2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "libcli/composite/composite.h"
29 do a non-athenticated dcerpc bind
32 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
33 struct dcerpc_pipe *p,
37 struct dcerpc_syntax_id syntax;
38 struct dcerpc_syntax_id transfer_syntax;
40 struct composite_context *c;
42 c = talloc_zero(mem_ctx, struct composite_context);
43 if (c == NULL) return NULL;
45 c->status = dcerpc_init_syntaxes(uuid, version,
46 &syntax, &transfer_syntax);
47 if (!NT_STATUS_IS_OK(c->status)) {
48 DEBUG(2,("Invalid uuid string in "
49 "dcerpc_bind_auth_none_send\n"));
50 composite_trigger_error(c);
54 /* c was only allocated as a container for a possible error */
57 return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
60 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
62 return dcerpc_bind_recv(ctx);
65 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
66 const char *uuid, uint_t version)
68 struct composite_context *ctx;
69 ctx = dcerpc_bind_auth_none_send(p, p, uuid, version);
70 return dcerpc_bind_auth_none_recv(ctx);
73 struct bind_auth_state {
74 struct dcerpc_pipe *pipe;
75 DATA_BLOB credentials;
79 static void bind_auth_recv_alter(struct composite_context *creq);
81 static void bind_auth_next_step(struct composite_context *c)
83 struct bind_auth_state *state =
84 talloc_get_type(c->private_data, struct bind_auth_state);
85 struct dcerpc_security *sec = &state->pipe->conn->security_state;
86 struct composite_context *creq;
87 BOOL more_processing = False;
89 c->status = gensec_update(sec->generic_state, state,
90 sec->auth_info->credentials,
93 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
94 more_processing = True;
95 c->status = NT_STATUS_OK;
98 if (!composite_is_ok(c)) return;
100 if (state->credentials.length == 0) {
105 sec->auth_info->credentials = state->credentials;
107 if (!more_processing) {
108 /* NO reply expected, so just send it */
109 c->status = dcerpc_auth3(state->pipe->conn, state);
110 if (!composite_is_ok(c)) return;
115 creq = dcerpc_alter_context_send(state->pipe, state,
116 &state->pipe->syntax,
117 &state->pipe->transfer_syntax);
118 composite_continue(c, creq, bind_auth_recv_alter, c);
121 static void bind_auth_recv_alter(struct composite_context *creq)
123 struct composite_context *c =
124 talloc_get_type(creq->async.private_data,
125 struct composite_context);
127 c->status = dcerpc_alter_context_recv(creq);
128 if (!composite_is_ok(c)) return;
130 bind_auth_next_step(c);
133 static void bind_auth_recv_bindreply(struct composite_context *creq)
135 struct composite_context *c =
136 talloc_get_type(creq->async.private_data,
137 struct composite_context);
138 struct bind_auth_state *state =
139 talloc_get_type(c->private_data, struct bind_auth_state);
141 c->status = dcerpc_bind_recv(creq);
142 if (!composite_is_ok(c)) return;
144 if (!state->more_processing) {
149 bind_auth_next_step(c);
152 struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
153 struct dcerpc_pipe *p,
154 const char *uuid, uint_t version,
155 struct cli_credentials *credentials,
159 struct composite_context *c, *creq;
160 struct bind_auth_state *state;
161 struct dcerpc_security *sec;
163 struct dcerpc_syntax_id syntax, transfer_syntax;
165 c = talloc_zero(mem_ctx, struct composite_context);
166 if (c == NULL) return NULL;
168 state = talloc(c, struct bind_auth_state);
170 c->status = NT_STATUS_NO_MEMORY;
174 c->state = COMPOSITE_STATE_IN_PROGRESS;
175 c->private_data = state;
176 c->event_ctx = p->conn->event_ctx;
180 c->status = dcerpc_init_syntaxes(uuid, version,
183 if (!NT_STATUS_IS_OK(c->status)) goto failed;
185 sec = &p->conn->security_state;
187 c->status = gensec_client_start(p, &sec->generic_state,
189 if (!NT_STATUS_IS_OK(c->status)) {
190 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
191 nt_errstr(c->status)));
195 c->status = gensec_set_credentials(sec->generic_state, credentials);
196 if (!NT_STATUS_IS_OK(c->status)) {
197 DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
198 nt_errstr(c->status)));
202 c->status = gensec_set_target_hostname(
203 sec->generic_state, p->conn->transport.peer_name(p->conn));
204 if (!NT_STATUS_IS_OK(c->status)) {
205 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
206 nt_errstr(c->status)));
210 if (service != NULL) {
211 c->status = gensec_set_target_service(sec->generic_state,
213 if (!NT_STATUS_IS_OK(c->status)) {
214 DEBUG(1, ("Failed to set GENSEC target service: %s\n",
215 nt_errstr(c->status)));
220 c->status = gensec_start_mech_by_authtype(sec->generic_state,
222 dcerpc_auth_level(p->conn));
223 if (!NT_STATUS_IS_OK(c->status)) {
224 DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
225 gensec_get_name_by_authtype(auth_type),
226 nt_errstr(c->status)));
230 sec->auth_info = talloc(p, struct dcerpc_auth);
231 if (sec->auth_info == NULL) {
232 c->status = NT_STATUS_NO_MEMORY;
236 sec->auth_info->auth_type = auth_type;
237 sec->auth_info->auth_level = dcerpc_auth_level(p->conn);
238 sec->auth_info->auth_pad_length = 0;
239 sec->auth_info->auth_reserved = 0;
240 sec->auth_info->auth_context_id = random();
241 sec->auth_info->credentials = data_blob(NULL, 0);
243 c->status = gensec_update(sec->generic_state, state,
244 sec->auth_info->credentials,
245 &state->credentials);
246 if (!NT_STATUS_IS_OK(c->status) &&
247 !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
251 state->more_processing =
252 NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED);
254 if (state->credentials.length == 0) {
255 composite_trigger_done(c);
259 sec->auth_info->credentials = state->credentials;
261 creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
263 c->status = NT_STATUS_NO_MEMORY;
267 creq->async.fn = bind_auth_recv_bindreply;
268 creq->async.private_data = c;
272 composite_trigger_error(c);
276 NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
278 NTSTATUS result = composite_wait(creq);
284 setup GENSEC on a DCE-RPC pipe
286 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
287 const char *uuid, uint_t version,
288 struct cli_credentials *credentials,
292 struct composite_context *creq;
293 creq = dcerpc_bind_auth_send(p, p, uuid, version, credentials,
295 return dcerpc_bind_auth_recv(creq);