Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Authentication utility functions
4 : Copyright (C) Sumit Bose 2010
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "../librpc/gen_ndr/ndr_drsblobs.h"
22 : #include "../librpc/gen_ndr/ndr_lsa.h"
23 : #include "libcli/lsarpc/util_lsarpc.h"
24 :
25 0 : static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
26 : uint32_t count,
27 : struct AuthenticationInformationArray *ai,
28 : struct lsa_TrustDomainInfoBuffer **_b)
29 : {
30 : NTSTATUS status;
31 : struct lsa_TrustDomainInfoBuffer *b;
32 : int i;
33 :
34 0 : b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
35 0 : if (b == NULL) {
36 0 : return NT_STATUS_NO_MEMORY;
37 : }
38 :
39 0 : for(i = 0; i < count; i++) {
40 0 : size_t size = 0;
41 0 : b[i].last_update_time = ai->array[i].LastUpdateTime;
42 0 : b[i].AuthType = ai->array[i].AuthType;
43 0 : switch(ai->array[i].AuthType) {
44 0 : case TRUST_AUTH_TYPE_NONE:
45 0 : b[i].data.size = 0;
46 0 : b[i].data.data = NULL;
47 0 : break;
48 0 : case TRUST_AUTH_TYPE_NT4OWF:
49 0 : if (ai->array[i].AuthInfo.nt4owf.size != 16) {
50 0 : status = NT_STATUS_INVALID_PARAMETER;
51 0 : goto fail;
52 : }
53 0 : b[i].data.data = (uint8_t *)talloc_memdup(b,
54 : &ai->array[i].AuthInfo.nt4owf.password.hash,
55 : 16);
56 0 : if (b[i].data.data == NULL) {
57 0 : status = NT_STATUS_NO_MEMORY;
58 0 : goto fail;
59 : }
60 0 : break;
61 0 : case TRUST_AUTH_TYPE_CLEAR:
62 0 : if (!convert_string_talloc(b,
63 : CH_UTF16LE, CH_UNIX,
64 0 : ai->array[i].AuthInfo.clear.password,
65 0 : ai->array[i].AuthInfo.clear.size,
66 0 : &b[i].data.data,
67 : &size)) {
68 0 : status = NT_STATUS_INVALID_PARAMETER;
69 0 : goto fail;
70 : }
71 0 : b[i].data.size = size;
72 0 : break;
73 0 : case TRUST_AUTH_TYPE_VERSION:
74 0 : if (ai->array[i].AuthInfo.version.size != 4) {
75 0 : status = NT_STATUS_INVALID_PARAMETER;
76 0 : goto fail;
77 : }
78 0 : b[i].data.size = 4;
79 0 : b[i].data.data = (uint8_t *)talloc_memdup(b,
80 : &ai->array[i].AuthInfo.version.version, 4);
81 0 : if (b[i].data.data == NULL) {
82 0 : status = NT_STATUS_NO_MEMORY;
83 0 : goto fail;
84 : }
85 0 : break;
86 0 : default:
87 0 : status = NT_STATUS_INVALID_PARAMETER;
88 0 : goto fail;
89 : }
90 : }
91 :
92 0 : *_b = b;
93 :
94 0 : return NT_STATUS_OK;
95 :
96 0 : fail:
97 0 : talloc_free(b);
98 0 : return status;
99 : }
100 :
101 0 : static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
102 : DATA_BLOB *inout_blob,
103 : uint32_t *count,
104 : struct lsa_TrustDomainInfoBuffer **current,
105 : struct lsa_TrustDomainInfoBuffer **previous)
106 : {
107 : NTSTATUS status;
108 : struct trustAuthInOutBlob iopw;
109 : enum ndr_err_code ndr_err;
110 : TALLOC_CTX *tmp_ctx;
111 :
112 0 : tmp_ctx = talloc_new(mem_ctx);
113 0 : if (tmp_ctx == NULL) {
114 0 : return NT_STATUS_NO_MEMORY;
115 : }
116 :
117 0 : ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
118 : (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
119 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
120 0 : status = NT_STATUS_INVALID_PARAMETER;
121 0 : goto done;
122 : }
123 :
124 0 : *count = iopw.count;
125 :
126 0 : status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
127 : &iopw.current, current);
