2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "librpc/rpc/dcerpc.h"
29 #include "librpc/rpc/dcerpc_proto.h"
30 #include "param/param.h"
33 return the rpc syntax and transfer syntax given the pipe uuid and version
35 static NTSTATUS
dcerpc_init_syntaxes(const struct ndr_interface_table
*table
,
37 struct ndr_syntax_id
*syntax
,
38 struct ndr_syntax_id
*transfer_syntax
)
40 syntax
->uuid
= table
->syntax_id
.uuid
;
41 syntax
->if_version
= table
->syntax_id
.if_version
;
43 if (pipe_flags
& DCERPC_NDR64
) {
44 *transfer_syntax
= ndr_transfer_syntax_ndr64
;
46 *transfer_syntax
= ndr_transfer_syntax_ndr
;
54 Send request to do a non-authenticated dcerpc bind
56 static void dcerpc_bind_auth_none_done(struct tevent_req
*subreq
);
58 struct composite_context
*dcerpc_bind_auth_none_send(TALLOC_CTX
*mem_ctx
,
59 struct dcerpc_pipe
*p
,
60 const struct ndr_interface_table
*table
)
62 struct ndr_syntax_id syntax
;
63 struct ndr_syntax_id transfer_syntax
;
65 struct composite_context
*c
;
66 struct tevent_req
*subreq
;
68 c
= composite_create(mem_ctx
, p
->conn
->event_ctx
);
69 if (c
== NULL
) return NULL
;
71 c
->status
= dcerpc_init_syntaxes(table
, p
->conn
->flags
,
72 &syntax
, &transfer_syntax
);
73 if (!NT_STATUS_IS_OK(c
->status
)) {
74 DEBUG(2,("Invalid uuid string in "
75 "dcerpc_bind_auth_none_send\n"));
76 composite_error(c
, c
->status
);
80 subreq
= dcerpc_bind_send(mem_ctx
, p
->conn
->event_ctx
, p
,
81 &syntax
, &transfer_syntax
);
82 if (composite_nomem(subreq
, c
)) return c
;
83 tevent_req_set_callback(subreq
, dcerpc_bind_auth_none_done
, c
);
88 static void dcerpc_bind_auth_none_done(struct tevent_req
*subreq
)
90 struct composite_context
*ctx
=
91 tevent_req_callback_data(subreq
,
92 struct composite_context
);
94 ctx
->status
= dcerpc_bind_recv(subreq
);
96 if (!composite_is_ok(ctx
)) return;
102 Receive result of a non-authenticated dcerpc bind
104 NTSTATUS
dcerpc_bind_auth_none_recv(struct composite_context
*ctx
)
106 NTSTATUS result
= composite_wait(ctx
);
113 Perform sync non-authenticated dcerpc bind
115 _PUBLIC_ NTSTATUS
dcerpc_bind_auth_none(struct dcerpc_pipe
*p
,
116 const struct ndr_interface_table
*table
)
118 struct composite_context
*ctx
;
120 ctx
= dcerpc_bind_auth_none_send(p
, p
, table
);
121 return dcerpc_bind_auth_none_recv(ctx
);
125 struct bind_auth_state
{
126 struct dcerpc_pipe
*pipe
;
127 DATA_BLOB credentials
;
128 bool more_processing
; /* Is there anything more to do after the
129 * first bind itself received? */
132 static void bind_auth_recv_alter(struct tevent_req
*subreq
);
134 static void bind_auth_next_step(struct composite_context
*c
)
136 struct bind_auth_state
*state
;
137 struct dcecli_security
*sec
;
138 struct tevent_req
*subreq
;
139 bool more_processing
= false;
141 state
= talloc_get_type(c
->private_data
, struct bind_auth_state
);
142 sec
= &state
->pipe
->conn
->security_state
;
144 /* The status value here, from GENSEC is vital to the security
145 * of the system. Even if the other end accepts, if GENSEC
146 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
147 * feeding it blobs, or else the remote host/attacker might
148 * avoid mutal authentication requirements.
