Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Authentication utility functions
4 : Copyright (C) Sumit Bose 2010
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "../librpc/gen_ndr/ndr_drsblobs.h"
22 : #include "../librpc/gen_ndr/ndr_lsa.h"
23 : #include "libcli/lsarpc/util_lsarpc.h"
24 :
25 8 : static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
26 : uint32_t count,
27 : struct AuthenticationInformationArray *ai,
28 : struct lsa_TrustDomainInfoBuffer **_b)
29 : {
30 8 : NTSTATUS status;
31 8 : struct lsa_TrustDomainInfoBuffer *b;
32 8 : int i;
33 :
34 8 : b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
35 8 : if (b == NULL) {
36 0 : return NT_STATUS_NO_MEMORY;
37 : }
38 :
39 20 : for(i = 0; i < count; i++) {
40 12 : size_t size = 0;
41 12 : b[i].last_update_time = ai->array[i].LastUpdateTime;
42 12 : b[i].AuthType = ai->array[i].AuthType;
43 12 : switch(ai->array[i].AuthType) {
44 0 : case TRUST_AUTH_TYPE_NONE:
45 0 : b[i].data.size = 0;
46 0 : b[i].data.data = NULL;
47 0 : break;
48 0 : case TRUST_AUTH_TYPE_NT4OWF:
49 0 : if (ai->array[i].AuthInfo.nt4owf.size != 16) {
50 0 : status = NT_STATUS_INVALID_PARAMETER;
51 0 : goto fail;
52 : }
53 0 : b[i].data.data = (uint8_t *)talloc_memdup(b,
54 : &ai->array[i].AuthInfo.nt4owf.password.hash,
55 : 16);
56 0 : if (b[i].data.data == NULL) {
57 0 : status = NT_STATUS_NO_MEMORY;
58 0 : goto fail;
59 : }
60 0 : break;
61 8 : case TRUST_AUTH_TYPE_CLEAR:
62 8 : if (!convert_string_talloc(b,
63 : CH_UTF16LE, CH_UNIX,
64 8 : ai->array[i].AuthInfo.clear.password,
65 8 : ai->array[i].AuthInfo.clear.size,
66 8 : &b[i].data.data,
67 : &size)) {
68 0 : status = NT_STATUS_INVALID_PARAMETER;
69 0 : goto fail;
70 : }
71 8 : b[i].data.size = size;
72 8 : break;
73 4 : case TRUST_AUTH_TYPE_VERSION:
74 4 : if (ai->array[i].AuthInfo.version.size != 4) {
75 0 : status = NT_STATUS_INVALID_PARAMETER;
76 0 : goto fail;
77 : }
78 4 : b[i].data.size = 4;
79 4 : b[i].data.data = (uint8_t *)talloc_memdup(b,
80 : &ai->array[i].AuthInfo.version.version, 4);
81 4 : if (b[i].data.data == NULL) {
82 0 : status = NT_STATUS_NO_MEMORY;
83 0 : goto fail;
84 : }
85 0 : break;
86 0 : default:
87 0 : status = NT_STATUS_INVALID_PARAMETER;
88 0 : goto fail;
89 : }
90 : }
91 :
92 8 : *_b = b;
93 :
94 8 : return NT_STATUS_OK;
95 :
96 0 : fail:
97 0 : talloc_free(b);
98 0 : return status;
99 : }
100 :
101 6 : static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
102 : DATA_BLOB *inout_blob,
103 : uint32_t *count,
104 : struct lsa_TrustDomainInfoBuffer **current,
105 : struct lsa_TrustDomainInfoBuffer **previous)
106 : {
107 6 : NTSTATUS status;
108 6 : struct trustAuthInOutBlob iopw;
109 6 : enum ndr_err_code ndr_err;
110 6 : TALLOC_CTX *tmp_ctx;
111 :
112 6 : tmp_ctx = talloc_new(mem_ctx);
113 6 : if (tmp_ctx == NULL) {
114 0 : return NT_STATUS_NO_MEMORY;
115 : }
116 :
117 6 : ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
118 : (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
119 6 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
120 0 : status = NT_STATUS_INVALID_PARAMETER;
121 0 : goto done;
122 : }
123 :
124 6 : *count = iopw.count;
125 :
126 6 : status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
127 : &iopw.current, current);
