto failed;
235 }
236
237 c->status = gensec_set_credentials(sec->generic_state, credentials);
238 if (!NT_STATUS_IS_OK(c->status)) {
239 DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
240 nt_errstr(c->status)));
241 goto failed;
242 }
243
244 c->status = gensec_set_target_hostname(
245 sec->generic_state, p->conn->transport.target_hostname(p->conn));
246 if (!NT_STATUS_IS_OK(c->status)) {
247 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
248 nt_errstr(c->status)));
249 goto failed;
250 }
251
252 if (service != NULL) {
253 c->status = gensec_set_target_service(sec->generic_state,
254 service);
255 if (!NT_STATUS_IS_OK(c->status)) {
256 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
257 nt_errstr(c->status)));
258 goto failed;
259 }
260 }
261
262 c->status = gensec_start_mech_by_authtype(sec->generic_state,
263 auth_type, auth_level);
264 if (!NT_STATUS_IS_OK(c->status)) {
265 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
266 gensec_get_name_by_authtype(auth_type),
267 nt_errstr(c->status)));
268 goto failed;
269 }
270
271 sec->auth_info = talloc(p, struct dcerpc_auth);
272 if (composite_nomem(sec->auth_info, c)) return c;
273
274 sec->auth_info->auth_type = auth_type;
275 sec->auth_info->auth_level = auth_level,
276 sec->auth_info->auth_pad_length = 0;
277 sec->auth_info->auth_reserved = 0;
278 sec->auth_info->auth_context_id = random();
279 sec->auth_info->credentials = data_blob(NULL, 0);
280
281 /* The status value here, from GENSEC is vital to the security
282 * of the system. Even if the other end accepts, if GENSEC
283 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
284 * feeding it blobs, or else the remote host/attacker might
285 * avoid mutal authentication requirements.
286 *
287 * Likewise, you must not feed GENSEC too much (after the OK),
288 * it doesn't like that either
289 */
290
291 c->status = gensec_update(sec->generic_state, state,
292 sec->auth_info->credentials,
293 &state->credentials);
294 if (!NT_STATUS_IS_OK(c->status) &&
295 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
296 goto failed;
297 }
298
299 state->more_processing =
300 NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED);
301
302 if (state->credentials.length == 0) {
303 composite_done(c);
304 return c;
305 }
306
307 sec->auth_info->credentials = state->credentials;
308
309 /* The first request always is a dcerpc_bind. The subsequent ones
310 * depend on gensec results */
311 creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
312 if (composite_nomem(creq, c)) return c;
313
314 composite_continue(c, creq, bind_auth_recv_bindreply, c);
315 return c;
316
317 failed:
318 composite_error(c, c->status);
319 return c;
320 }
321
322
323 /**
324 Bind to a DCE/RPC pipe, receive result
325 @param creq A composite context describing state of async call
326 @retval NTSTATUS code
327 */
328
329 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
330 {
331 NTSTATUS result = composite_wait(creq);
332 struct bind_auth_state *state = talloc_get_type(creq->private_data,
333 struct bind_auth_state);
334
335 if (NT_STATUS_IS_OK(result)) {
336 /*
337 after a successful authenticated bind the session
338 key reverts to the generic session key
339 */
340 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
341 }
342
343 talloc_free(creq);
344 return result;
345 }
346
347
348 /**
349 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
350 @param p The dcerpc_pipe to bind (must already be connected)
351 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
352 @param credentials The credentials of the account to connect with
353 @param auth_type Select the authentication scheme to use
354 @param auth_level Chooses between unprotected (connect), signed or sealed
355 @param service The service (used by Kerberos to select the service principal to contact)
356 @retval NTSTATUS status code
357 */
358
359 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
360 const struct dcerpc_interface_table *table,
361 struct cli_credentials *credentials,
362 uint8_t auth_type, uint8_t auth_level,
363 const char *service)
364 {
365 struct composite_context *creq;
366 creq = dcerpc_bind_auth_send(p, p, table, credentials,
367 auth_type, auth_level, service);
368 return dcerpc_bind_auth_recv(creq);
369 }