source4/auth/gensec/socket.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    GENSEC socket interface
   5
   6    Copyright (C) Andrew Bartlett 2006
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "lib/events/events.h"
  24 #include "lib/socket/socket.h"
  25 #include "lib/stream/packet.h"
  26 #include "auth/gensec/gensec.h"
  27 #include "auth/gensec/gensec_proto.h"
  28
  29 static const struct socket_ops gensec_socket_ops;
  30
  31 struct gensec_socket {
  32         struct gensec_security *gensec_security;
  33         struct socket_context *socket;
  34         struct event_context *ev;
  35         struct packet_context *packet;
  36         DATA_BLOB read_buffer;  /* SASL packets are turned into liniarlised data here, for reading */
  37         size_t orig_send_len;
  38         bool eof;
  39         NTSTATUS error;
  40         bool interrupted;
  41         void (*recv_handler)(void *, uint16_t);
  42         void *recv_private;
  43         int in_extra_read;
  44         bool wrap; /* Should we be wrapping on this socket at all? */
  45 };
  46
  47 static NTSTATUS gensec_socket_init_fn(struct socket_context *sock)
  48 {
  49         switch (sock->type) {
  50         case SOCKET_TYPE_STREAM:
  51                 break;
  52         default:
  53                 return NT_STATUS_INVALID_PARAMETER;
  54         }
  55
  56         sock->backend_name = "gensec";
  57
  58         return NT_STATUS_OK;
  59 }
  60
  61 /* These functions are for use here only (public because SPNEGO must
  62  * use them for recursion) */
  63 _PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
  64                              TALLOC_CTX *mem_ctx,
  65                              const DATA_BLOB *in,
  66                              DATA_BLOB *out,
  67                              size_t *len_processed)
  68 {
  69         if (!gensec_security->ops->wrap_packets) {
  70                 NTSTATUS nt_status;
  71                 size_t max_input_size;
  72                 DATA_BLOB unwrapped, wrapped;
  73                 max_input_size = gensec_max_input_size(gensec_security);
  74                 unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
  75
  76                 nt_status = gensec_wrap(gensec_security,
  77                                         mem_ctx,
  78                                         &unwrapped, &wrapped);
  79                 if (!NT_STATUS_IS_OK(nt_status)) {
  80                         talloc_free(mem_ctx);
  81                         return nt_status;
  82                 }
  83
  84                 *out = data_blob_talloc(mem_ctx, NULL, 4);
  85                 if (!out->data) {
  86                         return NT_STATUS_NO_MEMORY;
  87                 }
  88                 RSIVAL(out->data, 0, wrapped.length);
  89
  90                 if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
  91                         return NT_STATUS_NO_MEMORY;
  92                 }
  93                 *len_processed = unwrapped.length;
  94                 return NT_STATUS_OK;
  95         }
  96         return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
  97                                                   len_processed);
  98 }
  99
 100 /* These functions are for use here only (public because SPNEGO must
 101  * use them for recursion) */
 102 NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
 103                                         TALLOC_CTX *mem_ctx,
 104                                         const DATA_BLOB *in,
 105                                         DATA_BLOB *out,
 106                                         size_t *len_processed)
 107 {
 108         if (!gensec_security->ops->unwrap_packets) {
 109                 DATA_BLOB wrapped;
 110                 NTSTATUS nt_status;
 111                 size_t packet_size;
 112                 if (in->length < 4) {
 113                         /* Missing the header we already had! */
 114                         DEBUG(0, ("Asked to unwrap packet of bogus length!  How did we get the short packet?!\n"));
 115                         return NT_STATUS_INVALID_PARAMETER;
 116                 }
 117
 118                 packet_size = RIVAL(in->data, 0);
 119