128 0 : if (!NT_STATUS_IS_OK(status)) {
129 0 : goto done;
130 : }
131 :
132 0 : if (iopw.previous.count > 0) {
133 0 : status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
134 : &iopw.previous, previous);
135 0 : if (!NT_STATUS_IS_OK(status)) {
136 0 : goto done;
137 : }
138 : } else {
139 0 : *previous = NULL;
140 : }
141 :
142 0 : status = NT_STATUS_OK;
143 :
144 0 : done:
145 0 : talloc_free(tmp_ctx);
146 0 : return status;
147 : }
148 :
149 0 : NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
150 : DATA_BLOB incoming, DATA_BLOB outgoing,
151 : struct lsa_TrustDomainInfoAuthInfo *auth_info)
152 : {
153 : NTSTATUS status;
154 :
155 0 : if (incoming.length != 0) {
156 0 : status = trustauth_inout_blob_2_auth_info(mem_ctx,
157 : &incoming,
158 : &auth_info->incoming_count,
159 : &auth_info->incoming_current_auth_info,
160 : &auth_info->incoming_previous_auth_info);
161 0 : if (!NT_STATUS_IS_OK(status)) {
162 0 : return status;
163 : }
164 : } else {
165 0 : auth_info->incoming_count = 0;
166 0 : auth_info->incoming_current_auth_info = NULL;
167 0 : auth_info->incoming_previous_auth_info = NULL;
168 : }
169 :
170 0 : if (outgoing.length != 0) {
171 0 : status = trustauth_inout_blob_2_auth_info(mem_ctx,
172 : &outgoing,
173 : &auth_info->outgoing_count,
174 : &auth_info->outgoing_current_auth_info,
175 : &auth_info->outgoing_previous_auth_info);
176 0 : if (!NT_STATUS_IS_OK(status)) {
177 0 : return status;
178 : }
179 : } else {
180 0 : auth_info->outgoing_count = 0;
181 0 : auth_info->outgoing_current_auth_info = NULL;
182 0 : auth_info->outgoing_previous_auth_info = NULL;
183 : }
184 :
185 0 : return NT_STATUS_OK;
186 : }
187 :
188 0 : static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
189 : uint32_t count,
190 : struct lsa_TrustDomainInfoBuffer *b,
191 : struct AuthenticationInformationArray *ai)
192 : {
193 : NTSTATUS status;
194 : int i;
195 :
196 0 : ai->count = count;
197 0 : ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
198 : count);
199 0 : if (ai->array == NULL) {
200 0 : return NT_STATUS_NO_MEMORY;
201 : }
202 :
203 0 : for(i = 0; i < count; i++) {
204 0 : size_t size = 0;
205 0 : ai->array[i].LastUpdateTime = b[i].last_update_time;
206 0 : ai->array[i].AuthType = b[i].AuthType;
207 0 : switch(ai->array[i].AuthType) {
208 0 : case TRUST_AUTH_TYPE_NONE:
209 0 : ai->array[i].AuthInfo.none.size = 0;
210 0 : break;
211 0 : case TRUST_AUTH_TYPE_NT4OWF:
212 0 : if (b[i].data.size != 16) {
213 0 : status = NT_STATUS_INVALID_PARAMETER;
214 0 : goto fail;
215 : }
216 0 : memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
217 0 : b[i].data.data, 16);
218 0 : break;
219 0 : case TRUST_AUTH_TYPE_CLEAR:
220 0 : if (!convert_string_talloc(ai->array,
221 : CH_UNIX, CH_UTF16,
222 0 : b[i].data.data,
223 0 : b[i].data.size,
224 0 : &ai->array[i].AuthInfo.clear.password,
225 : &size)) {
226 0 : status = NT_STATUS_INVALID_PARAMETER;
227 0 : goto fail;
228 : }
229 0 : ai->array[i].AuthInfo.clear.size = size;
230 0 : break;
231 0 : case TRUST_AUTH_TYPE_VERSION:
232 0 : if (b[i].data.size != 4) {
233 0 : status = NT_STATUS_INVALID_PARAMETER;
234 0 : goto fail;
235 : }
236 0 : ai->array[i].AuthInfo.version.size = 4;
237 0 : memcpy(&ai->array[i].AuthInfo.version.version,