150 * Likewise, you must not feed GENSEC too much (after the OK),
151 * it doesn't like that either
154 c
->status
= gensec_update(sec
->generic_state
, state
,
155 state
->pipe
->conn
->event_ctx
,
156 sec
->auth_info
->credentials
,
157 &state
->credentials
);
158 data_blob_free(&sec
->auth_info
->credentials
);
160 if (NT_STATUS_EQUAL(c
->status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
161 more_processing
= true;
162 c
->status
= NT_STATUS_OK
;
165 if (!composite_is_ok(c
)) return;
167 if (state
->pipe
->conn
->flags
& DCERPC_HEADER_SIGNING
) {
168 gensec_want_feature(sec
->generic_state
, GENSEC_FEATURE_SIGN_PKT_HEADER
);
171 if (state
->credentials
.length
== 0) {
176 sec
->auth_info
->credentials
= state
->credentials
;
178 if (!more_processing
) {
179 /* NO reply expected, so just send it */
180 c
->status
= dcerpc_auth3(state
->pipe
, state
);
181 data_blob_free(&state
->credentials
);
182 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
183 if (!composite_is_ok(c
)) return;
189 /* We are demanding a reply, so use a request that will get us one */
191 subreq
= dcerpc_alter_context_send(state
, state
->pipe
->conn
->event_ctx
,
193 &state
->pipe
->syntax
,
194 &state
->pipe
->transfer_syntax
);
195 data_blob_free(&state
->credentials
);
196 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
197 if (composite_nomem(subreq
, c
)) return;
198 tevent_req_set_callback(subreq
, bind_auth_recv_alter
, c
);
202 static void bind_auth_recv_alter(struct tevent_req
*subreq
)
204 struct composite_context
*c
=
205 tevent_req_callback_data(subreq
,
206 struct composite_context
);
208 c
->status
= dcerpc_alter_context_recv(subreq
);
210 if (!composite_is_ok(c
)) return;
212 bind_auth_next_step(c
);
216 static void bind_auth_recv_bindreply(struct tevent_req
*subreq
)
218 struct composite_context
*c
=
219 tevent_req_callback_data(subreq
,
220 struct composite_context
);
221 struct bind_auth_state
*state
= talloc_get_type(c
->private_data
,
222 struct bind_auth_state
);
224 c
->status
= dcerpc_bind_recv(subreq
);
226 if (!composite_is_ok(c
)) return;
228 if (!state
->more_processing
) {
229 /* The first gensec_update has not requested a second run, so
230 * we're done here. */
235 bind_auth_next_step(c
);
240 Bind to a DCE/RPC pipe, send async request
241 @param mem_ctx TALLOC_CTX for the allocation of the composite_context
242 @param p The dcerpc_pipe to bind (must already be connected)
243 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
244 @param credentials The credentials of the account to connect with
245 @param auth_type Select the authentication scheme to use
246 @param auth_level Chooses between unprotected (connect), signed or sealed
247 @param service The service (used by Kerberos to select the service principal to contact)
248 @retval A composite context describing the partial state of the bind
251 struct composite_context
*dcerpc_bind_auth_send(TALLOC_CTX
*mem_ctx
,
252 struct dcerpc_pipe
*p
,
253 const struct ndr_interface_table
*table
,
254 struct cli_credentials
*credentials
,
255 struct gensec_settings
*gensec_settings
,
256 uint8_t auth_type
, uint8_t auth_level
,
259 struct composite_context
*c
;
260 struct bind_auth_state
*state
;
261 struct dcecli_security
*sec
;
262 struct tevent_req
*subreq
;
264 struct ndr_syntax_id syntax
, transfer_syntax
;
266 /* composite context allocation and setup */
267 c
= composite_create(mem_ctx
, p
->conn
->event_ctx
);
268 if (c
== NULL
) return NULL
;
270 state
= talloc(c
, struct bind_auth_state
);
271 if (composite_nomem(state
, c
)) return c
;
272 c
->private_data
= state
;
276 c
->status
= dcerpc_init_syntaxes(table
, p
->conn
->flags
,
279 if (!composite_is_ok(c
)) return c
;
281 sec
= &p
->conn
->security_state
;
283 c
->status
= gensec_client_start(p
, &sec
->generic_state
,
285 if (!NT_STATUS_IS_OK(c
->status
)) {
286 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
287 nt_errstr(c
->status
)));
288 composite_error(c
, c
->status
);
292 c
->status
= gensec_set_credentials(sec
->generic_state
, credentials
);
293 if (!NT_STATUS_IS_OK(c
->status
)) {
294 DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
295 nt_errstr(c
->status
)));
296 composite_error(c
, c
->status
);
300 c
->status
= gensec_set_target_hostname(sec
->generic_state
,
301 p
->conn
->transport
.target_hostname(p
->conn
));