 120                 wrapped = data_blob_const(in->data + 4, packet_size);
 121
 122                 if (wrapped.length > (in->length - 4)) {
 123                         DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d!  How did we get this?!\n",
 124                                   (int)wrapped.length, (int)(in->length - 4)));
 125                         return NT_STATUS_INTERNAL_ERROR;
 126                 }
 127
 128                 nt_status = gensec_unwrap(gensec_security,
 129                                           mem_ctx,
 130                                           &wrapped, out);
 131                 if (!NT_STATUS_IS_OK(nt_status)) {
 132                         return nt_status;
 133                 }
 134
 135                 *len_processed = packet_size + 4;
 136                 return nt_status;
 137         }
 138         return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out,
 139                                                     len_processed);
 140 }
 141
 142 /* These functions are for use here only (public because SPNEGO must
 143  * use them for recursion) */
 144 NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
 145                                     DATA_BLOB blob, size_t *size)
 146 {
 147         if (gensec_security->ops->packet_full_request) {
 148                 return gensec_security->ops->packet_full_request(gensec_security,
 149                                                                  blob, size);
 150         }
 151         if (gensec_security->ops->unwrap_packets) {
 152                 if (blob.length) {
 153                         *size = blob.length;
 154                         return NT_STATUS_OK;
 155                 }
 156                 return STATUS_MORE_ENTRIES;
 157         }
 158         return packet_full_request_u32(NULL, blob, size);
 159 }
 160
 161 static NTSTATUS gensec_socket_full_request(void *private, DATA_BLOB blob, size_t *size)
 162 {
 163         struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
 164         struct gensec_security *gensec_security = gensec_socket->gensec_security;
 165         return gensec_packet_full_request(gensec_security, blob, size);
 166 }
 167
 168 /* Try to figure out how much data is waiting to be read */
 169 static NTSTATUS gensec_socket_pending(struct socket_context *sock, size_t *npending)
 170 {
 171         struct gensec_socket *gensec_socket = talloc_get_type(sock->private_data, struct gensec_socket);
 172         if (!gensec_socket->wrap) {
 173                 return socket_pending(gensec_socket->socket, npending);
 174         }
 175
 176         if (gensec_socket->read_buffer.length > 0) {
 177                 *npending = gensec_socket->read_buffer.length;
 178                 return NT_STATUS_OK;
 179         }
 180
 181         /* This is a lie.  We hope the decrypted data will always be
 182          * less than this value, so the application just gets a short
 183          * read.  Without reading and decrypting it, we can't tell.
 184          * If the SASL mech does compression, then we just need to
 185          * manually trigger read events */
 186         return socket_pending(gensec_socket->socket, npending);
 187 }
 188
 189 /* Note if an error occours, so we can return it up the stack */
 190 static void gensec_socket_error_handler(void *private, NTSTATUS status)
 191 {
 192         struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
 193         if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
 194                 gensec_socket->eof = true;
 195         } else {
 196                 gensec_socket->error = status;
 197         }
 198 }
 199
 200 static void gensec_socket_trigger_read(struct event_context *ev,
 201                                        struct timed_event *te,
 202                                        struct timeval t, void *private)
 203 {
 204         struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
 205
 206         gensec_socket->in_extra_read++;
 207         gensec_socket->recv_handler(gensec_socket->recv_private, EVENT_FD_READ);
 208         gensec_socket->in_extra_read--;
 209
 210         /* It may well be that, having run the recv handler, we still
 211          * have even more data waiting for us!
