2 Unix SMB/CIFS implementation.
3 kerberos authorization data (PAC) utility library
4 Copyright (C) Jim McDonough 2003
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 static DATA_BLOB unwrap_pac(DATA_BLOB *auth_data)
27 DATA_BLOB pac_contents;
31 asn1_load(&data, *auth_data);
32 asn1_start_tag(&data, ASN1_SEQUENCE(0));
33 asn1_start_tag(&data, ASN1_SEQUENCE(0));
34 asn1_start_tag(&data, ASN1_CONTEXT(0));
35 asn1_read_Integer(&data, &data_type);
37 asn1_start_tag(&data, ASN1_CONTEXT(1));
38 asn1_read_OctetString(&data, &pac_contents);
45 static BOOL pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
46 prs_struct *ps, int depth)
48 if (NULL == sid_and_attr)
51 prs_debug(ps, depth, desc, "pac_io_krb_sids");
54 if (UNMARSHALLING(ps)) {
56 (DOM_SID2 * ) prs_alloc_mem(ps, sizeof(DOM_SID2));
57 if (!sid_and_attr->sid) {
58 DEBUG(3, ("No memory available\n"));
63 if(!smb_io_dom_sid2("sid", sid_and_attr->sid, ps, depth))
70 static BOOL pac_io_krb_attrs(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
71 prs_struct *ps, int depth)
73 if (NULL == sid_and_attr)
76 prs_debug(ps, depth, desc, "pac_io_krb_attrs");
79 if (!prs_uint32("sid_ptr", ps, depth, &sid_and_attr->sid_ptr))
81 if (!prs_uint32("attrs", ps, depth, &sid_and_attr->attrs))
87 static BOOL pac_io_krb_sid_and_attr_array(const char *desc,
88 KRB_SID_AND_ATTR_ARRAY *array,
90 prs_struct *ps, int depth)
97 prs_debug(ps, depth, desc, "pac_io_krb_sid_and_attr_array");
101 if (!prs_uint32("count", ps, depth, &array->count))
104 if (UNMARSHALLING(ps)) {
105 array->krb_sid_and_attrs = (KRB_SID_AND_ATTRS *)
106 prs_alloc_mem(ps, sizeof(KRB_SID_AND_ATTRS) * num);
107 if (!array->krb_sid_and_attrs) {
108 DEBUG(3, ("No memory available\n"));
113 for (i=0; i<num; i++) {
114 if (!pac_io_krb_attrs(desc,
115 &array->krb_sid_and_attrs[i],
120 for (i=0; i<num; i++) {
121 if (!pac_io_krb_sids(desc,
122 &array->krb_sid_and_attrs[i],
132 static BOOL pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info,
133 prs_struct *ps, int depth)
139 prs_debug(ps, depth, desc, "pac_io_pac_logon_info");
142 if (!prs_uint32("unknown", ps, depth, &garbage))
144 if (!prs_uint32("unknown", ps, depth, &garbage))
146 if (!prs_uint32("bufferlen", ps, depth, &garbage))
148 if (!prs_uint32("bufferlenhi", ps, depth, &garbage))
150 if (!prs_uint32("pointer", ps, depth, &garbage))
153 if (!smb_io_time("logon_time", &info->logon_time, ps, depth))
155 if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth))
157 if (!smb_io_time("kickoff_time", &info->kickoff_time, ps, depth))
159 if (!smb_io_time("pass_last_set_time", &info->pass_last_set_time,
162 if (!smb_io_time("pass_can_change_time", &info->pass_can_change_time,
165 if (!smb_io_time("pass_must_change_time", &info->pass_must_change_time,
169 if (!smb_io_unihdr("hdr_user_name", &info->hdr_user_name, ps, depth))
171 if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth))
173 if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script,
176 if (!smb_io_unihdr("hdr_profile_path", &info->hdr_profile_path,
179 if (!smb_io_unihdr("hdr_home_dir", &info->hdr_home_dir, ps, depth))
181 if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth))
184 if (!prs_uint16("logon_count", ps, depth, &info->logon_count))
186 if (!prs_uint16("reserved12", ps, depth, &info->reserved12))
188 if (!prs_uint32("user_rid", ps, depth, &info->user_rid))
190 if (!prs_uint32("group_rid", ps, depth, &info->group_rid))
192 if (!prs_uint32("group_count", ps, depth, &info->group_count))
