2 Unix SMB/CIFS implementation.
3 Authentication utility functions
4 Copyright (C) Sumit Bose 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "../librpc/gen_ndr/ndr_drsblobs.h"
22 #include "../librpc/gen_ndr/ndr_lsa.h"
23 #include "libcli/lsarpc/util_lsarpc.h"
25 static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
27 struct AuthenticationInformationArray *ai,
28 struct lsa_TrustDomainInfoBuffer **_b)
31 struct lsa_TrustDomainInfoBuffer *b;
34 b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
36 return NT_STATUS_NO_MEMORY;
39 for(i = 0; i < count; i++) {
41 b[i].last_update_time = ai->array[i].LastUpdateTime;
42 b[i].AuthType = ai->array[i].AuthType;
43 switch(ai->array[i].AuthType) {
44 case TRUST_AUTH_TYPE_NONE:
46 b[i].data.data = NULL;
48 case TRUST_AUTH_TYPE_NT4OWF:
49 if (ai->array[i].AuthInfo.nt4owf.size != 16) {
50 status = NT_STATUS_INVALID_PARAMETER;
53 b[i].data.data = (uint8_t *)talloc_memdup(b,
54 &ai->array[i].AuthInfo.nt4owf.password.hash,
56 if (b[i].data.data == NULL) {
57 status = NT_STATUS_NO_MEMORY;
61 case TRUST_AUTH_TYPE_CLEAR:
62 if (!convert_string_talloc(b,
64 ai->array[i].AuthInfo.clear.password,
65 ai->array[i].AuthInfo.clear.size,
68 status = NT_STATUS_INVALID_PARAMETER;
71 b[i].data.size = size;
73 case TRUST_AUTH_TYPE_VERSION:
74 if (ai->array[i].AuthInfo.version.size != 4) {
75 status = NT_STATUS_INVALID_PARAMETER;
79 b[i].data.data = (uint8_t *)talloc_memdup(b,
80 &ai->array[i].AuthInfo.version.version, 4);
81 if (b[i].data.data == NULL) {
82 status = NT_STATUS_NO_MEMORY;
87 status = NT_STATUS_INVALID_PARAMETER;
101 static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
102 DATA_BLOB *inout_blob,
104 struct lsa_TrustDomainInfoBuffer **current,
105 struct lsa_TrustDomainInfoBuffer **previous)
108 struct trustAuthInOutBlob iopw;
109 enum ndr_err_code ndr_err;
112 tmp_ctx = talloc_new(mem_ctx);
113 if (tmp_ctx == NULL) {
114 return NT_STATUS_NO_MEMORY;
117 ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
118 (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
119 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
120 status = NT_STATUS_INVALID_PARAMETER;
126 status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
127 &iopw.current, current);
128 if (!NT_STATUS_IS_OK(status)) {
132 if (iopw.previous.count > 0) {
133 status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
134 &iopw.previous, previous);
135 if (!NT_STATUS_IS_OK(status)) {
142 status = NT_STATUS_OK;
145 talloc_free(tmp_ctx);
149 NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
150 DATA_BLOB incoming, DATA_BLOB outgoing,
151 struct lsa_TrustDomainInfoAuthInfo *auth_info)
155 if (incoming.length != 0) {
156 status = trustauth_inout_blob_2_auth_info(mem_ctx,
158 &auth_info->incoming_count,
159 &auth_info->incoming_current_auth_info,
160 &auth_info->incoming_previous_auth_info);
161 if (!NT_STATUS_IS_OK(status)) {
165 auth_info->incoming_count = 0;
166 auth_info->incoming_current_auth_info = NULL;
167 auth_info->incoming_previous_auth_info = NULL;
170 if (outgoing.length != 0) {
171 status = trustauth_inout_blob_2_auth_info(mem_ctx,
173 &auth_info->outgoing_count,
174 &auth_info->outgoing_current_auth_info,
175 &auth_info->outgoing_previous_auth_info);
176 if (!NT_STATUS_IS_OK(status)) {
180 auth_info->outgoing_count = 0;
