X-Git-Url: http://git.samba.org/samba.git/?p=gd%2Fsamba%2F.git;a=blobdiff_plain;f=source%2Flibads%2Fauthdata.c;h=79972875acfd9f57252514c5c60930eb531a9a61;hp=1f90f76267169d9aaedc37644d908870ca884a94;hb=5483f5fb44bb2138a1348c05845a2b8f3588697a;hpb=c06e507737bb07ff995876e49341de3f60b0da35 diff --git a/source/libads/authdata.c b/source/libads/authdata.c index 1f90f762671..79972875acf 100644 --- a/source/libads/authdata.c +++ b/source/libads/authdata.c @@ -1,23 +1,23 @@ -/* +/* Unix SMB/CIFS implementation. kerberos authorization data (PAC) utility library - Copyright (C) Jim McDonough 2003 + Copyright (C) Jim McDonough 2003 Copyright (C) Andrew Bartlett 2004-2005 Copyright (C) Andrew Tridgell 2001 Copyright (C) Luke Howard 2002-2003 Copyright (C) Stefan Metzmacher 2004-2005 Copyright (C) Guenther Deschner 2005,2007 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -26,622 +26,8 @@ #ifdef HAVE_KRB5 -static bool pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name, - prs_struct *ps, int depth) -{ - if (NULL == logon_name) - return False; - - prs_debug(ps, depth, desc, "pac_io_logon_name"); - depth++; - - if (!smb_io_time("logon_time", &logon_name->logon_time, ps, depth)) - return False; - - if (!prs_uint16("len", ps, depth, &logon_name->len)) - return False; - - /* The following string is always in little endian 16 bit values, - copy as 8 bits to avoid endian reversal on big-endian machines. - len is the length in bytes. */ - - if (UNMARSHALLING(ps) && logon_name->len) { - logon_name->username = PRS_ALLOC_MEM(ps, uint8, logon_name->len); - if (!logon_name->username) { - DEBUG(3, ("No memory available\n")); - return False; - } - } - - if (!prs_uint8s(True, "name", ps, depth, logon_name->username, logon_name->len)) - return False; - - return True; -} - -#if 0 /* Unused (handled now in net_io_user_info3()) - Guenther */ -static bool pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr, - prs_struct *ps, int depth) -{ - if (NULL == sid_and_attr) - return False; - - prs_debug(ps, depth, desc, "pac_io_krb_sids"); - depth++; - - if (UNMARSHALLING(ps)) { - sid_and_attr->sid = PRS_ALLOC_MEM(ps, DOM_SID2, 1); - if (!sid_and_attr->sid) { - DEBUG(3, ("No memory available\n")); - return False; - } - } - - if(!smb_io_dom_sid2("sid", sid_and_attr->sid, ps, depth)) - return False; - - return True; -} - - -static bool pac_io_krb_attrs(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr, - prs_struct *ps, int depth) -{ - if (NULL == sid_and_attr) - return False; - - prs_debug(ps, depth, desc, "pac_io_krb_attrs"); - depth++; - - if (!prs_uint32("sid_ptr", ps, depth, &sid_and_attr->sid_ptr)) - return False; - if (!prs_uint32("attrs", ps, depth, &sid_and_attr->attrs)) - return False; - - return True; -} - -static bool pac_io_krb_sid_and_attr_array(const char *desc, - KRB_SID_AND_ATTR_ARRAY *array, - uint32 num, - prs_struct *ps, int depth) -{ - int i; - - if (NULL == array) - return False; - - prs_debug(ps, depth, desc, "pac_io_krb_sid_and_attr_array"); - depth++; - - - if (!prs_uint32("count", ps, depth, &array->count)) - return False; - - if (UNMARSHALLING(ps)) { - if (num) { - array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num); - if (!array->krb_sid_and_attrs) { - DEBUG(3, ("No memory available\n")); - return False; - } - } else { - array->krb_sid_and_attrs = NULL; - } - } - - for (i=0; ikrb_sid_and_attrs[i], - ps, depth)) - return False; - - } - for (i=0; ikrb_sid_and_attrs[i], - ps, depth)) - return False; - - } - - return True; - -} -#endif - -static bool pac_io_group_membership(const char *desc, - GROUP_MEMBERSHIP *membership, - prs_struct *ps, int depth) -{ - if (NULL == membership) - return False; - - prs_debug(ps, depth, desc, "pac_io_group_membership"); - depth++; - - if (!prs_uint32("rid", ps, depth, &membership->rid)) - return False; - if (!prs_uint32("attrs", ps, depth, &membership->attrs)) - return False; - - return True; -} - - -static bool pac_io_group_membership_array(const char *desc, - GROUP_MEMBERSHIP_ARRAY *array, - uint32 