128 6 : if (!NT_STATUS_IS_OK(status)) {
129 0 : goto done;
130 : }
131 :
132 6 : if (iopw.previous.count > 0) {
133 2 : status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
134 : &iopw.previous, previous);
135 2 : if (!NT_STATUS_IS_OK(status)) {
136 0 : goto done;
137 : }
138 : } else {
139 4 : *previous = NULL;
140 : }
141 :
142 0 : status = NT_STATUS_OK;
143 :
144 6 : done:
145 6 : talloc_free(tmp_ctx);
146 6 : return status;
147 : }
148 :
149 5 : NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
150 : DATA_BLOB incoming, DATA_BLOB outgoing,
151 : struct lsa_TrustDomainInfoAuthInfo *auth_info)
152 : {
153 5 : NTSTATUS status;
154 :
155 5 : if (incoming.length != 0) {
156 3 : status = trustauth_inout_blob_2_auth_info(mem_ctx,
157 : &incoming,
158 : &auth_info->incoming_count,
159 : &auth_info->incoming_current_auth_info,
160 : &auth_info->incoming_previous_auth_info);
161 3 : if (!NT_STATUS_IS_OK(status)) {
162 0 : return status;
163 : }
164 : } else {
165 2 : auth_info->incoming_count = 0;
166 2 : auth_info->incoming_current_auth_info = NULL;
167 2 : auth_info->incoming_previous_auth_info = NULL;
168 : }
169 :
170 5 : if (outgoing.length != 0) {
171 3 : status = trustauth_inout_blob_2_auth_info(mem_ctx,
172 : &outgoing,
173 : &auth_info->outgoing_count,
174 : &auth_info->outgoing_current_auth_info,
175 : &auth_info->outgoing_previous_auth_info);
176 3 : if (!NT_STATUS_IS_OK(status)) {
177 0 : return status;
178 : }
179 : } else {
180 2 : auth_info->outgoing_count = 0;
181 2 : auth_info->outgoing_current_auth_info = NULL;
182 2 : auth_info->outgoing_previous_auth_info = NULL;
183 : }
184 :
185 5 : return NT_STATUS_OK;
186 : }
187 :
188 8 : static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
189 : uint32_t count,
190 : struct lsa_TrustDomainInfoBuffer *b,
191 : struct AuthenticationInformationArray *ai)
192 : {
193 8 : NTSTATUS status;
194 8 : int i;
195 :
196 8 : ai->count = count;
197 8 : ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
198 : count);
199 8 : if (ai->array == NULL) {
200 0 : return NT_STATUS_NO_MEMORY;
201 : }
202 :
203 20 : for(i = 0; i < count; i++) {
204 12 : size_t size = 0;
205 12 : ai->array[i].LastUpdateTime = b[i].last_update_time;
206 12 : ai->array[i].AuthType = b[i].AuthType;
207 12 : switch(ai->array[i].AuthType) {
208 0 : case TRUST_AUTH_TYPE_NONE:
209 0 : ai->array[i].AuthInfo.none.size = 0;
210 0 : break;
211 0 : case TRUST_AUTH_TYPE_NT4OWF:
212 0 : if (b[i].data.size != 16) {
213 0 : status = NT_STATUS_INVALID_PARAMETER;
214 0 : goto fail;
215 : }
216 12 : memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
217 0 : b[i].data.data, 16);
218 0 : break;
219 8 : case TRUST_AUTH_TYPE_CLEAR:
220 8 : if (!convert_string_talloc(ai->array,
221 : CH_UNIX, CH_UTF16,
222 8 : b[i].data.data,
223 8 : b[i].data.size,
224 8 : &ai->array[i].AuthInfo.clear.password,
225 : &size)) {
226 0 : status = NT_STATUS_INVALID_PARAMETER;
227 0 : goto fail;
228 : }
229 8 : ai->array[i].AuthInfo.clear.size = size;
230 8 : break;
231 4 : case TRUST_AUTH_TYPE_VERSION:
232 4 : if (b[i].data.size != 4) {
233 0 : status = NT_STATUS_INVALID_PARAMETER;
234 0 : goto fail;
235 : }
236 4 : ai->array[i].AuthInfo.version.size = 4;
237 12 : memcpy(&ai->array[i].AuthInfo.version.version,
