source/librpc/rpc/dcerpc_auth.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    dcerpc authentication operations
   5
   6    Copyright (C) Andrew Tridgell 2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24
  25 /*
  26   do a simple ntlm style authentication on a dcerpc pipe
  27 */
  28 NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
  29                                const char *uuid, unsigned version,
  30                                const char *domain,
  31                                const char *username,
  32                                const char *password)
  33 {
  34         NTSTATUS status;
  35         struct ntlmssp_state *state;
  36         TALLOC_CTX *mem_ctx;
  37         DATA_BLOB credentials;
  38
  39         mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
  40         if (!mem_ctx) {
  41                 return NT_STATUS_NO_MEMORY;
  42         }
  43
  44         status = ntlmssp_client_start(&state);
  45         if (!NT_STATUS_IS_OK(status)) {
  46                 return status;
  47         }
  48
  49         status = ntlmssp_set_domain(state, domain);
  50         if (!NT_STATUS_IS_OK(status)) {
  51                 goto done;
  52         }
  53
  54         status = ntlmssp_set_username(state, username);
  55         if (!NT_STATUS_IS_OK(status)) {
  56                 goto done;
  57         }
  58
  59         status = ntlmssp_set_password(state, password);
  60         if (!NT_STATUS_IS_OK(status)) {
  61                 goto done;
  62         }
  63
  64         p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
  65         if (!p->auth_info) {
  66                 status = NT_STATUS_NO_MEMORY;
  67                 goto done;
  68         }
  69
  70         p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
  71
  72         if (p->flags & DCERPC_SEAL) {
  73                 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
  74                 state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
  75         } else if (p->flags & DCERPC_SIGN) {
  76                 state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
  77                 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
  78         } else {
  79                 state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
  80                 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
  81         }
  82         p->auth_info->auth_pad_length = 0;
  83         p->auth_info->auth_reserved = 0;
  84         p->auth_info->auth_context_id = random();
  85         p->auth_info->credentials = data_blob(NULL, 0);
  86         p->ntlmssp_state = NULL;
  87
  88         status = ntlmssp_update(state,
  89                                 p->auth_info->credentials,
  90                                 &credentials);
  91         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
  92                 goto done;
  93         }
  94
  95         p->auth_info->credentials = data_blob_talloc(mem_ctx,
  96                                                      credentials.data,
  97                                                      credentials.length);
  98         data_blob_free(&credentials);
  99
 100         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 101         if (!NT_STATUS_IS_OK(status)) {
 102                 goto done;
 103         }
 104
 105
 106         status = ntlmssp_update(state,
 107                                 p->auth_info->credentials,
 108                                 &credentials);
 109         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 110                 goto done;
 111         }
 112
 113         p->auth_info->credentials = data_blob_talloc(mem_ctx,
 114                                                      credentials.data,
 115                                                      credentials.length);
 116         data_blob_free(&credentials);
 117
 118         status = dcerpc_auth3(p, mem_ctx);
 119
 120         if (!NT_STATUS_IS_OK(status)) {
 121                 goto done;
 122         }
 123
 124         p->ntlmssp_state = state;
 125
 126         switch (p->auth_info->auth_level) {
 127         case DCERPC_AUTH_LEVEL_PRIVACY:
 128         case DCERPC_AUTH_LEVEL_INTEGRITY:
 129                 /* setup for signing */
 130                 status = ntlmssp_sign_init(state);
 131                 break;
 132         }
 133
 134 done:
 135         talloc_destroy(mem_ctx);
 136
 137         if (!NT_STATUS_IS_OK(status)) {
 138                 p->ntlmssp_state = NULL;
 139                 p->auth_info = NULL;
 140         }
 141
 142         return status;
 143 }
 144
 145
 146 /*
 147   do a non-athenticated dcerpc bind
 148 */
 149 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
 150                                const char *uuid, unsigned version)
 151 {
 152         TALLOC_CTX *mem_ctx;
 153         NTSTATUS status;
 154
 155         mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
 156         if (!mem_ctx) {
 157                 return NT_STATUS_NO_MEMORY;
 158         }
 159
 160         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 161         talloc_destroy(mem_ctx);
 162
 163         return status;
 164 }