search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Make torture_nprocs globally available
[Samba/gebeck_regimport.git] / source4 / librpc / rpc / dcerpc_auth.c
blobcedcdd1bece08705e3b601757aab09c6d54612bc
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include <tevent.h>
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29 #include "librpc/rpc/dcerpc_proto.h"
30 #include "param/param.h"
31
32 /*
33 return the rpc syntax and transfer syntax given the pipe uuid and version
34 */
35 static NTSTATUS dcerpc_init_syntaxes(const struct ndr_interface_table *table,
36 uint32_t pipe_flags,
37 struct ndr_syntax_id *syntax,
38 struct ndr_syntax_id *transfer_syntax)
39 {
40 syntax->uuid = table->syntax_id.uuid;
41 syntax->if_version = table->syntax_id.if_version;
42
43 if (pipe_flags & DCERPC_NDR64) {
44 *transfer_syntax = ndr_transfer_syntax_ndr64;
45 } else {
46 *transfer_syntax = ndr_transfer_syntax_ndr;
47 }
48
49 return NT_STATUS_OK;
50 }
51
52
53 /*
54 Send request to do a non-authenticated dcerpc bind
55 */
56 static void dcerpc_bind_auth_none_done(struct tevent_req *subreq);
57
58 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
59 struct dcerpc_pipe *p,
60 const struct ndr_interface_table *table)
61 {
62 struct ndr_syntax_id syntax;
63 struct ndr_syntax_id transfer_syntax;
64
65 struct composite_context *c;
66 struct tevent_req *subreq;
67
68 c = composite_create(mem_ctx, p->conn->event_ctx);
69 if (c == NULL) return NULL;
70
71 c->status = dcerpc_init_syntaxes(table, p->conn->flags,
72 &syntax, &transfer_syntax);
73 if (!NT_STATUS_IS_OK(c->status)) {
74 DEBUG(2,("Invalid uuid string in "
75 "dcerpc_bind_auth_none_send\n"));
76 composite_error(c, c->status);
77 return c;
78 }
79
80 subreq = dcerpc_bind_send(mem_ctx, p->conn->event_ctx, p,
81 &syntax, &transfer_syntax);
82 if (composite_nomem(subreq, c)) return c;
83 tevent_req_set_callback(subreq, dcerpc_bind_auth_none_done, c);
84
85 return c;
86 }
87
88 static void dcerpc_bind_auth_none_done(struct tevent_req *subreq)
89 {
90 struct composite_context *ctx =
91 tevent_req_callback_data(subreq,
92 struct composite_context);
93
94 ctx->status = dcerpc_bind_recv(subreq);
95 TALLOC_FREE(subreq);
96 if (!composite_is_ok(ctx)) return;
97
98 composite_done(ctx);
99 }
100
101 /*
102 Receive result of a non-authenticated dcerpc bind
103 */
104 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
105 {
106 NTSTATUS result = composite_wait(ctx);
107 TALLOC_FREE(ctx);
108 return result;
109 }
110
111
112 /*
113 Perform sync non-authenticated dcerpc bind
114 */
115 _PUBLIC_ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
116 const struct ndr_interface_table *table)
117 {
118 struct composite_context *ctx;
119
120 ctx = dcerpc_bind_auth_none_send(p, p, table);
121 return dcerpc_bind_auth_none_recv(ctx);
122 }
123
124
125 struct bind_auth_state {
126 struct dcerpc_pipe *pipe;
127 DATA_BLOB credentials;
128 bool more_processing; /* Is there anything more to do after the
129 * first bind itself received? */
130 };
131
132 static void bind_auth_recv_alter(struct tevent_req *subreq);
133
134 static void bind_auth_next_step(struct composite_context *c)
135 {
136 struct bind_auth_state *state;
137 struct dcecli_security *sec;
138 struct tevent_req *subreq;
139 bool more_processing = false;
140
141 state = talloc_get_type(c->private_data, struct bind_auth_state);
142 sec = &state->pipe->conn->security_state;
143
144 /* The status value here, from GENSEC is vital to the security
145 * of the system. Even if the other end accepts, if GENSEC
146 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
147 * feeding it blobs, or else the remote host/attacker might
148 * avoid mutal authentication requirements.
