2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
30 do a non-athenticated dcerpc bind
33 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
34 struct dcerpc_pipe *p,
35 const struct dcerpc_interface_table *table)
37 struct dcerpc_syntax_id syntax;
38 struct dcerpc_syntax_id transfer_syntax;
40 struct composite_context *c;
42 c = talloc_zero(mem_ctx, struct composite_context);
43 if (c == NULL) return NULL;
45 c->status = dcerpc_init_syntaxes(table,
46 &syntax, &transfer_syntax);
47 if (!NT_STATUS_IS_OK(c->status)) {
48 DEBUG(2,("Invalid uuid string in "
49 "dcerpc_bind_auth_none_send\n"));
50 composite_error(c, c->status);
54 /* c was only allocated as a container for a possible error */
57 return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
60 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
62 return dcerpc_bind_recv(ctx);
65 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
66 const struct dcerpc_interface_table *table)
68 struct composite_context *ctx;
69 ctx = dcerpc_bind_auth_none_send(p, p, table);
70 return dcerpc_bind_auth_none_recv(ctx);
73 struct bind_auth_state {
74 struct dcerpc_pipe *pipe;
75 DATA_BLOB credentials;
76 BOOL more_processing; /* Is there anything more to do after the
77 * first bind itself received? */
80 static void bind_auth_recv_alter(struct composite_context *creq);
82 static void bind_auth_next_step(struct composite_context *c)
84 struct bind_auth_state *state =
85 talloc_get_type(c->private_data, struct bind_auth_state);
86 struct dcerpc_security *sec = &state->pipe->conn->security_state;
87 struct composite_context *creq;
88 BOOL more_processing = False;
90 /* The status value here, from GENSEC is vital to the security
91 * of the system. Even if the other end accepts, if GENSEC
92 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
93 * feeding it blobs, or else the remote host/attacker might
94 * avoid mutal authentication requirements.
96 * Likewise, you must not feed GENSEC too much (after the OK),
97 * it doesn't like that either
100 c->status = gensec_update(sec->generic_state, state,
101 sec->auth_info->credentials,
102 &state->credentials);
104 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
105 more_processing = True;
106 c->status = NT_STATUS_OK;
109 if (!composite_is_ok(c)) return;
111 if (state->credentials.length == 0) {
116 sec->auth_info->credentials = state->credentials;
118 if (!more_processing) {
119 /* NO reply expected, so just send it */
120 c->status = dcerpc_auth3(state->pipe->conn, state);
121 if (!composite_is_ok(c)) return;
126 /* We are demanding a reply, so use a request that will get us one */
128 creq = dcerpc_alter_context_send(state->pipe, state,
129 &state->pipe->syntax,
130 &state->pipe->transfer_syntax);
131 composite_continue(c, creq, bind_auth_recv_alter, c);
134 static void bind_auth_recv_alter(struct composite_context *creq)
136 struct composite_context *c =
137 talloc_get_type(creq->async.private_data,
138 struct composite_context);
140 c->status = dcerpc_alter_context_recv(creq);
141 if (!composite_is_ok(c)) return;
143 bind_auth_next_step(c);
146 static void bind_auth_recv_bindreply(struct composite_context *creq)
148 struct composite_context *c =
149 talloc_get_type(creq->async.private_data,
150 struct composite_context);
151 struct bind_auth_state *state =
152 talloc_get_type(c->private_data, struct bind_auth_state);
154 c->status = dcerpc_bind_recv(creq);
155 if (!composite_is_ok(c)) return;
157 if (!state->more_processing) {
158 /* The first gensec_update has not requested a second run, so
159 * we're done here. */
164 bind_auth_next_step(c);
167 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
168 struct dcerpc_pipe *p,
169 const struct dcerpc_interface_table *table,
170 struct cli_credentials *credentials,
174 struct composite_context *c, *creq;