num, - prs_struct *ps, int depth) -{ - int i; - - if (NULL == array) - return False; - - prs_debug(ps, depth, desc, "pac_io_group_membership_array"); - depth++; - - - if (!prs_uint32("count", ps, depth, &array->count)) - return False; - - if (UNMARSHALLING(ps)) { - if (num) { - array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num); - if (!array->group_membership) { - DEBUG(3, ("No memory available\n")); - return False; - } - } else { - array->group_membership = NULL; - } - } - - for (i=0; igroup_membership[i], - ps, depth)) - return False; - - } - - return True; - -} - -#if 0 /* Unused, replaced using an expanded net_io_user_info3() now - Guenther */ -static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, - prs_struct *ps, int depth) -{ - uint32 garbage = 0, i; - - if (NULL == info) - return False; - - prs_debug(ps, depth, desc, "pac_io_pac_logon_info"); - depth++; - - if (!prs_align(ps)) - return False; - if (!prs_uint32("unknown", ps, depth, &garbage)) /* 00081001 */ - return False; - if (!prs_uint32("unknown", ps, depth, &garbage)) /* cccccccc */ - return False; - if (!prs_uint32("bufferlen", ps, depth, &garbage)) - return False; - if (!prs_uint32("bufferlenhi", ps, depth, &garbage)) /* 00000000 */ - return False; - - if (!prs_uint32("pointer", ps, depth, &garbage)) - return False; - - if (!prs_align(ps)) - return False; - if (!smb_io_time("logon_time", &info->logon_time, ps, depth)) - return False; - if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth)) - return False; - if (!smb_io_time("kickoff_time", &info->kickoff_time, ps, depth)) - return False; - if (!smb_io_time("pass_last_set_time", &info->pass_last_set_time, - ps, depth)) - return False; - if (!smb_io_time("pass_can_change_time", &info->pass_can_change_time, - ps, depth)) - return False; - if (!smb_io_time("pass_must_change_time", &info->pass_must_change_time, - ps, depth)) - return False; - - if (!smb_io_unihdr("hdr_user_name", &info->hdr_user_name, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, - ps, depth)) - return False; - if (!smb_io_unihdr("hdr_profile_path", &info->hdr_profile_path, - ps, depth)) - return False; - if (!smb_io_unihdr("hdr_home_dir", &info->hdr_home_dir, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth)) - return False; - - if (!prs_uint16("logon_count", ps, depth, &info->logon_count)) - return False; - if (!prs_uint16("bad_password_count", ps, depth, &info->bad_password_count)) - return False; - if (!prs_uint32("user_rid", ps, depth, &info->user_rid)) - return False; - if (!prs_uint32("group_rid", ps, depth, &info->group_rid)) - return False; - if (!prs_uint32("group_count", ps, depth, &info->group_count)) - return False; - /* I haven't seen this contain anything yet, but when it does - we will have to make sure we decode the contents in the middle - all the unistr2s ... */ - if (!prs_uint32("group_mem_ptr", ps, depth, - &info->group_membership_ptr)) - return False; - if (!prs_uint32("user_flags", ps, depth, &info->user_flags)) - return False; - - if (!prs_uint8s(False, "session_key", ps, depth, info->session_key, 16)) - return False; - - if (!smb_io_unihdr("hdr_dom_controller", - &info->hdr_dom_controller, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth)) - return False; - - /* this should be followed, but just get ptr for now */ - if (!prs_uint32("ptr_dom_sid", ps, depth, &info->ptr_dom_sid)) - return False; - - if (!prs_uint8s(False, "lm_session_key", ps, depth, info->lm_session_key, 8)) - return False; - - if (!prs_uint32("acct_flags", ps, depth, &info->acct_flags)) - return False; - - for (i = 0; i < 7; i++) - { - if (!prs_uint32("unkown", ps, depth, &info->unknown[i])) /* unknown */ - return False; - } - - if (!prs_uint32("sid_count", ps, depth, &info->sid_count)) - return False; - if (!prs_uint32("ptr_extra_sids", ps, depth, &info->ptr_extra_sids)) - return False; - if (!prs_uint32("ptr_res_group_dom_sid", ps, depth, - &info->ptr_res_group_dom_sid)) - return False; - if (!prs_uint32("res_group_count", ps, depth, &info->res_group_count)) - return False; - if (!prs_uint32("ptr_res_groups", ps, depth, &info->ptr_res_groups)) - return False; - - if(!smb_io_unistr2("uni_user_name", &info->uni_user_name, - info->hdr_user_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_full_name", &info->uni_full_name, - info->hdr_full_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_logon_script", &info->uni_logon_script, - info->hdr_logon_script.