This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "librpc/rpc/dcerpc.h"
/*
- do a non-athenticated dcerpc bind
+ return the rpc syntax and transfer syntax given the pipe uuid and version
*/
+static NTSTATUS dcerpc_init_syntaxes(const struct dcerpc_interface_table *table,
+ struct dcerpc_syntax_id *syntax,
+ struct dcerpc_syntax_id *transfer_syntax)
+{
+ syntax->uuid = table->syntax_id.uuid;
+ syntax->if_version = table->syntax_id.if_version;
+
+ *transfer_syntax = ndr_transfer_syntax;
+
+ return NT_STATUS_OK;
+}
+
+/*
+ Send request to do a non-authenticated dcerpc bind
+*/
struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p,
- const struct dcerpc_interface_table *table)
+ const struct dcerpc_interface_table *table)
{
struct dcerpc_syntax_id syntax;
struct dcerpc_syntax_id transfer_syntax;
struct composite_context *c;
- c = talloc_zero(mem_ctx, struct composite_context);
+ c = composite_create(mem_ctx, p->conn->event_ctx);
if (c == NULL) return NULL;
c->status = dcerpc_init_syntaxes(table,
return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
}
+
+/*
+ Receive result of a non-authenticated dcerpc bind
+*/
NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
{
return dcerpc_bind_recv(ctx);
}
+
+/*
+ Perform sync non-authenticated dcerpc bind
+*/
NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table)
{
struct composite_context *ctx;
+
ctx = dcerpc_bind_auth_none_send(p, p, table);
return dcerpc_bind_auth_none_recv(ctx);
}
+
struct bind_auth_state {
struct dcerpc_pipe *pipe;
DATA_BLOB credentials;
static void bind_auth_next_step(struct composite_context *c)
{
- struct bind_auth_state *state =
- talloc_get_type(c->private_data, struct bind_auth_state);
- struct dcerpc_security *sec = &state->pipe->conn->security_state;
+ struct bind_auth_state *state;
+ struct dcerpc_security *sec;
struct composite_context *creq;
BOOL more_processing = False;
+ state = talloc_get_type(c->private_data, struct bind_auth_state);
+ sec = &state->pipe->conn->security_state;
+
/* The status value here, from GENSEC is vital to the security
* of the system. Even if the other end accepts, if GENSEC
* claims 'MORE_PROCESSING_REQUIRED' then you must keep
/* NO reply expected, so just send it */
c->status = dcerpc_auth3(state->pipe->conn, state);
if (!composite_is_ok(c)) return;
+
composite_done(c);
return;
}
creq = dcerpc_alter_context_send(state->pipe, state,
&state->pipe->syntax,
&state->pipe->transfer_syntax);
+ if (composite_nomem(creq, c)) return;
+
composite_continue(c, creq, bind_auth_recv_alter, c);
}
+
static void bind_auth_recv_alter(struct composite_context *creq)
{
- struct composite_context *c =
- talloc_get_type(creq->async.private_data,
- struct composite_context);
+ struct composite_context *c = talloc_get_type(creq->async.private_data,
+ struct composite_context);
c->status = dcerpc_alter_context_recv(creq);
if (!composite_is_ok(c)) return;
bind_auth_next_step(c);
}
+
static void bind_auth_recv_bindreply(struct composite_context *creq)
{
- struct composite_context *c =
- talloc_get_type(creq->async.private_data,
- struct composite_context);
- struct bind_auth_state *state =
- talloc_get_type(c->private_data, struct bind_auth_state);
+ struct composite_context *c = talloc_get_type(creq->async.private_data,
+ struct composite_context);
+ struct bind_auth_state *state = talloc_get_type(c->private_data,
+ struct bind_auth_state);
c->status = dcerpc_bind_recv(creq);
if (!composite_is_ok(c)) return;
bind_auth_next_step(c);
}
+
/**
- Bind to a DCE/RPC pipe, async
+ Bind to a DCE/RPC pipe, send async request
@param mem_ctx TALLOC_CTX for the allocation of the composite_context
@param p The dcerpc_pipe to bind (must already be connected)
@param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
struct dcerpc_syntax_id syntax, transfer_syntax;
- c = talloc_zero(mem_ctx, struct composite_context);
+ /* composite context allocation and setup */
+ c = composite_create(mem_ctx, p->conn->event_ctx);
if (c == NULL) return NULL;
state = talloc(c, struct bind_auth_state);
- if (state == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
- c->state = COMPOSITE_STATE_IN_PROGRESS;
+ if (composite_nomem(state, c)) return c;
c->private_data = state;
- c->event_ctx = p->conn->event_ctx;
state->pipe = p;
c->status = dcerpc_init_syntaxes(table,
&syntax,
&transfer_syntax);
- if (!NT_STATUS_IS_OK(c->status)) goto failed;
+ if (!composite_is_ok(c)) return c;
sec = &p->conn->security_state;
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
nt_errstr(c->status)));
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
c->status = gensec_set_credentials(sec->generic_state, credentials);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
nt_errstr(c->status)));
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
- c->status = gensec_set_target_hostname(
- sec->generic_state, p->conn->transport.target_hostname(p->conn));
+ c->status = gensec_set_target_hostname(sec->generic_state,
+ p->conn->transport.target_hostname(p->conn));
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
nt_errstr(c->status)));
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
if (service != NULL) {
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to set GENSEC target service: %s\n",
nt_errstr(c->status)));
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
}
DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
gensec_get_name_by_authtype(auth_type),
nt_errstr(c->status)));
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
sec->auth_info = talloc(p, struct dcerpc_auth);
- if (sec->auth_info == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
+ if (composite_nomem(sec->auth_info, c)) return c;
sec->auth_info->auth_type = auth_type;
sec->auth_info->auth_level = auth_level,
&state->credentials);
if (!NT_STATUS_IS_OK(c->status) &&
!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto failed;
+ composite_error(c, c->status);
+ return c;
}
- state->more_processing =
- NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED);
+ state->more_processing = NT_STATUS_EQUAL(c->status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED);
if (state->credentials.length == 0) {
composite_done(c);
/* The first request always is a dcerpc_bind. The subsequent ones
* depend on gensec results */
creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
- if (creq == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
+ if (composite_nomem(creq, c)) return c;
- creq->async.fn = bind_auth_recv_bindreply;
- creq->async.private_data = c;
- return c;
-
- failed:
- composite_error(c, c->status);
+ composite_continue(c, creq, bind_auth_recv_bindreply, c);
return c;
}
+
+/**
+ Bind to a DCE/RPC pipe, receive result
+ @param creq A composite context describing state of async call
+ @retval NTSTATUS code
+*/
+
NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
{
NTSTATUS result = composite_wait(creq);
- struct bind_auth_state *state = talloc_get_type(creq->private_data, struct bind_auth_state);
+ struct bind_auth_state *state = talloc_get_type(creq->private_data,
+ struct bind_auth_state);
if (NT_STATUS_IS_OK(result)) {
/*
return result;
}
+
/**
Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
@param p The dcerpc_pipe to bind (must already be connected)
@param service The service (used by Kerberos to select the service principal to contact)
@retval NTSTATUS status code
*/
+
NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials,