librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()
[tprouty/samba.git] / source4 / librpc / rpc / dcerpc_auth.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Generic Authentication Interface
5
6    Copyright (C) Andrew Tridgell 2003
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8    Copyright (C) Stefan Metzmacher 2004
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libcli/composite/composite.h"
26 #include "auth/gensec/gensec.h"
27 #include "librpc/rpc/dcerpc.h"
28 #include "librpc/rpc/dcerpc_proto.h"
29 #include "param/param.h"
30
31 /*
32   return the rpc syntax and transfer syntax given the pipe uuid and version
33 */
34 static NTSTATUS dcerpc_init_syntaxes(const struct ndr_interface_table *table,
35                               struct ndr_syntax_id *syntax,
36                               struct ndr_syntax_id *transfer_syntax)
37 {
38         syntax->uuid = table->syntax_id.uuid;
39         syntax->if_version = table->syntax_id.if_version;
40
41         *transfer_syntax = ndr_transfer_syntax;
42
43         return NT_STATUS_OK;
44 }
45
46
47 /*
48   Send request to do a non-authenticated dcerpc bind
49 */
50 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
51                                                      struct dcerpc_pipe *p,
52                                                      const struct ndr_interface_table *table)
53 {
54         struct ndr_syntax_id syntax;
55         struct ndr_syntax_id transfer_syntax;
56
57         struct composite_context *c;
58
59         c = composite_create(mem_ctx, p->conn->event_ctx);
60         if (c == NULL) return NULL;
61
62         c->status = dcerpc_init_syntaxes(table,
63                                          &syntax, &transfer_syntax);
64         if (!NT_STATUS_IS_OK(c->status)) {
65                 DEBUG(2,("Invalid uuid string in "
66                          "dcerpc_bind_auth_none_send\n"));
67                 composite_error(c, c->status);
68                 return c;
69         }
70
71         /* c was only allocated as a container for a possible error */
72         talloc_free(c);
73
74         return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
75 }
76
77
78 /*
79   Receive result of a non-authenticated dcerpc bind
80 */
81 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
82 {
83         return dcerpc_bind_recv(ctx);
84 }
85
86
87 /*
88   Perform sync non-authenticated dcerpc bind
89 */
90 _PUBLIC_ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
91                                const struct ndr_interface_table *table)
92 {
93         struct composite_context *ctx;
94
95         ctx = dcerpc_bind_auth_none_send(p, p, table);
96         return dcerpc_bind_auth_none_recv(ctx);
97 }
98
99
100 struct bind_auth_state {
101         struct dcerpc_pipe *pipe;
102         DATA_BLOB credentials;
103         bool more_processing;   /* Is there anything more to do after the
104                                  * first bind itself received? */
105 };
106
107 static void bind_auth_recv_alter(struct composite_context *creq);
108
109 static void bind_auth_next_step(struct composite_context *c)
110 {
111         struct bind_auth_state *state;
112         struct dcerpc_security *sec;
113         struct composite_context *creq;
114         bool more_processing = false;
115
116         state = talloc_get_type(c->private_data, struct bind_auth_state);
117         sec = &state->pipe->conn->security_state;
118
119         /* The status value here, from GENSEC is vital to the security
120          * of the system.  Even if the other end accepts, if GENSEC
121          * claims 'MORE_PROCESSING_REQUIRED' then you must keep
122          * feeding it blobs, or else the remote host/attacker might
123          * avoid mutal authentication requirements.
