2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/network.h"
26 #include "lib/tsocket/tsocket.h"
27 #include "lib/util/tevent_ntstatus.h"
28 #include "auth/gensec/gensec.h"
29 #include "librpc/rpc/dcerpc.h"
32 wrappers for the gensec function pointers
34 _PUBLIC_ NTSTATUS
gensec_unseal_packet(struct gensec_security
*gensec_security
,
35 uint8_t *data
, size_t length
,
36 const uint8_t *whole_pdu
, size_t pdu_length
,
39 if (!gensec_security
->ops
->unseal_packet
) {
40 return NT_STATUS_NOT_IMPLEMENTED
;
42 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SEAL
)) {
43 return NT_STATUS_INVALID_PARAMETER
;
46 return gensec_security
->ops
->unseal_packet(gensec_security
,
48 whole_pdu
, pdu_length
,
52 _PUBLIC_ NTSTATUS
gensec_check_packet(struct gensec_security
*gensec_security
,
53 const uint8_t *data
, size_t length
,
54 const uint8_t *whole_pdu
, size_t pdu_length
,
57 if (!gensec_security
->ops
->check_packet
) {
58 return NT_STATUS_NOT_IMPLEMENTED
;
60 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
61 return NT_STATUS_INVALID_PARAMETER
;
64 return gensec_security
->ops
->check_packet(gensec_security
, data
, length
, whole_pdu
, pdu_length
, sig
);
67 _PUBLIC_ NTSTATUS
gensec_seal_packet(struct gensec_security
*gensec_security
,
69 uint8_t *data
, size_t length
,
70 const uint8_t *whole_pdu
, size_t pdu_length
,
73 if (!gensec_security
->ops
->seal_packet
) {
74 return NT_STATUS_NOT_IMPLEMENTED
;
76 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SEAL
)) {
77 return NT_STATUS_INVALID_PARAMETER
;
79 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
80 return NT_STATUS_INVALID_PARAMETER
;
83 return gensec_security
->ops
->seal_packet(gensec_security
, mem_ctx
, data
, length
, whole_pdu
, pdu_length
, sig
);
86 _PUBLIC_ NTSTATUS
gensec_sign_packet(struct gensec_security
*gensec_security
,
88 const uint8_t *data
, size_t length
,
89 const uint8_t *whole_pdu
, size_t pdu_length
,
92 if (!gensec_security
->ops
->sign_packet
) {
93 return NT_STATUS_NOT_IMPLEMENTED
;
95 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
96 return NT_STATUS_INVALID_PARAMETER
;
99 return gensec_security
->ops
->sign_packet(gensec_security
, mem_ctx
, data
, length
, whole_pdu
, pdu_length
, sig
);
102 _PUBLIC_
size_t gensec_sig_size(struct gensec_security
*gensec_security
, size_t data_size
)
104 if (!gensec_security
->ops
->sig_size
) {
107 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
111 return gensec_security
->ops
->sig_size(gensec_security
, data_size
);
114 _PUBLIC_
size_t gensec_max_wrapped_size(struct gensec_security
*gensec_security
)
116 if (!gensec_security
->ops
->max_wrapped_size
) {
120 return gensec_security
->ops
->max_wrapped_size(gensec_security
);
123 _PUBLIC_
size_t gensec_max_input_size(struct gensec_security
*gensec_security
)
125 if (!gensec_security
->ops
->max_input_size
) {
126 return (1 << 17) - gensec_sig_size(gensec_security
, 1 << 17);
129 return gensec_security
->ops
->max_input_size(gensec_security
);
132 _PUBLIC_ NTSTATUS
gensec_wrap(struct gensec_security
*gensec_security
,
137 if (!gensec_security
->ops
->wrap
) {
138 return NT_STATUS_NOT_IMPLEMENTED
;
140 return gensec_security
->ops
->wrap(gensec_security
, mem_ctx
, in
, out
);
143 _PUBLIC_ NTSTATUS
gensec_unwrap(struct gensec_security
*gensec_security
,
148 if (!gensec_security
->ops
->unwrap
) {
149 return NT_STATUS_NOT_IMPLEMENTED
;
151 return gensec_security
->ops
->unwrap(gensec_security
, mem_ctx
, in
, out
);
154 _PUBLIC_ NTSTATUS
gensec_session_key(struct gensec_security
*gensec_security
,
156 DATA_BLOB
*session_key
)
158 if (!gensec_security
->ops
->session_key
) {
159 return NT_STATUS_NOT_IMPLEMENTED
;
161 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SESSION_KEY
)) {
162 return NT_STATUS_NO_USER_SESSION_KEY
;
165 return gensec_security
->ops
->session_key(gensec_security
, mem_ctx
, session_key
);
169 * Return the credentials of a logged on user, including session keys
172 * Only valid after a successful authentication
174 * May only be called once per authentication.