302 if (!NT_STATUS_IS_OK(c
->status
)) {
303 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
304 nt_errstr(c
->status
)));
305 composite_error(c
, c
->status
);
309 if (service
!= NULL
) {
310 c
->status
= gensec_set_target_service(sec
->generic_state
,
312 if (!NT_STATUS_IS_OK(c
->status
)) {
313 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
314 nt_errstr(c
->status
)));
315 composite_error(c
, c
->status
);
320 if (p
->binding
&& p
->binding
->target_principal
) {
321 c
->status
= gensec_set_target_principal(sec
->generic_state
,
322 p
->binding
->target_principal
);
323 if (!NT_STATUS_IS_OK(c
->status
)) {
324 DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
325 p
->binding
->target_principal
, nt_errstr(c
->status
)));
326 composite_error(c
, c
->status
);
331 c
->status
= gensec_start_mech_by_authtype(sec
->generic_state
,
332 auth_type
, auth_level
);
333 if (!NT_STATUS_IS_OK(c
->status
)) {
334 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
335 gensec_get_name_by_authtype(sec
->generic_state
, auth_type
),
336 nt_errstr(c
->status
)));
337 composite_error(c
, c
->status
);
341 sec
->auth_info
= talloc(p
, struct dcerpc_auth
);
342 if (composite_nomem(sec
->auth_info
, c
)) return c
;
344 sec
->auth_info
->auth_type
= auth_type
;
345 sec
->auth_info
->auth_level
= auth_level
,
346 sec
->auth_info
->auth_pad_length
= 0;
347 sec
->auth_info
->auth_reserved
= 0;
348 sec
->auth_info
->auth_context_id
= random();
349 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
351 /* The status value here, from GENSEC is vital to the security
352 * of the system. Even if the other end accepts, if GENSEC
353 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
354 * feeding it blobs, or else the remote host/attacker might
355 * avoid mutal authentication requirements.
357 * Likewise, you must not feed GENSEC too much (after the OK),
358 * it doesn't like that either
361 c
->status
= gensec_update(sec
->generic_state
, state
,
363 sec
->auth_info
->credentials
,
364 &state
->credentials
);
365 if (!NT_STATUS_IS_OK(c
->status
) &&
366 !NT_STATUS_EQUAL(c
->status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
367 composite_error(c
, c
->status
);
371 state
->more_processing
= NT_STATUS_EQUAL(c
->status
,
372 NT_STATUS_MORE_PROCESSING_REQUIRED
);
374 if (state
->credentials
.length
== 0) {
379 sec
->auth_info
->credentials
= state
->credentials
;
381 /* The first request always is a dcerpc_bind. The subsequent ones
382 * depend on gensec results */
383 subreq
= dcerpc_bind_send(state
, p
->conn
->event_ctx
, p
,
384 &syntax
, &transfer_syntax
);
385 data_blob_free(&state
->credentials
);
386 sec
->auth_info
->credentials
= data_blob(NULL
, 0);
387 if (composite_nomem(subreq
, c
)) return c
;
388 tevent_req_set_callback(subreq
, bind_auth_recv_bindreply
, c
);
395 Bind to a DCE/RPC pipe, receive result
396 @param creq A composite context describing state of async call
397 @retval NTSTATUS code
400 NTSTATUS
dcerpc_bind_auth_recv(struct composite_context
*creq
)
402 NTSTATUS result
= composite_wait(creq
);
403 struct bind_auth_state
*state
= talloc_get_type(creq
->private_data
,
404 struct bind_auth_state
);
406 if (NT_STATUS_IS_OK(result
)) {
408 after a successful authenticated bind the session
409 key reverts to the generic session key
411 state
->pipe
->conn
->security_state
.session_key
= dcerpc_generic_session_key
;
420 Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
421 @param p The dcerpc_pipe to bind (must already be connected)
422 @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
423 @param credentials The credentials of the account to connect with
424 @param auth_type Select the authentication scheme to use
425 @param auth_level Chooses between unprotected (connect), signed or sealed
426 @param service The service (used by Kerberos to select the service principal to contact)
427 @retval NTSTATUS status code
430 _PUBLIC_ NTSTATUS
dcerpc_bind_auth(struct dcerpc_pipe
*p
,
431 const struct ndr_interface_table
*table
,
432 struct cli_credentials
*credentials
,
433 struct gensec_settings
*gensec_settings
,
434 uint8_t auth_type
, uint8_t auth_level
,
437 struct composite_context
*creq
;
438 creq
= dcerpc_bind_auth_send(p
, p
, table
, credentials
, gensec_settings
,
439 auth_type
, auth_level
, service
);
440 return dcerpc_bind_auth_recv(creq
);