124          *
125          * Likewise, you must not feed GENSEC too much (after the OK),
126          * it doesn't like that either
127          */
128
129         c->status = gensec_update(sec->generic_state, state,
130                                   sec->auth_info->credentials,
131                                   &state->credentials);
132
133         if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
134                 more_processing = true;
135                 c->status = NT_STATUS_OK;
136         }
137
138         if (!composite_is_ok(c)) return;
139
140         if (state->credentials.length == 0) {
141                 composite_done(c);
142                 return;
143         }
144
145         sec->auth_info->credentials = state->credentials;
146
147         if (!more_processing) {
148                 /* NO reply expected, so just send it */
149                 c->status = dcerpc_auth3(state->pipe, state);
150                 if (!composite_is_ok(c)) return;
151
152                 composite_done(c);
153                 return;
154         }
155
156         /* We are demanding a reply, so use a request that will get us one */
157
158         creq = dcerpc_alter_context_send(state->pipe, state,
159                                          &state->pipe->syntax,
160                                          &state->pipe->transfer_syntax);
161         if (composite_nomem(creq, c)) return;
162
163         composite_continue(c, creq, bind_auth_recv_alter, c);
164 }
165
166
167 static void bind_auth_recv_alter(struct composite_context *creq)
168 {
169         struct composite_context *c = talloc_get_type(creq->async.private_data,
170                                                       struct composite_context);
171
172         c->status = dcerpc_alter_context_recv(creq);
173         if (!composite_is_ok(c)) return;
174
175         bind_auth_next_step(c);
176 }
177
178
179 static void bind_auth_recv_bindreply(struct composite_context *creq)
180 {
181         struct composite_context *c = talloc_get_type(creq->async.private_data,
182                                                       struct composite_context);
183         struct bind_auth_state *state = talloc_get_type(c->private_data,
184                                                         struct bind_auth_state);
185
186         c->status = dcerpc_bind_recv(creq);
187         if (!composite_is_ok(c)) return;
188
189         if (!state->more_processing) {
190                 /* The first gensec_update has not requested a second run, so
191                  * we're done here. */
192                 composite_done(c);
193                 return;
194         }
195
196         bind_auth_next_step(c);
197 }
198
199
200 /**
201    Bind to a DCE/RPC pipe, send async request
202    @param mem_ctx TALLOC_CTX for the allocation of the composite_context
203    @param p The dcerpc_pipe to bind (must already be connected)
204    @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
205    @param credentials The credentials of the account to connect with 
206    @param auth_type Select the authentication scheme to use
207    @param auth_level Chooses between unprotected (connect), signed or sealed
208    @param service The service (used by Kerberos to select the service principal to contact)
209    @retval A composite context describing the partial state of the bind
210 */
211
212 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
213                                                 struct dcerpc_pipe *p,
214                                                 const struct ndr_interface_table *table,
215                                                 struct cli_credentials *credentials,
216                                                 struct loadparm_context *lp_ctx,
217                                                 uint8_t auth_type, uint8_t auth_level,
218                                                 const char *service)
219 {
220         struct composite_context *c, *creq;
221         struct bind_auth_state *state;
222         struct dcerpc_security *sec;
223
224         struct ndr_syntax_id syntax, transfer_syntax;
225
226         /* composite context allocation and setup */
227         c = composite_create(mem_ctx, p->conn->event_ctx);
228         if (c == NULL) return NULL;
229
230         state = talloc(c, struct bind_auth_state);
231         if (composite_nomem(state, c)) return c;
232         c->private_data = state;
233
234         state->pipe = p;
235
236         c->status = dcerpc_init_syntaxes(table,
237                                          &syntax,
238                                          &transfer_syntax);
239         if (!composite_is_ok(c)) return c;
240
241         sec = &p->conn->security_state;
242
243         c->status = gensec_client_start(p, &sec->generic_state,
244                                         p->conn->event_ctx,
245                                         lp_ctx);
246         if (!NT_STATUS_IS_OK(c->status)) {
247                 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
248                           nt_errstr(c->status)));
249                 composite_error(c, c->status);
250                 return c;
251         }
252
253         c->status = gensec_set_credentials(sec->generic_state, credentials);
254         if (!NT_STATUS_IS_OK(c->status)) {
255                 DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
256                           nt_errstr(c->status)));
257                 composite_error(c, c->status);
258                 return c;
259         }