178 _PUBLIC_ NTSTATUS
gensec_session_info(struct gensec_security
*gensec_security
,
180 struct auth_session_info
**session_info
)
182 if (!gensec_security
->ops
->session_info
) {
183 return NT_STATUS_NOT_IMPLEMENTED
;
185 return gensec_security
->ops
->session_info(gensec_security
, mem_ctx
, session_info
);
188 _PUBLIC_
void gensec_set_max_update_size(struct gensec_security
*gensec_security
,
189 uint32_t max_update_size
)
191 gensec_security
->max_update_size
= max_update_size
;
194 _PUBLIC_
size_t gensec_max_update_size(struct gensec_security
*gensec_security
)
196 if (gensec_security
->max_update_size
== 0) {
200 return gensec_security
->max_update_size
;
204 * Next state function for the GENSEC state machine
206 * @param gensec_security GENSEC State
207 * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
208 * @param in The request, as a DATA_BLOB
209 * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
210 * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
211 * or NT_STATUS_OK if the user is authenticated.
214 _PUBLIC_ NTSTATUS
gensec_update(struct gensec_security
*gensec_security
, TALLOC_CTX
*out_mem_ctx
,
215 struct tevent_context
*ev
,
216 const DATA_BLOB in
, DATA_BLOB
*out
)
220 status
= gensec_security
->ops
->update(gensec_security
, out_mem_ctx
,
222 if (!NT_STATUS_IS_OK(status
)) {
227 * Because callers using the
228 * gensec_start_mech_by_auth_type() never call
229 * gensec_want_feature(), it isn't sensible for them
230 * to have to call gensec_have_feature() manually, and
231 * these are not points of negotiation, but are
232 * asserted by the client
234 switch (gensec_security
->dcerpc_auth_level
) {
235 case DCERPC_AUTH_LEVEL_INTEGRITY
:
236 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
237 DEBUG(0,("Did not manage to negotiate mandetory feature "
238 "SIGN for dcerpc auth_level %u\n",
239 gensec_security
->dcerpc_auth_level
));
240 return NT_STATUS_ACCESS_DENIED
;
243 case DCERPC_AUTH_LEVEL_PRIVACY
:
244 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SIGN
)) {
245 DEBUG(0,("Did not manage to negotiate mandetory feature "
246 "SIGN for dcerpc auth_level %u\n",
247 gensec_security
->dcerpc_auth_level
));
248 return NT_STATUS_ACCESS_DENIED
;
250 if (!gensec_have_feature(gensec_security
, GENSEC_FEATURE_SEAL
)) {
251 DEBUG(0,("Did not manage to negotiate mandetory feature "
252 "SEAL for dcerpc auth_level %u\n",
253 gensec_security
->dcerpc_auth_level
));
254 return NT_STATUS_ACCESS_DENIED
;
264 struct gensec_update_state
{
265 struct tevent_immediate
*im
;
266 struct gensec_security
*gensec_security
;
271 static void gensec_update_async_trigger(struct tevent_context
*ctx
,
272 struct tevent_immediate
*im
,
275 * Next state function for the GENSEC state machine async version
277 * @param mem_ctx The memory context for the request
278 * @param ev The event context for the request
279 * @param gensec_security GENSEC State
280 * @param in The request, as a DATA_BLOB
282 * @return The request handle or NULL on no memory failure
285 _PUBLIC_
struct tevent_req
*gensec_update_send(TALLOC_CTX
*mem_ctx
,
286 struct tevent_context
*ev
,
287 struct gensec_security
*gensec_security
,
290 struct tevent_req
*req
;
291 struct gensec_update_state
*state
= NULL
;
293 req
= tevent_req_create(mem_ctx
, &state
,
294 struct gensec_update_state
);
299 state
->gensec_security
= gensec_security
;
301 state
->out
= data_blob(NULL
, 0);
302 state
->im
= tevent_create_immediate(state
);
303 if (tevent_req_nomem(state
->im
, req
)) {
304 return tevent_req_post(req
, ev
);
307 tevent_schedule_immediate(state
->im
, ev
,
308 gensec_update_async_trigger
,
314 static void gensec_update_async_trigger(struct tevent_context
*ctx
,
315 struct tevent_immediate
*im
