source4/librpc/rpc/dcerpc_auth.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Generic Authentication Interface
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   8
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 2 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program; if not, write to the Free Software
  22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  23 */
  24
  25 #include "includes.h"
  26
  27 /*
  28   do a non-athenticated dcerpc bind
  29 */
  30 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
  31                                const char *uuid, uint_t version)
  32 {
  33         TALLOC_CTX *mem_ctx;
  34         NTSTATUS status;
  35
  36         mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
  37         if (!mem_ctx) {
  38                 return NT_STATUS_NO_MEMORY;
  39         }
  40
  41         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
  42         talloc_destroy(mem_ctx);
  43
  44         return status;
  45 }
  46
  47 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type,
  48                           const char *uuid, uint_t version)
  49 {
  50         NTSTATUS status;
  51         TALLOC_CTX *mem_ctx;
  52         DATA_BLOB credentials;
  53
  54         mem_ctx = talloc_init("dcerpc_bind_auth");
  55         if (!mem_ctx) {
  56                 return NT_STATUS_NO_MEMORY;
  57         }
  58
  59         if (!p->security_state.generic_state.ops) {
  60
  61                 p->security_state.generic_state.ops = gensec_security_by_authtype(auth_type);
  62                 if (!p->security_state.generic_state.ops) {
  63                         status = NT_STATUS_INVALID_PARAMETER;
  64                         goto done;
  65                 }
  66
  67                 status = p->security_state.generic_state.ops->client_start(&p->security_state.generic_state);
  68                 if (!NT_STATUS_IS_OK(status)) {
  69                         return status;
  70                 }
  71         }
  72
  73         p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
  74         if (!p->security_state.auth_info) {
  75                 status = NT_STATUS_NO_MEMORY;
  76                 goto done;
  77         }
  78
  79         p->security_state.auth_info->auth_type = auth_type;
  80         p->security_state.auth_info->auth_pad_length = 0;
  81         p->security_state.auth_info->auth_reserved = 0;
  82         p->security_state.auth_info->auth_context_id = random();
  83         p->security_state.auth_info->credentials = data_blob(NULL, 0);
  84
  85         if (p->flags & DCERPC_SEAL) {
  86                 p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
  87         } else if (p->flags & DCERPC_SIGN) {
  88                 p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
  89         } else {
  90                 p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
  91         }
  92
  93         status = p->security_state.generic_state.ops->update(&p->security_state.generic_state, mem_ctx,
  94                                                              p->security_state.auth_info->credentials,
  95                                                              &credentials);
  96
  97         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
  98                 goto done;
  99         }
 100
 101         p->security_state.auth_info->credentials = credentials;
 102
 103         status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 104         if (!NT_STATUS_IS_OK(status)) {
 105                 goto done;
 106         }
 107
 108         status = p->security_state.generic_state.ops->update(&p->security_state.generic_state, mem_ctx,
 109                                                              p->security_state.auth_info->credentials,
 110                                                              &credentials);
 111
 112         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 113                 goto done;
 114         }
 115
 116         p->security_state.auth_info->credentials = credentials;
 117
 118         status = dcerpc_auth3(p, mem_ctx);
 119 done:
 120         talloc_destroy(mem_ctx);
 121
 122         if (!NT_STATUS_IS_OK(status)) {
 123                 ZERO_STRUCT(p->security_state);
 124         }
 125
 126         return status;
 127 }
 128
 129