181 auth_info->outgoing_current_auth_info = NULL;
182 auth_info->outgoing_previous_auth_info = NULL;
188 static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
190 struct lsa_TrustDomainInfoBuffer *b,
191 struct AuthenticationInformationArray *ai)
197 ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
199 if (ai->array == NULL) {
200 return NT_STATUS_NO_MEMORY;
203 for(i = 0; i < count; i++) {
205 ai->array[i].LastUpdateTime = b[i].last_update_time;
206 ai->array[i].AuthType = b[i].AuthType;
207 switch(ai->array[i].AuthType) {
208 case TRUST_AUTH_TYPE_NONE:
209 ai->array[i].AuthInfo.none.size = 0;
211 case TRUST_AUTH_TYPE_NT4OWF:
212 if (b[i].data.size != 16) {
213 status = NT_STATUS_INVALID_PARAMETER;
216 memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
219 case TRUST_AUTH_TYPE_CLEAR:
220 if (!convert_string_talloc(ai->array,
224 &ai->array[i].AuthInfo.clear.password,
226 status = NT_STATUS_INVALID_PARAMETER;
229 ai->array[i].AuthInfo.clear.size = size;
231 case TRUST_AUTH_TYPE_VERSION:
232 if (b[i].data.size != 4) {
233 status = NT_STATUS_INVALID_PARAMETER;
236 ai->array[i].AuthInfo.version.size = 4;
237 memcpy(&ai->array[i].AuthInfo.version.version,
241 status = NT_STATUS_INVALID_PARAMETER;
249 talloc_free(ai->array);
253 NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
255 struct lsa_TrustDomainInfoBuffer *current,
256 struct lsa_TrustDomainInfoBuffer *previous,
257 struct trustAuthInOutBlob **iopw_out)
260 struct trustAuthInOutBlob *iopw;
261 enum ndr_err_code ndr_err;
263 iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
265 return NT_STATUS_NO_MEMORY;
269 status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
271 if (!NT_STATUS_IS_OK(status)) {
275 if (previous != NULL) {
276 status = trust_domain_info_buffer_2_ai_array(iopw, count,
279 if (!NT_STATUS_IS_OK(status)) {
283 iopw->previous.count = 0;
284 iopw->previous.array = NULL;
289 status = NT_STATUS_OK;
295 static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
297 struct lsa_TrustDomainInfoBuffer *current,
298 struct lsa_TrustDomainInfoBuffer *previous,
299 DATA_BLOB *inout_blob)
302 struct trustAuthInOutBlob *iopw = NULL;
303 enum ndr_err_code ndr_err;
305 status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
307 if (!NT_STATUS_IS_OK(status)) {
311 ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
313 (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
314 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
315 return NT_STATUS_INVALID_PARAMETER;
318 status = NT_STATUS_OK;
325 NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
326 struct lsa_TrustDomainInfoAuthInfo *auth_info,
327 DATA_BLOB *incoming, DATA_BLOB *outgoing)
331 if (auth_info->incoming_count == 0) {
332 incoming->length = 0;
333 incoming->data = NULL;
335 status = auth_info_2_trustauth_inout_blob(mem_ctx,
336 auth_info->incoming_count,
337 auth_info->incoming_current_auth_info,
338 auth_info->incoming_previous_auth_info,
340 if (!NT_STATUS_IS_OK(status)) {
345 if (auth_info->outgoing_count == 0) {
346 outgoing->length = 0;
347 outgoing->data = NULL;
349 status = auth_info_2_trustauth_inout_blob(mem_ctx,
350 auth_info->outgoing_count,
351 auth_info->outgoing_current_auth_info,
352 auth_info->outgoing_previous_auth_info,
354 if (!NT_STATUS_IS_OK(status)) {