238 4 : b[i].data.data, 4);
239 0 : break;
240 0 : default:
241 0 : status = NT_STATUS_INVALID_PARAMETER;
242 0 : goto fail;
243 : }
244 : }
245 :
246 8 : return NT_STATUS_OK;
247 :
248 0 : fail:
249 0 : talloc_free(ai->array);
250 0 : return status;
251 : }
252 :
253 6 : NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
254 : uint32_t count,
255 : struct lsa_TrustDomainInfoBuffer *current,
256 : struct lsa_TrustDomainInfoBuffer *previous,
257 : struct trustAuthInOutBlob **iopw_out)
258 : {
259 6 : NTSTATUS status;
260 6 : struct trustAuthInOutBlob *iopw;
261 :
262 6 : iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
263 6 : if (iopw == NULL) {
264 0 : return NT_STATUS_NO_MEMORY;
265 : }
266 :
267 6 : iopw->count = count;
268 6 : status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
269 : &iopw->current);
270 6 : if (!NT_STATUS_IS_OK(status)) {
271 0 : goto done;
272 : }
273 :
274 6 : if (previous != NULL) {
275 2 : status = trust_domain_info_buffer_2_ai_array(iopw, count,
276 : previous,
277 : &iopw->previous);
278 2 : if (!NT_STATUS_IS_OK(status)) {
279 0 : goto done;
280 : }
281 : } else {
282 4 : iopw->previous.count = 0;
283 4 : iopw->previous.array = NULL;
284 : }
285 :
286 6 : *iopw_out = iopw;
287 :
288 6 : status = NT_STATUS_OK;
289 :
290 6 : done:
291 6 : return status;
292 : }
293 :
294 6 : static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
295 : uint32_t count,
296 : struct lsa_TrustDomainInfoBuffer *current,
297 : struct lsa_TrustDomainInfoBuffer *previous,
298 : DATA_BLOB *inout_blob)
299 : {
300 6 : NTSTATUS status;
301 6 : struct trustAuthInOutBlob *iopw = NULL;
302 6 : enum ndr_err_code ndr_err;
303 :
304 6 : status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
305 :
306 6 : if (!NT_STATUS_IS_OK(status)) {
307 0 : goto done;
308 : }
309 :
310 6 : ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
311 : iopw,
312 : (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
313 6 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
314 0 : return NT_STATUS_INVALID_PARAMETER;
315 : }
316 :
317 0 : status = NT_STATUS_OK;
318 :
319 6 : done:
320 6 : talloc_free(iopw);
321 6 : return status;
322 : }
323 :
324 8 : NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
325 : struct lsa_TrustDomainInfoAuthInfo *auth_info,
326 : DATA_BLOB *incoming, DATA_BLOB *outgoing)
327 : {
328 5 : NTSTATUS status;
329 :
330 8 : if (auth_info->incoming_count == 0) {
331 5 : incoming->length = 0;
332 5 : incoming->data = NULL;
333 : } else {
334 3 : status = auth_info_2_trustauth_inout_blob(mem_ctx,
335 : auth_info->incoming_count,
336 : auth_info->incoming_current_auth_info,
337 : auth_info->incoming_previous_auth_info,
338 : incoming);
339 3 : if (!NT_STATUS_IS_OK(status)) {
340 0 : return status;
341 : }
342 : }
343 :
344 8 : if (auth_info->outgoing_count == 0) {
345 5 : outgoing->length = 0;
346 5 : outgoing->data = NULL;
347 : } else {
348 3 : status = auth_info_2_trustauth_inout_blob(mem_ctx,
349 : auth_info->outgoing_count,
350 : auth_info->outgoing_current_auth_info,
351 : auth_info->outgoing_previous_auth_info,
352 : outgoing);
353 3 : if (!NT_STATUS_IS_OK(status)) {
354 0 : return status;
355 : }
356 : }
357 :
358 8 : return NT_STATUS_OK;
359 : }
|
