af138ffe2c49245c28f65062cb515a35b89434e9
[samba.git] / source4 / librpc / rpc / dcerpc_auth.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Generic Authentication Interface
5
6    Copyright (C) Andrew Tridgell 2003
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
8
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 2 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program; if not, write to the Free Software
22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 /*
28   do a non-athenticated dcerpc bind
29 */
30 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
31                                const char *uuid, uint_t version)
32 {
33         TALLOC_CTX *mem_ctx;
34         NTSTATUS status;
35
36         mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
37         if (!mem_ctx) {
38                 return NT_STATUS_NO_MEMORY;
39         }
40
41         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
42         talloc_destroy(mem_ctx);
43
44         return status;
45 }
46
47 NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
48                           const char *uuid, uint_t version)
49 {
50         NTSTATUS status;
51         TALLOC_CTX *mem_ctx;
52         DATA_BLOB credentials;
53         DATA_BLOB null_data_blob = data_blob(NULL, 0);
54
55         mem_ctx = talloc_init("dcerpc_bind_auth");
56         if (!mem_ctx) {
57                 return NT_STATUS_NO_MEMORY;
58         }
59         
60         if (!p->security_state.generic_state) {
61                 status = gensec_client_start(p, &p->security_state.generic_state);
62                 if (!NT_STATUS_IS_OK(status)) {
63                         return status;
64                 }
65
66                 status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type, auth_level);
67
68                 if (!NT_STATUS_IS_OK(status)) {
69                         return status;
70                 }
71         }
72
73         p->security_state.auth_info = talloc(p, sizeof(*p->security_state.auth_info));
74         if (!p->security_state.auth_info) {
75                 status = NT_STATUS_NO_MEMORY;
76                 goto done;
77         }
78
79         p->security_state.auth_info->auth_type = auth_type;
80         p->security_state.auth_info->auth_level = auth_level;
81         p->security_state.auth_info->auth_pad_length = 0;
82         p->security_state.auth_info->auth_reserved = 0;
83         p->security_state.auth_info->auth_context_id = random();
84         p->security_state.auth_info->credentials = null_data_blob;
85
86         status = gensec_update(p->security_state.generic_state, mem_ctx,
87                                null_data_blob,
88                                &credentials);
89         
90         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
91                 goto done;
92         }
93
94         p->security_state.auth_info->credentials = credentials;
95
96         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
97         if (!NT_STATUS_IS_OK(status)) {
98                 goto done;
99         }
100
101         status = gensec_update(p->security_state.generic_state, mem_ctx,
102                                p->security_state.auth_info->credentials,
103                                &credentials);
104
105         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
106                 goto done;
107         }
108
109         p->security_state.auth_info->credentials = credentials;
110         
111         status = dcerpc_auth3(p, mem_ctx);
112 done:
113         talloc_destroy(mem_ctx);
114
115         if (!NT_STATUS_IS_OK(status)) {
116                 ZERO_STRUCT(p->security_state);
117         } else {
118                 /* Authenticated connections use the generic session key */
119                 p->security_state.session_key = dcerpc_generic_session_key;
120         }
121
122         return status;
123 }
124
125 NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
126                           const char *uuid, uint_t version)
127 {
128         NTSTATUS status;
129         TALLOC_CTX *mem_ctx;
130         DATA_BLOB credentials;
131         DATA_BLOB null_data_blob = data_blob(NULL, 0);
132
133         mem_ctx = talloc_init("dcerpc_bind_auth");
134         if (!mem_ctx) {
135                 return NT_STATUS_NO_MEMORY;
136         }
137         
138         if (!p->security_state.generic_state) {
139                 status = gensec_client_start(p, &p->security_state.generic_state);
140                 if (!NT_STATUS_IS_OK(status)) {
141                         return status;
142                 }
143
144                 status = gensec_start_mech_by_authtype(p->security_state.generic_state, 
145                                                        auth_type, auth_level);
146
147                 if (!NT_STATUS_IS_OK(status)) {
148                         return status;
149                 }
150         }
151
152         p->security_state.auth_info = talloc(p, sizeof(*p->security_state.auth_info));
153         if (!p->security_state.auth_info) {
154                 status = NT_STATUS_NO_MEMORY;
155                 goto done;
156         }
157
158         p->security_state.auth_info->auth_type = auth_type;
159         p->security_state.auth_info->auth_level = auth_level;
160         p->security_state.auth_info->auth_pad_length = 0;
161         p->security_state.auth_info->auth_reserved = 0;
162         p->security_state.auth_info->auth_context_id = random();
163         p->security_state.auth_info->credentials = null_data_blob;
164
165         status = gensec_update(p->security_state.generic_state, mem_ctx,
166                                null_data_blob,
167                                &credentials);
168         
169         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
170                 goto done;
171         }
172
173         p->security_state.auth_info->credentials = credentials;
174
175         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
176         if (!NT_STATUS_IS_OK(status)) {
177                 goto done;
178         }
179
180         while(1) {
181                 status = gensec_update(p->security_state.generic_state, mem_ctx,
182                                p->security_state.auth_info->credentials,
183                                &credentials);
184
185                 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
186                         goto done;
187                 }
188
189                 p->security_state.auth_info->credentials = credentials;
190
191                 status = dcerpc_alter(p, mem_ctx);
192                 if (!NT_STATUS_IS_OK(status)) {
193                         goto done;
194                 }
195         }
196
197 done:
198         talloc_destroy(mem_ctx);
199
200         if (!NT_STATUS_IS_OK(status)) {
201                 ZERO_STRUCT(p->security_state);
202         } else {
203                 /* Authenticated connections use the generic session key */
204                 p->security_state.session_key = dcerpc_generic_session_key;
205         }
206
207         return status;
208 }