,
318 struct tevent_req
*req
=
319 talloc_get_type_abort(private_data
, struct tevent_req
);
320 struct gensec_update_state
*state
=
321 tevent_req_data(req
, struct gensec_update_state
);
324 status
= gensec_update(state
->gensec_security
, state
, ctx
,
325 state
->in
, &state
->out
);
326 if (tevent_req_nterror(req
, status
)) {
330 tevent_req_done(req
);
334 * Next state function for the GENSEC state machine
336 * @param req request state
337 * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
338 * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
339 * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
340 * or NT_STATUS_OK if the user is authenticated.
342 _PUBLIC_ NTSTATUS
gensec_update_recv(struct tevent_req
*req
,
343 TALLOC_CTX
*out_mem_ctx
,
346 struct gensec_update_state
*state
=
347 tevent_req_data(req
, struct gensec_update_state
);
350 if (tevent_req_is_nterror(req
, &status
)) {
351 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
352 tevent_req_received(req
);
356 status
= NT_STATUS_OK
;
360 talloc_steal(out_mem_ctx
, out
->data
);
362 tevent_req_received(req
);
367 * Set the requirement for a certain feature on the connection
371 _PUBLIC_
void gensec_want_feature(struct gensec_security
*gensec_security
,
374 if (!gensec_security
->ops
|| !gensec_security
->ops
->want_feature
) {
375 gensec_security
->want_features
|= feature
;
378 gensec_security
->ops
->want_feature(gensec_security
, feature
);
382 * Check the requirement for a certain feature on the connection
386 _PUBLIC_
bool gensec_have_feature(struct gensec_security
*gensec_security
,
389 if (!gensec_security
->ops
->have_feature
) {
393 /* We might 'have' features that we don't 'want', because the
394 * other end demanded them, or we can't neotiate them off */
395 return gensec_security
->ops
->have_feature(gensec_security
, feature
);
399 * Return the credentials structure associated with a GENSEC context
403 _PUBLIC_
struct cli_credentials
*gensec_get_credentials(struct gensec_security
*gensec_security
)
405 if (!gensec_security
) {
408 return gensec_security
->credentials
;
412 * Set the target service (such as 'http' or 'host') on a GENSEC context - ensures it is talloc()ed
416 _PUBLIC_ NTSTATUS
gensec_set_target_service(struct gensec_security
*gensec_security
, const char *service
)
418 gensec_security
->target
.service
= talloc_strdup(gensec_security
, service
);
419 if (!gensec_security
->target
.service
) {
420 return NT_STATUS_NO_MEMORY
;
425 _PUBLIC_
const char *gensec_get_target_service(struct gensec_security
*gensec_security
)
427 if (gensec_security
->target
.service
) {
428 return gensec_security
->target
.service
;
435 * Set the target hostname (suitable for kerberos resolutation) on a GENSEC context - ensures it is talloc()ed
439 _PUBLIC_ NTSTATUS
gensec_set_target_hostname(struct gensec_security
*gensec_security
, const char *hostname
)
441 gensec_security
->target
.hostname
= talloc_strdup(gensec_security
, hostname
);
442 if (hostname
&& !gensec_security
->target
.hostname
) {
443 return NT_STATUS_NO_MEMORY
;
448 _PUBLIC_
const char *gensec_get_target_hostname(struct gensec_security
*gensec_security
)
450 /* We allow the target hostname to be overriden for testing purposes */
451 if (gensec_security
->settings
->target_hostname
) {
452 return gensec_security
->settings
->target_hostname
;
455 if (gensec_security
->target
.hostname
) {
456 return gensec_security
->target
.hostname
;
459 /* We could add use the 'set sockaddr' call, and do a reverse
460 * lookup, but this would be both insecure (compromising the
461 * way kerberos works) and add DNS timeouts */
466 * Set (and copy) local and peer socket addresses onto a socket
467 * context on the GENSEC context.
