From b119ebeab0699910f717384591903651d0621886 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 9 Jul 2004 12:26:34 +0000
Subject: r1419: spnego inside of dcerpc using alter_context/alter_context_resp
 instead of auth3

metze
(This used to be commit 19b0567ee533744a0f2778bf8549636a25d96526)
---
 source4/librpc/rpc/dcerpc.c          | 82 ++++++++++++++++++++++++++++++---
 source4/librpc/rpc/dcerpc.h          |  5 +-
 source4/librpc/rpc/dcerpc_auth.c     | 88 +++++++++++++++++++++++++++++++++++-
 source4/librpc/rpc/dcerpc_ntlm.c     |  2 +-
 source4/librpc/rpc/dcerpc_schannel.c |  2 +-
 source4/librpc/rpc/dcerpc_spnego.c   |  2 +-
 6 files changed, 170 insertions(+), 11 deletions(-)

(limited to 'source4/librpc')

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 8afc556528..f7c0100f47 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -334,7 +334,9 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
 	struct dcerpc_packet pkt;
 	NTSTATUS status;
 	DATA_BLOB blob;
-	struct dcerpc_syntax_id tsyntax;
+
+	p->syntax = *syntax;
+	p->transfer_syntax = *transfer_syntax;
 
 	init_dcerpc_hdr(p, &pkt);
 
@@ -353,9 +355,8 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
 	}
 	pkt.u.bind.ctx_list[0].context_id = 0;
 	pkt.u.bind.ctx_list[0].num_transfer_syntaxes = 1;
-	pkt.u.bind.ctx_list[0].abstract_syntax = *syntax;
-	tsyntax = *transfer_syntax;
-	pkt.u.bind.ctx_list[0].transfer_syntaxes = &tsyntax;
+	pkt.u.bind.ctx_list[0].abstract_syntax = p->syntax;
+	pkt.u.bind.ctx_list[0].transfer_syntaxes = &p->transfer_syntax;
 	pkt.u.bind.auth_info = data_blob(NULL, 0);
 
 	/* construct the NDR form of the packet */
@@ -376,13 +377,13 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
 		return status;
 	}
 
-	if ((pkt.ptype != DCERPC_PKT_BIND_ACK && pkt.ptype != DCERPC_PKT_ALTER_ACK) ||
+	if ((pkt.ptype != DCERPC_PKT_BIND_ACK) ||
 	    pkt.u.bind_ack.num_results == 0 ||
 	    pkt.u.bind_ack.ctx_list[0].result != 0) {
 		status = NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if (pkt.ptype != DCERPC_PKT_ALTER_ACK) {
+	if (pkt.ptype == DCERPC_PKT_BIND_ACK) {
 		p->srv_max_xmit_frag = pkt.u.bind_ack.max_xmit_frag;
 		p->srv_max_recv_frag = pkt.u.bind_ack.max_recv_frag;
 	}
@@ -398,6 +399,75 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
 	return status;	
 }
 