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_profile_path", &info->uni_profile_path, - info->hdr_profile_path.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_home_dir", &info->uni_home_dir, - info->hdr_home_dir.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive, - info->hdr_dir_drive.buffer, ps, depth)) - return False; - - if (info->group_membership_ptr) { - if (!pac_io_group_membership_array("group membership", - &info->groups, - info->group_count, - ps, depth)) - return False; - } - - - if(!smb_io_unistr2("uni_dom_controller", &info->uni_dom_controller, - info->hdr_dom_controller.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, - info->hdr_dom_name.buffer, ps, depth)) - return False; - - if(info->ptr_dom_sid) - if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth)) - return False; - - - if (info->sid_count && info->ptr_extra_sids) - if (!pac_io_krb_sid_and_attr_array("extra_sids", - &info->extra_sids, - info->sid_count, - ps, depth)) - return False; - - if (info->ptr_res_group_dom_sid) - if (!smb_io_dom_sid2("res_group_dom_sid", - &info->res_group_dom_sid, ps, depth)) - return False; - - if (info->ptr_res_groups) { - - if (!(info->user_flgs & LOGON_RESOURCE_GROUPS)) { - DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n")); - /* return False; */ - } - - if (!pac_io_group_membership_array("res group membership", - &info->res_groups, - info->res_group_count, - ps, depth)) - return False; - } - - return True; -} -#endif - -static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, - prs_struct *ps, int depth) -{ - uint32 garbage = 0; - bool kerb_validation_info = True; - - if (NULL == info) - return False; - - prs_debug(ps, depth, desc, "pac_io_pac_logon_info"); - depth++; - - if (!prs_align(ps)) - return False; - if (!prs_uint32("unknown", ps, depth, &garbage)) /* 00081001 */ - return False; - if (!prs_uint32("unknown", ps, depth, &garbage)) /* cccccccc */ - return False; - if (!prs_uint32("bufferlen", ps, depth, &garbage)) - return False; - if (!prs_uint32("bufferlenhi", ps, depth, &garbage)) /* 00000000 */ - return False; - - if(!net_io_user_info3("", &info->info3, ps, depth, 3, kerb_validation_info)) - return False; - - if (info->info3.ptr_res_group_dom_sid) { - if (!smb_io_dom_sid2("res_group_dom_sid", - &info->res_group_dom_sid, ps, depth)) - return False; - } - - if (info->info3.ptr_res_groups) { - - if (!(info->info3.user_flgs & NETLOGON_RESOURCE_GROUPS)) { - DEBUG(0,("user_flgs attribute does not have NETLOGON_RESOURCE_GROUPS\n")); - /* return False; */ - } - - if (!pac_io_group_membership_array("res group membership", - &info->res_groups, - info->info3.res_group_count, - ps, depth)) - return False; - } - - return True; -} - - - -static bool pac_io_pac_signature_data(const char *desc, - PAC_SIGNATURE_DATA *data, uint32 length, - prs_struct *ps, int depth) -{ - uint32 siglen = 0; - - prs_debug(ps, depth, desc, "pac_io_pac_signature_data"); - depth++; - - if (data == NULL) - return False; - - if (!prs_align(ps)) - return False; - if (!prs_uint32("type", ps, depth, &data->type)) - return False; - - if ( length > sizeof(uint32) ) - siglen = length - sizeof(uint32); - - if (UNMARSHALLING(ps) && length) { - if (siglen) { - data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen); - if (!data->signature.buffer) { - DEBUG(3, ("No memory available\n")); - return False; - } - } else { - data->signature.buffer = NULL; - } - } - - data->signature.buf_len = siglen; - - if (!prs_uint8s(False, "signature", ps, depth, data->signature.buffer, data->signature.buf_len)) - return False; - - - return True; -} - -static