source/librpc/rpc/dcerpc_auth.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Generic Authentication Interface
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   8
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 2 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program; if not, write to the Free Software
  22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  23 */
  24
  25 #include "includes.h"
  26
  27 /*
  28   do a non-athenticated dcerpc bind
  29 */
  30 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
  31                                const char *uuid, uint_t version)
  32 {
  33         TALLOC_CTX *mem_ctx;
  34         NTSTATUS status;
  35
  36         mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
  37         if (!mem_ctx) {
  38                 return NT_STATUS_NO_MEMORY;
  39         }
  40
  41         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
  42         talloc_destroy(mem_ctx);
  43
  44         return status;
  45 }
  46
  47 NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
  48                           const char *uuid, uint_t version)
  49 {
  50         NTSTATUS status;
  51         TALLOC_CTX *mem_ctx;
  52         DATA_BLOB credentials;
  53         DATA_BLOB null_data_blob = data_blob(NULL, 0);
  54
  55         mem_ctx = talloc_init("dcerpc_bind_auth");
  56         if (!mem_ctx) {
  57                 return NT_STATUS_NO_MEMORY;
  58         }
  59
  60         if (!p->security_state.generic_state) {
  61                 status = gensec_client_start(p, &p->security_state.generic_state);
  62                 if (!NT_STATUS_IS_OK(status)) {
  63                         return status;
  64                 }
  65
  66                 status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type, auth_level);
  67
  68                 if (!NT_STATUS_IS_OK(status)) {
  69                         return status;
  70                 }
  71         }
  72
  73         p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
  74         if (!p->security_state.auth_info) {
  75                 status = NT_STATUS_NO_MEMORY;
  76                 goto done;
  77         }
  78
  79         p->security_state.auth_info->auth_type = auth_type;
  80         p->security_state.auth_info->auth_level = auth_level;
  81         p->security_state.auth_info->auth_pad_length = 0;
  82         p->security_state.auth_info->auth_reserved = 0;
  83         p->security_state.auth_info->auth_context_id = random();
  84         p->security_state.auth_info->credentials = null_data_blob;
  85
  86         status = gensec_update(p->security_state.generic_state, mem_ctx,
  87                                null_data_blob,
  88                                &credentials);
  89
  90         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
  91                 goto done;
  92         }
  93
  94         p->security_state.auth_info->credentials = credentials;
  95
  96         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
  97         if (!NT_STATUS_IS_OK(status)) {
  98                 goto done;
  99         }
 100
 101         status = gensec_update(p->security_state.generic_state, mem_ctx,
 102                                p->security_state.auth_info->credentials,
 103                                &credentials);
 104
 105         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 106                 goto done;
 107         }
 108
 109         p->security_state.auth_info->credentials = credentials;
 110
 111         status = dcerpc_auth3(p, mem_ctx);
 112 done:
 113         talloc_destroy(mem_ctx);
 114
 115         if (!NT_STATUS_IS_OK(status)) {
 116                 talloc_free(p->security_state.generic_state);
 117                 ZERO_STRUCT(p->security_state);
 118         } else {
 119                 /* Authenticated connections use the generic session key */
 120                 p->security_state.session_key = dcerpc_generic_session_key;
 121         }
 122
 123         return status;
 124 }
 125
 126 NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
 127                           const char *uuid, uint_t version)
 128 {
 129         NTSTATUS status;
 130         TALLOC_CTX *mem_ctx;
 131         DATA_BLOB credentials;
 132         DATA_BLOB null_data_blob = data_blob(NULL, 0);
 133
 134         mem_ctx = talloc_init("dcerpc_bind_auth");
 135         if (!mem_ctx) {
 136                 return NT_STATUS_NO_MEMORY;
 137         }
 138
 139         if (!p->security_state.generic_state) {
 140                 status = gensec_client_start(p, &p->security_state.generic_state);
 141                 if (!NT_STATUS_IS_OK(status)) {
 142                         return status;
 143                 }
 144
 145                 status = gensec_start_mech_by_authtype(p->security_state.generic_state,
 146                                                        auth_type, auth_level);
 147
 148                 if (!NT_STATUS_IS_OK(status)) {
 149                         return status;
 150                 }
 151         }
 152
 153         p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
 154         if (!p->security_state.auth_info) {
 155                 status = NT_STATUS_NO_MEMORY;
 156                 goto done;
 157         }
 158
 159         p->security_state.auth_info->auth_type = auth_type;
 160         p->security_state.auth_info->auth_level = auth_level;
 161         p->security_state.auth_info->auth_pad_length = 0;
 162         p->security_state.auth_info->auth_reserved = 0;
 163         p->security_state.auth_info->auth_context_id = random();
 164         p->security_state.auth_info->credentials = null_data_blob;
 165
 166         status = gensec_update(p->security_state.generic_state, mem_ctx,
 167                                null_data_blob,
 168                                &credentials);
 169
 170         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 171                 goto done;
 172         }
 173
 174         p->security_state.auth_info->credentials = credentials;
 175
 176         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 177         if (!NT_STATUS_IS_OK(status)) {
 178                 goto done;
 179         }
 180
 181         while(1) {
 182                 status = gensec_update(p->security_state.generic_state, mem_ctx,
 183                                p->security_state.auth_info->credentials,
 184                                &credentials);
 185
 186                 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 187                         goto done;
 188                 }
 189
 190                 p->security_state.auth_info->credentials = credentials;
 191
 192                 status = dcerpc_alter(p, mem_ctx);
 193                 if (!NT_STATUS_IS_OK(status)) {
 194                         goto done;
 195                 }
 196         }
 197
 198 done:
 199         talloc_destroy(mem_ctx);
 200
 201         if (!NT_STATUS_IS_OK(status)) {
 202                 ZERO_STRUCT(p->security_state);
 203         } else {
 204                 /* Authenticated connections use the generic session key */
 205                 p->security_state.session_key = dcerpc_generic_session_key;
 206         }
 207
 208         return status;
 209 }