469 * This is so that kerberos can include these addresses in
470 * cryptographic tokens, to avoid certain attacks.
474 * @brief Set the local gensec address.
476 * @param gensec_security The gensec security context to use.
478 * @param remote The local address to set.
480 * @return On success NT_STATUS_OK is returned or an NT_STATUS
483 _PUBLIC_ NTSTATUS
gensec_set_local_address(struct gensec_security
*gensec_security
,
484 const struct tsocket_address
*local
)
486 TALLOC_FREE(gensec_security
->local_addr
);
492 gensec_security
->local_addr
= tsocket_address_copy(local
, gensec_security
);
493 if (gensec_security
->local_addr
== NULL
) {
494 return NT_STATUS_NO_MEMORY
;
501 * @brief Set the remote gensec address.
503 * @param gensec_security The gensec security context to use.
505 * @param remote The remote address to set.
507 * @return On success NT_STATUS_OK is returned or an NT_STATUS
510 _PUBLIC_ NTSTATUS
gensec_set_remote_address(struct gensec_security
*gensec_security
,
511 const struct tsocket_address
*remote
)
513 TALLOC_FREE(gensec_security
->remote_addr
);
515 if (remote
== NULL
) {
519 gensec_security
->remote_addr
= tsocket_address_copy(remote
, gensec_security
);
520 if (gensec_security
->remote_addr
== NULL
) {
521 return NT_STATUS_NO_MEMORY
;
528 * @brief Get the local address from a gensec security context.
530 * @param gensec_security The security context to get the address from.
532 * @return The address as tsocket_address which could be NULL if
535 _PUBLIC_
const struct tsocket_address
*gensec_get_local_address(struct gensec_security
*gensec_security
)
537 if (gensec_security
== NULL
) {
540 return gensec_security
->local_addr
;
544 * @brief Get the remote address from a gensec security context.
546 * @param gensec_security The security context to get the address from.
548 * @return The address as tsocket_address which could be NULL if
551 _PUBLIC_
const struct tsocket_address
*gensec_get_remote_address(struct gensec_security
*gensec_security
)
553 if (gensec_security
== NULL
) {
556 return gensec_security
->remote_addr
;
560 * Set the target principal (assuming it it known, say from the SPNEGO reply)
561 * - ensures it is talloc()ed
565 _PUBLIC_ NTSTATUS
gensec_set_target_principal(struct gensec_security
*gensec_security
, const char *principal
)
567 gensec_security
->target
.principal
= talloc_strdup(gensec_security
, principal
);
568 if (!gensec_security
->target
.principal
) {
569 return NT_STATUS_NO_MEMORY
;
574 _PUBLIC_
const char *gensec_get_target_principal(struct gensec_security
*gensec_security
)
576 if (gensec_security
->target
.principal
) {
577 return gensec_security
->target
.principal
;