 212          */
 213         if (gensec_socket->read_buffer.length && gensec_socket->recv_handler) {
 214                 /* Schedule this funcion to run again */
 215                 event_add_timed(gensec_socket->ev, gensec_socket, timeval_zero(),
 216                                 gensec_socket_trigger_read, gensec_socket);
 217         }
 218 }
 219
 220 /* These two routines could be changed to use a circular buffer of
 221  * some kind, or linked lists, or ... */
 222 static NTSTATUS gensec_socket_recv(struct socket_context *sock, void *buf,
 223                                    size_t wantlen, size_t *nread)
 224 {
 225         struct gensec_socket *gensec_socket = talloc_get_type(sock->private_data, struct gensec_socket);
 226
 227         if (!gensec_socket->wrap) {
 228                 return socket_recv(gensec_socket->socket, buf, wantlen, nread);
 229         }
 230
 231         gensec_socket->error = NT_STATUS_OK;
 232
 233         if (gensec_socket->read_buffer.length == 0) {
 234                 /* Process any data on the socket, into the read buffer. At
 235                  * this point, the socket is not available for read any
 236                  * longer */
 237                 packet_recv(gensec_socket->packet);
 238
 239                 if (gensec_socket->eof) {
 240                         *nread = 0;
 241                         return NT_STATUS_OK;
 242                 }
 243
 244                 if (!NT_STATUS_IS_OK(gensec_socket->error)) {
 245                         return gensec_socket->error;
 246                 }
 247
 248                 if (gensec_socket->read_buffer.length == 0) {
 249                         /* Clearly we don't have the entire SASL packet yet,
 250                          * so it has not been written into the buffer */
 251                         *nread = 0;
 252                         return STATUS_MORE_ENTRIES;
 253                 }
 254         }
 255
 256
 257         *nread = MIN(wantlen, gensec_socket->read_buffer.length);
 258         memcpy(buf, gensec_socket->read_buffer.data, *nread);
 259
 260         if (gensec_socket->read_buffer.length > *nread) {
 261                 memmove(gensec_socket->read_buffer.data,
 262                         gensec_socket->read_buffer.data + *nread,
 263                         gensec_socket->read_buffer.length - *nread);
 264         }
 265
 266         gensec_socket->read_buffer.length -= *nread;
 267         gensec_socket->read_buffer.data = talloc_realloc(gensec_socket,
 268                                                          gensec_socket->read_buffer.data,
 269                                                          uint8_t,
 270                                                          gensec_socket->read_buffer.length);
 271
 272         if (gensec_socket->read_buffer.length &&
 273             gensec_socket->in_extra_read == 0 &&
 274             gensec_socket->recv_handler) {
 275                 /* Manually call a read event, to get this moving
 276                  * again (as the socket should be dry, so the normal
 277                  * event handler won't trigger) */
 278                 event_add_timed(gensec_socket->ev, gensec_socket, timeval_zero(),
 279                                 gensec_socket_trigger_read, gensec_socket);
 280         }
 281
 282         return NT_STATUS_OK;
 283 }
 284
 285 /* Completed SASL packet callback.  When we have a 'whole' SASL
 286  * packet, decrypt it, and add it to the read buffer
 287  *
 288  * This function (and anything under it) MUST NOT call the event system
 289  */
 290 static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob)
 291 {
 292         struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
 293         DATA_BLOB unwrapped;
 294         NTSTATUS nt_status;
 295         TALLOC_CTX *mem_ctx;
 296         size_t packet_size;
 297
 298         mem_ctx = talloc_new(gensec_socket);
 299         if (!mem_ctx) {
 300                 return NT_STATUS_NO_MEMORY;
 301         }
 302         nt_status = gensec_unwrap_packets(gensec_socket->gensec_security,
 303                                           mem_ctx,
 304                                           &blob, &unwrapped,
 305                                           &packet_size);
 306         if (!NT_STATUS_IS_OK(nt_status)) {
 307                 talloc_free(mem_ctx);
 308                 return nt_status;
 309         }
 310
 311         if (packet_size != blob.length) {
 312                 DEBUG(0, ("gensec_socket_unwrap: Did not consume entire packet!\n"));
 313                 talloc_free(mem_ctx);
 314                 return NT_STATUS_INTERNAL_ERROR;
 315         }
 316
 317         /* We could change this into a linked list, and have
 318          * gensec_socket_recv() and gensec_socket_pending() walk the
 319          * linked list */
 320
 321         if (!data_blob_append(gensec_socket, &gensec_socket->read_buffer,
 322                                      unwrapped.data, unwrapped.length)) {
 323                 talloc_free(mem_ctx);
 324                 return NT_STATUS_NO_MEMORY;
 325         }
 326
 327         talloc_free(mem_ctx);
 328         return NT_STATUS_OK;
 329 }
 330
 331 /* when the data is sent, we know we have not been interrupted */
 332 static void send_callback(void *private)
 333 {
 334         struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
 335         gensec_socket->interrupted = false;
 336 }
 337
 338 /*
 339   send data, but only as much as we allow in one packet.