149 *
150 * Likewise, you must not feed GENSEC too much (after the OK),
151 * it doesn't like that either
152 */
153
154 c->status = gensec_update(sec->generic_state, state,
155 state->pipe->conn->event_ctx,
156 sec->auth_info->credentials,
157 &state->credentials);
158 data_blob_free(&sec->auth_info->credentials);
159
160 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
161 more_processing = true;
162 c->status = NT_STATUS_OK;
163 }
164
165 if (!composite_is_ok(c)) return;
166
167 if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
168 gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
169 }
170
171 if (state->credentials.length == 0) {
172 composite_done(c);
173 return;
174 }
175
176 sec->auth_info->credentials = state->credentials;
177
178 if (!more_processing) {
179 /* NO reply expected, so just send it */
180 c->status = dcerpc_auth3(state->pipe, state);
181 data_blob_free(&state->credentials);
182 sec->auth_info->credentials = data_blob(NULL, 0);
183 if (!composite_is_ok(c)) return;
184
185 composite_done(c);
186 return;
187 }
188
189 /* We are demanding a reply, so use a request that will get us one */
190
191 subreq = dcerpc_alter_context_send(state, state->pipe->conn->event_ctx,
192 state->pipe,
193 &state->pipe->syntax,
194 &state->pipe->transfer_syntax);
195 data_blob_free(&state->credentials);
196 sec->auth_info->credentials = data_blob(NULL, 0);
197 if (composite_nomem(subreq, c)) return;
198 tevent_req_set_callback(subreq, bind_auth_recv_alter, c);
199 }
200
201
202 static void bind_auth_recv_alter(struct tevent_req *subreq)
203 {
204 struct composite_context *c =
205 tevent_req_callback_data(subreq,
206 struct composite_context);
207
208 c->status = dcerpc_alter_context_recv(subreq);
209 TALLOC_FREE(subreq);
210 if (!composite_is_ok(c)) return;
211
212 bind_auth_next_step(c);
213 }
214
215
216 static void bind_auth_recv_bindreply(struct tevent_req *subreq)
217 {
218 struct composite_context *c =
219 tevent_req_callback_data(subreq,
220 struct composite_context);
221 struct bind_auth_state *state = talloc_get_type(c->private_data,
222 struct bind_auth_state);
223
224 c->status = dcerpc_bind_recv(subreq);
225 TALLOC_FREE(subreq);
226 if (!composite_is_ok(c)) return;
227
228 if (!state->more_processing) {
229 /* The first gensec_update has not requested a second run, so
230 * we're done here. */
231 composite_done(c);
232 return;
233 }
234
235 bind_auth_next_step(c);
236 }
237
238
239 /**
240 Bind to a DCE/RPC pipe, send async request
241 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
242 @param p The dcerpc_pipe to bind (must already be connected)
243 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
244 @param credentials The credentials of the account to connect with
245 @param auth_type Select the authentication scheme to use
246 @param auth_level Chooses between unprotected (connect), signed or sealed
247 @param service The service (used by Kerberos to select the service principal to contact)
248 @retval A composite context describing the partial state of the bind
249 */
250
251 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
252 struct dcerpc_pipe *p,
253 const struct ndr_interface_table *table,
254 struct cli_credentials *credentials,
255 struct gensec_settings *gensec_settings,
256 uint8_t auth_type, uint8_t auth_level,
257 const char *service)
258 {
259 struct composite_context *c;
260 struct bind_auth_state *state;
261 struct dcecli_security *sec;
262 struct tevent_req *subreq;
263
264 struct ndr_syntax_id syntax, transfer_syntax;
265
266 /* composite context allocation and setup */
267 c = composite_create(mem_ctx, p->conn->event_ctx);
268 if (c == NULL) return NULL;
269
270 state = talloc(c, struct bind_auth_state);
271 if (composite_nomem(state, c)) return c;
272 c->private_data = state;
273
274 state->pipe = p;
275
276 c->status = dcerpc_init_syntaxes(table, p->conn->flags,
277 &syntax,
278 &transfer_syntax);
279 if (!composite_is_ok(c)) return c;
280
281 sec = &p->conn->security_state;
282
283 c->status = gensec_client_start(p, &sec->generic_state,
284 gensec_settings);
285 if (!NT_STATUS_IS_OK(c->status)) {
286 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
287 nt_errstr(c->status)));
288 composite_error(c, c->status);
289 return c;
290 }
291
292 c->status = gensec_set_credentials(sec->generic_state, credentials);
293 if (!NT_STATUS_IS_OK(c->status)) {
294 DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
295 nt_errstr(c->status)));
296 composite_error(c, c->status);
297 return c;
298 }
299
300 c->status = gensec_set_target_hostname(sec->generic_state,