bool pac_io_pac_info_hdr_ctr(const char *desc, PAC_BUFFER *hdr, - prs_struct *ps, int depth) -{ - if (NULL == hdr) - return False; - - prs_debug(ps, depth, desc, "pac_io_pac_info_hdr_ctr"); - depth++; - - if (!prs_align(ps)) - return False; - - if (hdr->offset != prs_offset(ps)) { - DEBUG(5,("offset in header(x%x) and data(x%x) do not match, correcting\n", - hdr->offset, prs_offset(ps))); - prs_set_offset(ps, hdr->offset); - } - - if (UNMARSHALLING(ps) && hdr->size > 0) { - hdr->ctr = PRS_ALLOC_MEM(ps, PAC_INFO_CTR, 1); - if (!hdr->ctr) { - DEBUG(3, ("No memory available\n")); - return False; - } - } - - switch(hdr->type) { - case PAC_TYPE_LOGON_INFO: - DEBUG(5, ("PAC_TYPE_LOGON_INFO\n")); - if (UNMARSHALLING(ps)) - hdr->ctr->pac.logon_info = PRS_ALLOC_MEM(ps, PAC_LOGON_INFO, 1); - if (!hdr->ctr->pac.logon_info) { - DEBUG(3, ("No memory available\n")); - return False; - } - if (!pac_io_pac_logon_info(desc, hdr->ctr->pac.logon_info, - ps, depth)) - return False; - break; - - case PAC_TYPE_SERVER_CHECKSUM: - DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n")); - if (UNMARSHALLING(ps)) - hdr->ctr->pac.srv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1); - if (!hdr->ctr->pac.srv_cksum) { - DEBUG(3, ("No memory available\n")); - return False; - } - if (!pac_io_pac_signature_data(desc, hdr->ctr->pac.srv_cksum, - hdr->size, ps, depth)) - return False; - break; - - case PAC_TYPE_PRIVSVR_CHECKSUM: - DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n")); - if (UNMARSHALLING(ps)) - hdr->ctr->pac.privsrv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1); - if (!hdr->ctr->pac.privsrv_cksum) { - DEBUG(3, ("No memory available\n")); - return False; - } - if (!pac_io_pac_signature_data(desc, - hdr->ctr->pac.privsrv_cksum, - hdr->size, ps, depth)) - return False; - break; - - case PAC_TYPE_LOGON_NAME: - DEBUG(5, ("PAC_TYPE_LOGON_NAME\n")); - if (UNMARSHALLING(ps)) - hdr->ctr->pac.logon_name = PRS_ALLOC_MEM(ps, PAC_LOGON_NAME, 1); - if (!hdr->ctr->pac.logon_name) { - DEBUG(3, ("No memory available\n")); - return False; - } - if (!pac_io_logon_name(desc, hdr->ctr->pac.logon_name, - ps, depth)) - return False; - break; - - default: - /* dont' know, so we need to skip it */ - DEBUG(3, ("unknown PAC type %d\n", hdr->type)); - prs_set_offset(ps, prs_offset(ps) + hdr->size); - } - -#if 0 - /* obscure pad */ - if (!prs_uint32("pad", ps, depth, &hdr->pad)) - return False; -#endif - return True; -} - -static bool pac_io_pac_info_hdr(const char *desc, PAC_BUFFER *hdr, - prs_struct *ps, int depth) -{ - if (NULL == hdr) - return False; - - prs_debug(ps, depth, desc, "pac_io_pac_info_hdr"); - depth++; - - if (!prs_align(ps)) - return False; - if (!prs_uint32("type", ps, depth, &hdr->type)) - return False; - if (!prs_uint32("size", ps, depth, &hdr->size)) - return False; - if (!prs_uint32("offset", ps, depth, &hdr->offset)) - return False; - if (!prs_uint32("offsethi", ps, depth, &hdr->offsethi)) - return False; - - return True; -} - -static bool pac_io_pac_data(const char *desc, PAC_DATA *data, - prs_struct *ps, int depth) -{ - int i; - - if (NULL == data) - return False; - - prs_debug(ps, depth, desc, "pac_io_pac_data"); - depth++; - - if (!prs_align(ps)) - return False; - if (!prs_uint32("num_buffers", ps, depth, &data->num_buffers)) - return False; - if (!prs_uint32("version", ps, depth, &data->version)) - return False; - - if (UNMARSHALLING(ps) && data->num_buffers > 0) { - if ((data->pac_buffer = PRS_ALLOC_MEM(ps, PAC_BUFFER, data->num_buffers)) == NULL) { - return False; - } - } - - for (i=0; inum_buffers; i++) { - if (!pac_io_pac_info_hdr(desc, &data->pac_buffer[i], ps, - depth)) - return False; - } - - for (i=0; inum_buffers; i++) { - if (!pac_io_pac_info_hdr_ctr(desc, &data->pac_buffer[i], - ps, depth)) - return False; - } - - return True; -} +/**************************************************************** +****************************************************************/ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, DATA_BLOB pac_data,