 340
 341   If this returns STATUS_MORE_ENTRIES, the caller must retry with
 342   exactly the same data, or a NULL blob.
 343 */
 344 static NTSTATUS gensec_socket_send(struct socket_context *sock,
 345                                    const DATA_BLOB *blob, size_t *sendlen)
 346 {
 347         NTSTATUS nt_status;
 348         struct gensec_socket *gensec_socket = talloc_get_type(sock->private_data, struct gensec_socket);
 349         DATA_BLOB wrapped;
 350         TALLOC_CTX *mem_ctx;
 351
 352         if (!gensec_socket->wrap) {
 353                 return socket_send(gensec_socket->socket, blob, sendlen);
 354         }
 355
 356         *sendlen = 0;
 357
 358         /* We have have been interupted, so the caller should be
 359          * giving us the same data again.  */
 360         if (gensec_socket->interrupted) {
 361                 packet_queue_run(gensec_socket->packet);
 362
 363                 if (!NT_STATUS_IS_OK(gensec_socket->error)) {
 364                         return gensec_socket->error;
 365                 } else if (gensec_socket->interrupted) {
 366                         return STATUS_MORE_ENTRIES;
 367                 } else {
 368                         *sendlen = gensec_socket->orig_send_len;
 369                         gensec_socket->orig_send_len = 0;
 370                         return NT_STATUS_OK;
 371                 }
 372         }
 373
 374         mem_ctx = talloc_new(gensec_socket);
 375         if (!mem_ctx) {
 376                 return NT_STATUS_NO_MEMORY;
 377         }
 378
 379         nt_status = gensec_wrap_packets(gensec_socket->gensec_security,
 380                                         mem_ctx,
 381                                         blob, &wrapped,
 382                                         &gensec_socket->orig_send_len);
 383         if (!NT_STATUS_IS_OK(nt_status)) {
 384                 talloc_free(mem_ctx);
 385                 return nt_status;
 386         }
 387
 388         gensec_socket->interrupted = true;
 389         gensec_socket->error = NT_STATUS_OK;
 390
 391         nt_status = packet_send_callback(gensec_socket->packet,
 392                                          wrapped,
 393                                          send_callback, gensec_socket);
 394
 395         talloc_free(mem_ctx);
 396
 397         packet_queue_run(gensec_socket->packet);
 398
 399         if (!NT_STATUS_IS_OK(gensec_socket->error)) {
 400                 return gensec_socket->error;
 401         } else if (gensec_socket->interrupted) {
 402                 return STATUS_MORE_ENTRIES;
 403         } else {
 404                 *sendlen = gensec_socket->orig_send_len;
 405                 gensec_socket->orig_send_len = 0;
 406                 return NT_STATUS_OK;
 407         }
 408 }
 409
 410 /* Turn a normal socket into a potentially GENSEC wrapped socket */
 411 /* CAREFUL: this function will steal 'current_socket' */
 412
 413 NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 414                             TALLOC_CTX *mem_ctx,
 415                             struct socket_context *current_socket,
 416                             struct event_context *ev,
 417                             void (*recv_handler)(void *, uint16_t),
 418                             void *recv_private,
 419                             struct socket_context **new_socket)
 420 {
 421         struct gensec_socket *gensec_socket;
 422         struct socket_context *new_sock;
 423         NTSTATUS nt_status;
 424
 425         nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock,
 426                                            SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT);
 427         if (!NT_STATUS_IS_OK(nt_status)) {
 428                 *new_socket = NULL;
 429                 return nt_status;
 430         }
 431
 432         new_sock->state = current_socket->state;
 433
 434         gensec_socket = talloc(new_sock, struct gensec_socket);
 435         if (gensec_socket == NULL) {
 436                 *new_socket = NULL;
 437                 talloc_free(new_sock);
 438                 return NT_STATUS_NO_MEMORY;