301 p->conn->transport.target_hostname(p->conn));
302 if (!NT_STATUS_IS_OK(c->status)) {
303 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
304 nt_errstr(c->status)));
305 composite_error(c, c->status);
306 return c;
307 }
308
309 if (service != NULL) {
310 c->status = gensec_set_target_service(sec->generic_state,
311 service);
312 if (!NT_STATUS_IS_OK(c->status)) {
313 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
314 nt_errstr(c->status)));
315 composite_error(c, c->status);
316 return c;
317 }
318 }
319
320 if (p->binding && p->binding->target_principal) {
321 c->status = gensec_set_target_principal(sec->generic_state,
322 p->binding->target_principal);
323 if (!NT_STATUS_IS_OK(c->status)) {
324 DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
325 p->binding->target_principal, nt_errstr(c->status)));
326 composite_error(c, c->status);
327 return c;
328 }
329 }
330
331 c->status = gensec_start_mech_by_authtype(sec->generic_state,
332 auth_type, auth_level);
333 if (!NT_STATUS_IS_OK(c->status)) {
334 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
335 gensec_get_name_by_authtype(sec->generic_state, auth_type),
336 nt_errstr(c->status)));
337 composite_error(c, c->status);
338 return c;
339 }
340
341 sec->auth_info = talloc(p, struct dcerpc_auth);
342 if (composite_nomem(sec->auth_info, c)) return c;
343
344 sec->auth_info->auth_type = auth_type;
345 sec->auth_info->auth_level = auth_level,
346 sec->auth_info->auth_pad_length = 0;
347 sec->auth_info->auth_reserved = 0;
348 sec->auth_info->auth_context_id = random();
349 sec->auth_info->credentials = data_blob(NULL, 0);
350
351 /* The status value here, from GENSEC is vital to the security
352 * of the system. Even if the other end accepts, if GENSEC
353 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
354 * feeding it blobs, or else the remote host/attacker might
355 * avoid mutal authentication requirements.
356 *
357 * Likewise, you must not feed GENSEC too much (after the OK),
358 * it doesn't like that either
359 */
360
361 c->status = gensec_update(sec->generic_state, state,
362 p->conn->event_ctx,
363 sec->auth_info->credentials,
364 &state->credentials);
365 if (!NT_STATUS_IS_OK(c->status) &&
366 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
367 composite_error(c, c->status);
368 return c;
369 }
370
371 state->more_processing = NT_STATUS_EQUAL(c->status,
372 NT_STATUS_MORE_PROCESSING_REQUIRED);
373
374 if (state->credentials.length == 0) {
375 composite_done(c);
376 return c;
377 }
378
379 sec->auth_info->credentials = state->credentials;
380
381 /* The first request always is a dcerpc_bind. The subsequent ones
382 * depend on gensec results */
383 subreq = dcerpc_bind_send(state, p->conn->event_ctx, p,
384 &syntax, &transfer_syntax);
385 data_blob_free(&state->credentials);
386 sec->auth_info->credentials = data_blob(NULL, 0);
387 if (composite_nomem(subreq, c)) return c;
388 tevent_req_set_callback(subreq, bind_auth_recv_bindreply, c);
389
390 return c;
391 }
392
393
394 /**
395 Bind to a DCE/RPC pipe, receive result
396 @param creq A composite context describing state of async call
397 @retval NTSTATUS code
398 */
399
400 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
401 {
402 NTSTATUS result = composite_wait(creq);
403 struct bind_auth_state *state = talloc_get_type(creq->private_data,
404 struct bind_auth_state);
405
406 if (NT_STATUS_IS_OK(result)) {
407 /*
408 after a successful authenticated bind the session
409 key reverts to the generic session key
410 */
411 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
412 }
413
414 talloc_free(creq);
415 return result;
416 }
417
418
419 /**
420 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
421 @param p The dcerpc_pipe to bind (must already be connected)
422 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
423 @param credentials The credentials of the account to connect with
424 @param auth_type Select the authentication scheme to use
425 @param auth_level Chooses between unprotected (connect), signed or sealed
426 @param service The service (used by Kerberos to select the service principal to contact)
427 @retval NTSTATUS status code
428 */
429
430 _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
431 const struct ndr_interface_table *table,
432 struct cli_credentials *credentials,
433 struct gensec_settings *gensec_settings,
434 uint8_t auth_type, uint8_t auth_level,
435 const char *service)
436 {
437 struct composite_context *creq;
438 creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
439 auth_type, auth_level, service);
440 return dcerpc_bind_auth_recv(creq);
441 }
reg import