+/* 
+   perform a alter context using the given syntax 
+
+   the auth_info structure is updated with the reply authentication info
+   on success
+*/
+NTSTATUS dcerpc_alter(struct dcerpc_pipe *p, 
+		     TALLOC_CTX *mem_ctx)
+{
+	struct dcerpc_packet pkt;
+	NTSTATUS status;
+	DATA_BLOB blob;
+
+	init_dcerpc_hdr(p, &pkt);
+
+	pkt.ptype = DCERPC_PKT_ALTER;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
+	pkt.call_id = p->call_id;
+	pkt.auth_length = 0;
+
+	pkt.u.alter.max_xmit_frag = 0x2000;
+	pkt.u.alter.max_recv_frag = 0x2000;
+	pkt.u.alter.assoc_group_id = 0;
+	pkt.u.alter.num_contexts = 1;
+	pkt.u.alter.ctx_list = talloc(mem_ctx, sizeof(pkt.u.alter.ctx_list[0]));
+	if (!pkt.u.alter.ctx_list) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	pkt.u.alter.ctx_list[0].context_id = 0;
+	pkt.u.alter.ctx_list[0].num_transfer_syntaxes = 1;
+	pkt.u.alter.ctx_list[0].abstract_syntax = p->syntax;
+	pkt.u.alter.ctx_list[0].transfer_syntaxes = &p->transfer_syntax;
+	pkt.u.alter.auth_info = data_blob(NULL, 0);
+
+	/* construct the NDR form of the packet */
+	status = dcerpc_push_auth(&blob, mem_ctx, &pkt, p->security_state.auth_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* send it on its way */
+	status = p->transport.full_request(p, mem_ctx, &blob, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* unmarshall the NDR */
+	status = dcerpc_pull(&blob, mem_ctx, &pkt);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) ||
+	    pkt.u.alter_ack.num_results == 0 ||
+	    pkt.u.alter_ack.ctx_list[0].result != 0) {
+		status = NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* the bind_ack might contain a reply set of credentials */
+	if (p->security_state.auth_info && pkt.u.alter_ack.auth_info.length) {
+		status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info,
+					      mem_ctx,
+					      p->security_state.auth_info,
+					      (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
+	}
+
+	return status;	
+}
+
 /* 
    perform a continued bind (and auth3)
 */
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 4f50b261e2..db7552278a 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -40,7 +40,10 @@ struct dcerpc_pipe {
 	uint_t flags;
 	struct dcerpc_security security_state;
 	const char *binding_string;
-	
+
+	struct dcerpc_syntax_id syntax;
+	struct dcerpc_syntax_id transfer_syntax;
+
 	struct dcerpc_transport {
 		enum dcerpc_transport_t transport;
 		void *private;
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 92f1a88485..43b2212d60 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -44,7 +44,7 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
 	return status;
 }
 
-NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type,
+NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type,
 			  const char *uuid, uint_t version)
 {
 	NTSTATUS status;
@@ -126,4 +126,90 @@ done:
 	return status;
 }
 
+NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type,
+			  const char *uuid, uint_t version)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB credentials;
+	DATA_BLOB null_data_blob = data_blob(NULL, 0);
+
+	mem_ctx = talloc_init("dcerpc_bind_auth");
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	if (!p->security_state.generic_state) {
+		status = gensec_client_start(&p->security_state.generic_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
+	if (!p->security_state.auth_info) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	p->security_state.auth_info->auth_type = auth_type;
+	p->security_state.auth_info->auth_pad_length = 0;
+	p->security_state.auth_info->auth_reserved = 0;
+	p->security_state.auth_info->auth_context_id = random();
+	p->security_state.auth_info->credentials = null_data_blob;
+
+	if (p->flags & DCERPC_SEAL) {
+		p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
+	} else if (p->flags & DCERPC_SIGN) {
+		p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+	} else {
+		p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
+	}
+
+	status = gensec_update(p->security_state.generic_state, mem_ctx,
+			       null_data_blob,
+			       &credentials);
+	
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		goto done;
+	}
+
+	p->security_state.auth_info->credentials = credentials;
+
+	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
 
+	while(1) {
+		status = gensec_update(p->security_state.generic_state, mem_ctx,
+			       p->security_state.auth_info->credentials,
+			       &credentials);
+
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			goto done;
+		}
+
+		p->security_state.auth_info->credentials = credentials;
+
+		status = dcerpc_alter(p, mem_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+	}
+
+done:
+	talloc_destroy(mem_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCT(p->security_state);
+	}
+
+	return status;
+}
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index 0f02669eb1..1f8dbc993e 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -67,7 +67,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 		return status;
 	}
 	
-	status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_NTLMSSP,
+	status = dcerpc_bind_auth3(p, DCERPC_AUTH_TYPE_NTLMSSP,
 				  uuid, version);
 
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index ffe60b1bae..73d27cdfa9 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -476,7 +476,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
 		return status;
 	}
 
-	status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_SCHANNEL,
+	status = dcerpc_bind_auth3(p, DCERPC_AUTH_TYPE_SCHANNEL,
 				  uuid, version);
 
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c
index 141ea787e7..37f2c75b65 100644
--- a/source4/librpc/rpc/dcerpc_spnego.c
+++ b/source4/librpc/rpc/dcerpc_spnego.c
@@ -67,7 +67,7 @@ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
 		return status;
 	}
 	
-	status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_SPNEGO,
+	status = dcerpc_bind_alter(p, DCERPC_AUTH_TYPE_SPNEGO,
 				  uuid, version);
 
 	if (!NT_STATUS_IS_OK(status)) {
-- 
cgit