175 struct bind_auth_state *state;
176 struct dcerpc_security *sec;
178 struct dcerpc_syntax_id syntax, transfer_syntax;
180 c = talloc_zero(mem_ctx, struct composite_context);
181 if (c == NULL) return NULL;
183 state = talloc(c, struct bind_auth_state);
185 c->status = NT_STATUS_NO_MEMORY;
189 c->state = COMPOSITE_STATE_IN_PROGRESS;
190 c->private_data = state;
191 c->event_ctx = p->conn->event_ctx;
195 c->status = dcerpc_init_syntaxes(table,
198 if (!NT_STATUS_IS_OK(c->status)) goto failed;
200 sec = &p->conn->security_state;
202 c->status = gensec_client_start(p, &sec->generic_state,
204 if (!NT_STATUS_IS_OK(c->status)) {
205 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
206 nt_errstr(c->status)));
210 c->status = gensec_set_credentials(sec->generic_state, credentials);
211 if (!NT_STATUS_IS_OK(c->status)) {
212 DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
213 nt_errstr(c->status)));
217 c->status = gensec_set_target_hostname(
218 sec->generic_state, p->conn->transport.peer_name(p->conn));
219 if (!NT_STATUS_IS_OK(c->status)) {
220 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
221 nt_errstr(c->status)));
225 if (service != NULL) {
226 c->status = gensec_set_target_service(sec->generic_state,
228 if (!NT_STATUS_IS_OK(c->status)) {
229 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
230 nt_errstr(c->status)));
235 c->status = gensec_start_mech_by_authtype(sec->generic_state,
237 dcerpc_auth_level(p->conn));
238 if (!NT_STATUS_IS_OK(c->status)) {
239 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
240 gensec_get_name_by_authtype(auth_type),
241 nt_errstr(c->status)));
245 sec->auth_info = talloc(p, struct dcerpc_auth);
246 if (sec->auth_info == NULL) {
247 c->status = NT_STATUS_NO_MEMORY;
251 sec->auth_info->auth_type = auth_type;
252 sec->auth_info->auth_level = dcerpc_auth_level(p->conn);
253 sec->auth_info->auth_pad_length = 0;
254 sec->auth_info->auth_reserved = 0;
255 sec->auth_info->auth_context_id = random();
256 sec->auth_info->credentials = data_blob(NULL, 0);
258 /* The status value here, from GENSEC is vital to the security
259 * of the system. Even if the other end accepts, if GENSEC
260 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
261 * feeding it blobs, or else the remote host/attacker might
262 * avoid mutal authentication requirements.
264 * Likewise, you must not feed GENSEC too much (after the OK),
265 * it doesn't like that either
268 c->status = gensec_update(sec->generic_state, state,
269 sec->auth_info->credentials,
270 &state->credentials);
271 if (!NT_STATUS_IS_OK(c->status) &&
272 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
276 state->more_processing =
277 NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED);
279 if (state->credentials.length == 0) {
284 sec->auth_info->credentials = state->credentials;
286 /* The first request always is a dcerpc_bind. The subsequent ones
287 * depend on gensec results */
288 creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
290 c->status = NT_STATUS_NO_MEMORY;
294 creq->async.fn = bind_auth_recv_bindreply;
295 creq->async.private_data = c;
299 composite_error(c, c->status);
303 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
305 NTSTATUS result = composite_wait(creq);
306 struct bind_auth_state *state = talloc_get_type(creq->private_data, struct bind_auth_state);
308 if (NT_STATUS_IS_OK(result)) {
310 after a successful authenticated bind the session
311 key reverts to the generic session key
313 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
321 setup GENSEC on a DCE-RPC pipe
323 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
324 const struct dcerpc_interface_table *table,
325 struct cli_credentials *credentials,
329 struct composite_context *creq;
330 creq = dcerpc_bind_auth_send(p, p, table, credentials,
332 return dcerpc_bind_auth_recv(creq);