194 /* I haven't seen this contain anything yet, but when it does
195 we will have to make sure we decode the contents in the middle
196 all the unistr2s ... */
197 if (!prs_uint32("group_mem_ptr", ps, depth,
198 &info->group_membership_ptr))
200 if (!prs_uint32("user_flags", ps, depth, &info->user_flags))
203 if (!prs_uint32("reserved13.0", ps, depth, &info->reserved13[0]))
205 if (!prs_uint32("reserved13.1", ps, depth, &info->reserved13[1]))
207 if (!prs_uint32("reserved13.2", ps, depth, &info->reserved13[2]))
209 if (!prs_uint32("reserved13.3", ps, depth, &info->reserved13[3]))
212 if (!smb_io_unihdr("hdr_dom_controller",
213 &info->hdr_dom_controller, ps, depth))
215 if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
218 /* this should be followed, but just get ptr for now */
219 if (!prs_uint32("ptr_dom_sid", ps, depth, &info->ptr_dom_sid))
222 if (!prs_uint32("reserved16.0", ps, depth, &info->reserved16[0]))
224 if (!prs_uint32("reserved16.1", ps, depth, &info->reserved16[1]))
227 /* might be acb_info */
228 if (!prs_uint32("reserved17", ps, depth, &info->reserved17))
232 if (!prs_uint32("reserved18.0", ps, depth, &info->reserved18[0]))
234 if (!prs_uint32("reserved18.1", ps, depth, &info->reserved18[1]))
236 if (!prs_uint32("reserved18.2", ps, depth, &info->reserved18[2]))
238 if (!prs_uint32("reserved18.3", ps, depth, &info->reserved18[3]))
240 if (!prs_uint32("reserved18.4", ps, depth, &info->reserved18[4]))
242 if (!prs_uint32("reserved18.5", ps, depth, &info->reserved18[5]))
244 if (!prs_uint32("reserved18.6", ps, depth, &info->reserved18[6]))
247 if (!prs_uint32("sid_count", ps, depth, &info->sid_count))
249 if (!prs_uint32("ptr_extra_sids", ps, depth, &info->ptr_extra_sids))
251 if (!prs_uint32("ptr_res_group_dom_sid", ps, depth,
252 &info->ptr_res_group_dom_sid))
254 if (!prs_uint32("res_group_count", ps, depth, &info->res_group_count))
256 if (!prs_uint32("ptr_res_group_sids", ps, depth,
257 &info->ptr_res_group_sids))
260 if(!smb_io_unistr2("uni_user_name", &info->uni_user_name,
261 info->hdr_user_name.buffer, ps, depth))
263 if(!smb_io_unistr2("uni_full_name", &info->uni_full_name,
264 info->hdr_full_name.buffer, ps, depth))
266 if(!smb_io_unistr2("uni_logon_script", &info->uni_logon_script,
267 info->hdr_logon_script.buffer, ps, depth))
269 if(!smb_io_unistr2("uni_profile_path", &info->uni_profile_path,
270 info->hdr_profile_path.buffer, ps, depth))
272 if(!smb_io_unistr2("uni_home_dir", &info->uni_home_dir,
273 info->hdr_home_dir.buffer, ps, depth))
275 if(!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive,
276 info->hdr_dir_drive.buffer, ps, depth))
279 /* the group membership list will need to be handled here */
281 if(!smb_io_unistr2("uni_dom_controller", &info->uni_dom_controller,
282 info->hdr_dom_controller.buffer, ps, depth))
284 if(!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
285 info->hdr_dom_name.buffer, ps, depth))
288 if(info->ptr_dom_sid)
289 if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
293 if (info->sid_count && info->ptr_extra_sids) {
294 if (!pac_io_krb_sid_and_attr_array("extra_sids",
306 static BOOL pac_io_pac_signature_data(const char *desc,
307 PAC_SIGNATURE_DATA *data, uint32 length,
308 prs_struct *ps, int depth)
310 uint32 siglen = length - sizeof(uint32);
314 prs_debug(ps, depth, desc, "pac_io_pac_signature_data");
317 if (!prs_uint32("type", ps, depth, &data->type))
319 if (UNMARSHALLING(ps)) {
320 data->signature = prs_alloc_mem(ps, siglen);