 439         }
 440
 441         new_sock->private_data       = gensec_socket;
 442         gensec_socket->socket        = current_socket;
 443
 444         /* Nothing to do here, if we are not actually wrapping on this socket */
 445         if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) &&
 446             !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 447
 448                 gensec_socket->wrap = false;
 449                 talloc_steal(gensec_socket, current_socket);
 450                 *new_socket = new_sock;
 451                 return NT_STATUS_OK;
 452         }
 453
 454         gensec_socket->gensec_security = gensec_security;
 455
 456         gensec_socket->wrap          = true;
 457         gensec_socket->eof           = false;
 458         gensec_socket->error         = NT_STATUS_OK;
 459         gensec_socket->interrupted   = false;
 460         gensec_socket->in_extra_read = 0;
 461
 462         gensec_socket->read_buffer   = data_blob(NULL, 0);
 463
 464         gensec_socket->recv_handler  = recv_handler;
 465         gensec_socket->recv_private  = recv_private;
 466         gensec_socket->ev            = ev;
 467
 468         gensec_socket->packet = packet_init(gensec_socket);
 469         if (gensec_socket->packet == NULL) {
 470                 *new_socket = NULL;
 471                 talloc_free(new_sock);
 472                 return NT_STATUS_NO_MEMORY;
 473         }
 474
 475         packet_set_private(gensec_socket->packet, gensec_socket);
 476         packet_set_socket(gensec_socket->packet, gensec_socket->socket);
 477         packet_set_callback(gensec_socket->packet, gensec_socket_unwrap);
 478         packet_set_full_request(gensec_socket->packet, gensec_socket_full_request);
 479         packet_set_error_handler(gensec_socket->packet, gensec_socket_error_handler);
 480         packet_set_serialise(gensec_socket->packet);
 481
 482         /* TODO: full-request that knows about maximum packet size */
 483
 484         talloc_steal(gensec_socket, current_socket);
 485         *new_socket = new_sock;
 486         return NT_STATUS_OK;
 487 }
 488
 489
 490 static NTSTATUS gensec_socket_set_option(struct socket_context *sock, const char *option, const char *val)
 491 {
 492         set_socket_options(socket_get_fd(sock), option);
 493         return NT_STATUS_OK;
 494 }
 495
 496 static char *gensec_socket_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx)
 497 {
 498         struct gensec_socket *gensec = talloc_get_type(sock->private_data, struct gensec_socket);
 499         return socket_get_peer_name(gensec->socket, mem_ctx);
 500 }
 501
 502 static struct socket_address *gensec_socket_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
 503 {
 504         struct gensec_socket *gensec = talloc_get_type(sock->private_data, struct gensec_socket);
 505         return socket_get_peer_addr(gensec->socket, mem_ctx);
 506 }
 507
 508 static struct socket_address *gensec_socket_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
 509 {
 510         struct gensec_socket *gensec = talloc_get_type(sock->private_data, struct gensec_socket);
 511         return socket_get_my_addr(gensec->socket, mem_ctx);
 512 }
 513
 514 static int gensec_socket_get_fd(struct socket_context *sock)
 515 {
 516         struct gensec_socket *gensec = talloc_get_type(sock->private_data, struct gensec_socket);
 517         return socket_get_fd(gensec->socket);
 518 }
 519
 520 static const struct socket_ops gensec_socket_ops = {
 521         .name                   = "gensec",
 522         .fn_init                = gensec_socket_init_fn,
 523         .fn_recv                = gensec_socket_recv,
 524         .fn_send                = gensec_socket_send,
 525         .fn_pending             = gensec_socket_pending,
 526
 527         .fn_set_option          = gensec_socket_set_option,
 528
 529         .fn_get_peer_name       = gensec_socket_get_peer_name,
 530         .fn_get_peer_addr       = gensec_socket_get_peer_addr,
 531         .fn_get_my_addr         = gensec_socket_get_my_addr,
 532         .fn_get_fd              = gensec_socket_get_fd
 533 };
 534