238 0 : b[i].data.data, 4);
239 0 : break;
240 0 : default:
241 0 : status = NT_STATUS_INVALID_PARAMETER;
242 0 : goto fail;
243 : }
244 : }
245 :
246 0 : return NT_STATUS_OK;
247 :
248 0 : fail:
249 0 : talloc_free(ai->array);
250 0 : return status;
251 : }
252 :
253 0 : NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
254 : uint32_t count,
255 : struct lsa_TrustDomainInfoBuffer *current,
256 : struct lsa_TrustDomainInfoBuffer *previous,
257 : struct trustAuthInOutBlob **iopw_out)
258 : {
259 : NTSTATUS status;
260 : struct trustAuthInOutBlob *iopw;
261 :
262 0 : iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
263 0 : if (iopw == NULL) {
264 0 : return NT_STATUS_NO_MEMORY;
265 : }
266 :
267 0 : iopw->count = count;
268 0 : status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
269 : &iopw->current);
270 0 : if (!NT_STATUS_IS_OK(status)) {
271 0 : goto done;
272 : }
273 :
274 0 : if (previous != NULL) {
275 0 : status = trust_domain_info_buffer_2_ai_array(iopw, count,
276 : previous,
277 : &iopw->previous);
278 0 : if (!NT_STATUS_IS_OK(status)) {
279 0 : goto done;
280 : }
281 : } else {
282 0 : iopw->previous.count = 0;
283 0 : iopw->previous.array = NULL;
284 : }
285 :
286 0 : *iopw_out = iopw;
287 :
288 0 : status = NT_STATUS_OK;
289 :
290 0 : done:
291 0 : return status;
292 : }
293 :
294 0 : static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
295 : uint32_t count,
296 : struct lsa_TrustDomainInfoBuffer *current,
297 : struct lsa_TrustDomainInfoBuffer *previous,
298 : DATA_BLOB *inout_blob)
299 : {
300 : NTSTATUS status;
301 0 : struct trustAuthInOutBlob *iopw = NULL;
302 : enum ndr_err_code ndr_err;
303 :
304 0 : status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
305 :
306 0 : if (!NT_STATUS_IS_OK(status)) {
307 0 : goto done;
308 : }
309 :
310 0 : ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
311 : iopw,
312 : (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
313 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
314 0 : return NT_STATUS_INVALID_PARAMETER;
315 : }
316 :
317 0 : status = NT_STATUS_OK;
318 :
319 0 : done:
320 0 : talloc_free(iopw);
321 0 : return status;
322 : }
323 :
324 3 : NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
325 : struct lsa_TrustDomainInfoAuthInfo *auth_info,
326 : DATA_BLOB *incoming, DATA_BLOB *outgoing)
327 : {
328 : NTSTATUS status;
329 :
330 3 : if (auth_info->incoming_count == 0) {
331 3 : incoming->length = 0;
332 3 : incoming->data = NULL;
333 : } else {
334 0 : status = auth_info_2_trustauth_inout_blob(mem_ctx,
335 : auth_info->incoming_count,
336 : auth_info->incoming_current_auth_info,
337 : auth_info->incoming_previous_auth_info,
338 : incoming);
339 0 : if (!NT_STATUS_IS_OK(status)) {
340 0 : return status;
341 : }
342 : }
343 :
344 3 : if (auth_info->outgoing_count == 0) {
345 3 : outgoing->length = 0;
346 3 : outgoing->data = NULL;
347 : } else {
348 0 : status = auth_info_2_trustauth_inout_blob(mem_ctx,
349 : auth_info->outgoing_count,
350 : auth_info->outgoing_current_auth_info,
351 : auth_info->outgoing_previous_auth_info,
352 : outgoing);
353 0 : if (!NT_STATUS_IS_OK(status)) {
354 0 : return status;
355 : }
356 : }
357 :
358 3 : return NT_STATUS_OK;
359 : }
|