321 if (!data->signature) {
322 DEBUG(3, ("No memory available\n"));
326 if (!prs_uint8s(False, "signature", ps, depth, data->signature,siglen))
332 static BOOL pac_io_pac_info_hdr_ctr(const char *desc, PAC_INFO_HDR *hdr,
333 prs_struct *ps, int depth)
338 prs_debug(ps, depth, desc, "pac_io_pac_info_hdr_ctr");
344 if (hdr->offset != prs_offset(ps)) {
345 DEBUG(5, ("offset in header(x%x) and data(x%x) do not match\n",
346 hdr->offset, prs_offset(ps)));
347 prs_set_offset(ps, hdr->offset);
350 if (UNMARSHALLING(ps) && hdr->size > 0) {
351 hdr->ctr = (PAC_INFO_CTR *)
352 prs_alloc_mem(ps, sizeof(PAC_INFO_CTR));
354 DEBUG(3, ("No memory available\n"));
360 case PAC_TYPE_LOGON_INFO:
361 DEBUG(5, ("PAC_TYPE_LOGON_INFO\n"));
362 if (UNMARSHALLING(ps))
363 hdr->ctr->pac.logon_info = (PAC_LOGON_INFO *)
364 prs_alloc_mem(ps, sizeof(PAC_LOGON_INFO));
365 if (!hdr->ctr->pac.logon_info) {
366 DEBUG(3, ("No memory available\n"));
369 if (!pac_io_pac_logon_info(desc, hdr->ctr->pac.logon_info,
374 case PAC_TYPE_SERVER_CHECKSUM:
375 DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n"));
376 if (UNMARSHALLING(ps))
377 hdr->ctr->pac.srv_cksum = (PAC_SIGNATURE_DATA *)
378 prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
379 if (!hdr->ctr->pac.srv_cksum) {
380 DEBUG(3, ("No memory available\n"));
383 if (!pac_io_pac_signature_data(desc, hdr->ctr->pac.srv_cksum,
384 hdr->size, ps, depth))
388 case PAC_TYPE_PRIVSVR_CHECKSUM:
389 DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n"));
390 if (UNMARSHALLING(ps))
391 hdr->ctr->pac.privsrv_cksum = (PAC_SIGNATURE_DATA *)
392 prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
393 if (!hdr->ctr->pac.privsrv_cksum) {
394 DEBUG(3, ("No memory available\n"));
397 if (!pac_io_pac_signature_data(desc,
398 hdr->ctr->pac.privsrv_cksum,
399 hdr->size, ps, depth))
404 /* dont' know, so we need to skip it */
405 DEBUG(3, ("unknown PAC type %d\n", hdr->type));
406 prs_set_offset(ps, prs_offset(ps) + hdr->size);
412 static BOOL pac_io_pac_info_hdr(const char *desc, PAC_INFO_HDR *hdr,
413 prs_struct *ps, int depth)
418 prs_debug(ps, depth, desc, "pac_io_pac_info_hdr");
423 if (!prs_uint32("type", ps, depth, &hdr->type))
425 if (!prs_uint32("size", ps, depth, &hdr->size))
427 if (!prs_uint32("offset", ps, depth, &hdr->offset))
429 if (!prs_uint32("offsethi", ps, depth, &hdr->offsethi))
435 static BOOL pac_io_pac_data(const char *desc, PAC_DATA *data,
436 prs_struct *ps, int depth)
443 prs_debug(ps, depth, desc, "pac_io_pac_data");
448 if (!prs_uint32("num_buffers", ps, depth, &data->num_buffers))
450 if (!prs_uint32("version", ps, depth, &data->version))
453 if (UNMARSHALLING(ps) && data->num_buffers > 0) {
454 if ((data->pac_info_hdr_ptr = (PAC_INFO_HDR *)
455 prs_alloc_mem(ps, sizeof(PAC_INFO_HDR) *
456 data->num_buffers)) == NULL) {
461 for (i=0; i<data->num_buffers; i++) {
462 if (!pac_io_pac_info_hdr(desc, &data->pac_info_hdr_ptr[i], ps,
467 for (i=0; i<data->num_buffers; i++) {
468 if (!pac_io_pac_info_hdr_ctr(desc, &data->pac_info_hdr_ptr[i],
476 PAC_DATA *decode_pac_data(DATA_BLOB *auth_data, TALLOC_CTX *ctx)
478 DATA_BLOB pac_data_blob = unwrap_pac(auth_data);
482 DEBUG(5,("dump_pac_data\n"));
483 prs_init(&ps, pac_data_blob.length, ctx, UNMARSHALL);
484 prs_copy_data_in(&ps, pac_data_blob.data, pac_data_blob.length);
485 prs_set_offset(&ps, 0);
487 pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA));
488 pac_io_pac_data("pac data", pac_data, &ps, 0);