260
261         c->status = gensec_set_target_hostname(sec->generic_state,
262                                                p->conn->transport.target_hostname(p->conn));
263         if (!NT_STATUS_IS_OK(c->status)) {
264                 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n", 
265                           nt_errstr(c->status)));
266                 composite_error(c, c->status);
267                 return c;
268         }
269
270         if (service != NULL) {
271                 c->status = gensec_set_target_service(sec->generic_state,
272                                                       service);
273                 if (!NT_STATUS_IS_OK(c->status)) {
274                         DEBUG(1, ("Failed to set GENSEC target service: %s\n",
275                                   nt_errstr(c->status)));
276                         composite_error(c, c->status);
277                         return c;
278                 }
279         }
280
281         c->status = gensec_start_mech_by_authtype(sec->generic_state,
282                                                   auth_type, auth_level);
283         if (!NT_STATUS_IS_OK(c->status)) {
284                 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
285                           gensec_get_name_by_authtype(auth_type),
286                           nt_errstr(c->status)));
287                 composite_error(c, c->status);
288                 return c;
289         }
290
291         sec->auth_info = talloc(p, struct dcerpc_auth);
292         if (composite_nomem(sec->auth_info, c)) return c;
293
294         sec->auth_info->auth_type = auth_type;
295         sec->auth_info->auth_level = auth_level,
296         sec->auth_info->auth_pad_length = 0;
297         sec->auth_info->auth_reserved = 0;
298         sec->auth_info->auth_context_id = random();
299         sec->auth_info->credentials = data_blob(NULL, 0);
300
301         /* The status value here, from GENSEC is vital to the security
302          * of the system.  Even if the other end accepts, if GENSEC
303          * claims 'MORE_PROCESSING_REQUIRED' then you must keep
304          * feeding it blobs, or else the remote host/attacker might
305          * avoid mutal authentication requirements.
306          *
307          * Likewise, you must not feed GENSEC too much (after the OK),
308          * it doesn't like that either
309          */
310
311         c->status = gensec_update(sec->generic_state, state,
312                                   sec->auth_info->credentials,
313                                   &state->credentials);
314         if (!NT_STATUS_IS_OK(c->status) &&
315             !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
316                 composite_error(c, c->status);
317                 return c;
318         }
319
320         state->more_processing = NT_STATUS_EQUAL(c->status,
321                                                  NT_STATUS_MORE_PROCESSING_REQUIRED);
322
323         if (state->credentials.length == 0) {
324                 composite_done(c);
325                 return c;
326         }
327
328         sec->auth_info->credentials = state->credentials;
329
330         /* The first request always is a dcerpc_bind. The subsequent ones
331          * depend on gensec results */
332         creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
333         if (composite_nomem(creq, c)) return c;
334
335         composite_continue(c, creq, bind_auth_recv_bindreply, c);
336         return c;
337 }
338
339
340 /**
341    Bind to a DCE/RPC pipe, receive result
342    @param creq A composite context describing state of async call
343    @retval NTSTATUS code
344 */
345
346 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
347 {
348         NTSTATUS result = composite_wait(creq);
349         struct bind_auth_state *state = talloc_get_type(creq->private_data,
350                                                         struct bind_auth_state);
351
352         if (NT_STATUS_IS_OK(result)) {
353                 /*
354                   after a successful authenticated bind the session
355                   key reverts to the generic session key
356                 */
357                 state->pipe->conn->security_state.session_key = dcerpc_generic_session_key;
358         }
359         
360         talloc_free(creq);
361         return result;
362 }
363
364
365 /**
366    Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
367    @param p The dcerpc_pipe to bind (must already be connected)
368    @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
369    @param credentials The credentials of the account to connect with 
370    @param auth_type Select the authentication scheme to use
371    @param auth_level Chooses between unprotected (connect), signed or sealed
372    @param service The service (used by Kerberos to select the service principal to contact)
373    @retval NTSTATUS status code
374 */
375
376 _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
377                           const struct ndr_interface_table *table,
378                           struct cli_credentials *credentials,
379                           struct loadparm_context *lp_ctx,
380                           uint8_t auth_type, uint8_t auth_level,
381                           const char *service)
382 {
383         struct composite_context *creq;
384         creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx,
385                                      auth_type, auth_level, service);
386         return dcerpc_bind_auth_recv(creq);
387 }