diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 82 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 5 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 88 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_ntlm.c | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_spnego.c | 2 |
6 files changed, 170 insertions, 11 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 8afc556528..f7c0100f47 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -334,7 +334,9 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, struct dcerpc_packet pkt; NTSTATUS status; DATA_BLOB blob; - struct dcerpc_syntax_id tsyntax; + + p->syntax = *syntax; + p->transfer_syntax = *transfer_syntax; init_dcerpc_hdr(p, &pkt); @@ -353,9 +355,8 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, } pkt.u.bind.ctx_list[0].context_id = 0; pkt.u.bind.ctx_list[0].num_transfer_syntaxes = 1; - pkt.u.bind.ctx_list[0].abstract_syntax = *syntax; - tsyntax = *transfer_syntax; - pkt.u.bind.ctx_list[0].transfer_syntaxes = &tsyntax; + pkt.u.bind.ctx_list[0].abstract_syntax = p->syntax; + pkt.u.bind.ctx_list[0].transfer_syntaxes = &p->transfer_syntax; pkt.u.bind.auth_info = data_blob(NULL, 0); /* construct the NDR form of the packet */ @@ -376,13 +377,13 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, return status; } - if ((pkt.ptype != DCERPC_PKT_BIND_ACK && pkt.ptype != DCERPC_PKT_ALTER_ACK) || + if ((pkt.ptype != DCERPC_PKT_BIND_ACK) || pkt.u.bind_ack.num_results == 0 || pkt.u.bind_ack.ctx_list[0].result != 0) { status = NT_STATUS_UNSUCCESSFUL; } - if (pkt.ptype != DCERPC_PKT_ALTER_ACK) { + if (pkt.ptype == DCERPC_PKT_BIND_ACK) { p->srv_max_xmit_frag = pkt.u.bind_ack.max_xmit_frag; p->srv_max_recv_frag = pkt.u.bind_ack.max_recv_frag; } @@ -399,6 +400,75 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, } /* + perform a alter context using the given syntax + + the auth_info structure is updated with the reply authentication info + on success +*/ +NTSTATUS dcerpc_alter(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx) +{ + struct dcerpc_packet pkt; + NTSTATUS status; + DATA_BLOB blob; + + init_dcerpc_hdr(p, &pkt); + + pkt.ptype = DCERPC_PKT_ALTER; + pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; + pkt.call_id = p->call_id; + pkt.auth_length = 0; + + pkt.u.alter.max_xmit_frag = 0x2000; + pkt.u.alter.max_recv_frag = 0x2000; + pkt.u.alter.assoc_group_id = 0; + pkt.u.alter.num_contexts = 1; + pkt.u.alter.ctx_list = talloc(mem_ctx, sizeof(pkt.u.alter.ctx_list[0])); + if (!pkt.u.alter.ctx_list) { + return NT_STATUS_NO_MEMORY; + } + pkt.u.alter.ctx_list[0].context_id = 0; + pkt.u.alter.ctx_list[0].num_transfer_syntaxes = 1; + pkt.u.alter.ctx_list[0].abstract_syntax = p->syntax; + pkt.u.alter.ctx_list[0].transfer_syntaxes = &p->transfer_syntax; + pkt.u.alter.auth_info = data_blob(NULL, 0); + + /* construct the NDR form of the packet */ + status = dcerpc_push_auth(&blob, mem_ctx, &pkt, p->security_state.auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* send it on its way */ + status = p->transport.full_request(p, mem_ctx, &blob, &blob); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* unmarshall the NDR */ + status = dcerpc_pull(&blob, mem_ctx, &pkt); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) || + pkt.u.alter_ack.num_results == 0 || + pkt.u.alter_ack.ctx_list[0].result != 0) { + status = NT_STATUS_UNSUCCESSFUL; + } + + /* the bind_ack might contain a reply set of credentials */ + if (p->security_state.auth_info && pkt.u.alter_ack.auth_info.length) { + status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info, + mem_ctx, + p->security_state.auth_info, + (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); + } + + return status; +} + +/* perform a continued bind (and auth3) */ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p, diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 4f50b261e2..db7552278a 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -40,7 +40,10 @@ struct dcerpc_pipe { uint_t flags; struct dcerpc_security security_state; const char *binding_string; - + + struct dcerpc_syntax_id syntax; + struct dcerpc_syntax_id transfer_syntax; + struct dcerpc_transport { enum dcerpc_transport_t transport; void *private; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 92f1a88485..43b2212d60 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -44,7 +44,7 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p, return status; } -NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type, +NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, const char *uuid, uint_t version) { NTSTATUS status; @@ -126,4 +126,90 @@ done: return status; } +NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, + const char *uuid, uint_t version) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + DATA_BLOB credentials; + DATA_BLOB null_data_blob = data_blob(NULL, 0); + + mem_ctx = talloc_init("dcerpc_bind_auth"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + + if (!p->security_state.generic_state) { + status = gensec_client_start(&p->security_state.generic_state); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info)); + if (!p->security_state.auth_info) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + p->security_state.auth_info->auth_type = auth_type; + p->security_state.auth_info->auth_pad_length = 0; + p->security_state.auth_info->auth_reserved = 0; + p->security_state.auth_info->auth_context_id = random(); + p->security_state.auth_info->credentials = null_data_blob; + + if (p->flags & DCERPC_SEAL) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + } else if (p->flags & DCERPC_SIGN) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + } else { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; + } + + status = gensec_update(p->security_state.generic_state, mem_ctx, + null_data_blob, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + while(1) { + status = gensec_update(p->security_state.generic_state, mem_ctx, + p->security_state.auth_info->credentials, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_alter(p, mem_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + +done: + talloc_destroy(mem_ctx); + + if (!NT_STATUS_IS_OK(status)) { + ZERO_STRUCT(p->security_state); + } + + return status; +} diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c index 0f02669eb1..1f8dbc993e 100644 --- a/source4/librpc/rpc/dcerpc_ntlm.c +++ b/source4/librpc/rpc/dcerpc_ntlm.c @@ -67,7 +67,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, return status; } - status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_NTLMSSP, + status = dcerpc_bind_auth3(p, DCERPC_AUTH_TYPE_NTLMSSP, uuid, version); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index ffe60b1bae..73d27cdfa9 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -476,7 +476,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, return status; } - status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_SCHANNEL, + status = dcerpc_bind_auth3(p, DCERPC_AUTH_TYPE_SCHANNEL, uuid, version); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c index 141ea787e7..37f2c75b65 100644 --- a/source4/librpc/rpc/dcerpc_spnego.c +++ b/source4/librpc/rpc/dcerpc_spnego.c @@ -67,7 +67,7 @@ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p, return status; } - status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_SPNEGO, + status = dcerpc_bind_alter(p, DCERPC_AUTH_TYPE_SPNEGO, uuid, version); if (!NT_STATUS_IS_OK(status)) { |