Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : tstream based generic authentication interface
5 :
6 : Copyright (c) 2010 Stefan Metzmacher
7 : Copyright (c) 2010 Andreas Schneider <asn@redhat.com>
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "system/network.h"
25 : #include "auth/gensec/gensec.h"
26 : #include "auth/gensec/gensec_proto.h"
27 : #include "auth/gensec/gensec_tstream.h"
28 : #include "lib/tsocket/tsocket.h"
29 : #include "lib/tsocket/tsocket_internal.h"
30 : #include "auth/gensec/gensec_toplevel_proto.h"
31 :
32 : static const struct tstream_context_ops tstream_gensec_ops;
33 :
34 : struct tstream_gensec {
35 : struct tstream_context *plain_stream;
36 :
37 : struct gensec_security *gensec_security;
38 :
39 : int error;
40 :
41 : struct {
42 : size_t max_unwrapped_size;
43 : size_t max_wrapped_size;
44 : } write;
45 :
46 : struct {
47 : off_t ofs;
48 : size_t left;
49 : DATA_BLOB unwrapped;
50 : } read;
51 : };
52 :
53 51079 : _PUBLIC_ NTSTATUS _gensec_create_tstream(TALLOC_CTX *mem_ctx,
54 : struct gensec_security *gensec_security,
55 : struct tstream_context *plain_stream,
56 : struct tstream_context **_gensec_stream,
57 : const char *location)
58 : {
59 244 : struct tstream_context *gensec_stream;
60 244 : struct tstream_gensec *tgss;
61 :
62 51079 : gensec_stream = tstream_context_create(mem_ctx,
63 : &tstream_gensec_ops,
64 : &tgss,
65 : struct tstream_gensec,
66 : location);
67 51079 : if (gensec_stream == NULL) {
68 0 : return NT_STATUS_NO_MEMORY;
69 : }
70 :
71 51079 : tgss->plain_stream = plain_stream;
72 51079 : tgss->gensec_security = gensec_security;
73 51079 : tgss->error = 0;
74 :
75 51079 : if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN) &&
76 0 : !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
77 0 : talloc_free(gensec_stream);
78 0 : return NT_STATUS_INVALID_PARAMETER;
79 : }
80 :
81 51079 : tgss->write.max_unwrapped_size = gensec_max_input_size(gensec_security);
82 51079 : tgss->write.max_wrapped_size = gensec_max_wrapped_size(gensec_security);
83 :
84 51079 : ZERO_STRUCT(tgss->read);
85 :
86 51079 : *_gensec_stream = gensec_stream;
87 51079 : return NT_STATUS_OK;
88 : }
89 :
90 104 : static ssize_t tstream_gensec_pending_bytes(struct tstream_context *stream)
91 : {
92 0 : struct tstream_gensec *tgss =
93 104 : tstream_context_data(stream,
94 : struct tstream_gensec);
95 :
96 104 : if (tgss->error != 0) {
97 0 : errno = tgss->error;
98 0 : return -1;
99 : }
100 :
101 104 : return tgss->read.left;
102 : }
103 :
104 : struct tstream_gensec_readv_state {
105 : struct tevent_context *ev;
106 : struct tstream_context *stream;
107 :
108 : struct iovec *vector;
109 : int count;
110 :
111 : struct {
112 : bool asked_for_hdr;
113 : uint8_t hdr[4];
114 : bool asked_for_blob;
115 : DATA_BLOB blob;
116 : } wrapped;
117 :
118 : int ret;
119 : };
120 :
121 : static void tstream_gensec_readv_wrapped_next(struct tevent_req *req);
122 :
123 3672178 : static struct tevent_req *tstream_gensec_readv_send(TALLOC_CTX *mem_ctx,
124 : struct tevent_context *ev,
125 : struct tstream_context *stream,
126 : struct iovec *vector,
127 : size_t count)
128 : {
129 2552 : struct tstream_gensec *tgss =
130 3672178 : tstream_context_data(stream,
131 : struct tstream_gensec);
132 2552 : struct tevent_req *req;
133 2552 : struct tstream_gensec_readv_state *state;
134 :
135 3672178 : req = tevent_req_create(mem_ctx, &state,
136 : struct tstream_gensec_readv_state);
137 3672178 : if (!req) {
138 0 : return NULL;
139 : }
140 :
141 3672178 : if (tgss->error != 0) {
142 0 : tevent_req_error(req, tgss->error);
143 0 : return tevent_req_post(req, ev);
144 : }
145 :
146 3672178 : state->ev = ev;
147 3672178 : state->stream = stream;
148 3672178 : state->ret = 0;
149 :
150 : /*
151 : * we make a copy of the vector so we can change the structure
152 : */
153 3672178 : state->vector = talloc_array(state, struct iovec, count);
154 3672178 : if (tevent_req_nomem(state->vector, req)) {
155 0 : return tevent_req_post(req, ev);
156 : }
157 3672178 : memcpy(state->vector, vector, sizeof(struct iovec) * count);
158 3672178 : state->count = count;
159 :
160 3672178 : tstream_gensec_readv_wrapped_next(req);
161 3672178 : if (!tevent_req_is_in_progress(req)) {
162 2538934 : return tevent_req_post(req, ev);
163 : }
164 :
165 1132192 : return req;
166 : }
167 :
168 : static int tstream_gensec_readv_next_vector(struct tstream_context *unix_stream,
169 : void *private_data,
170 : TALLOC_CTX *mem_ctx,
171 : struct iovec **_vector,
172 : size_t *_count);
173 : static void tstream_gensec_readv_wrapped_done(struct tevent_req *subreq);
174 :
175 4805212 : static void tstream_gensec_readv_wrapped_next(struct tevent_req *req)
176 : {
177 3482 : struct tstream_gensec_readv_state *state =
178 4805212 : tevent_req_data(req,
179 : struct tstream_gensec_readv_state);
180 3482 : struct tstream_gensec *tgss =
181 4805212 : tstream_context_data(state->stream,
182 : struct tstream_gensec);
183 3482 : struct tevent_req *subreq;
184 :
185 : /*
186 : * copy the pending buffer first
187 : */
188 8478648 : while (tgss->read.left > 0 && state->count > 0) {
189 3673436 : uint8_t *base = (uint8_t *)state->vector[0].iov_base;
190 3673436 : size_t len = MIN(tgss->read.left, state->vector[0].iov_len);
191 :
192 3673436 : memcpy(base, tgss->read.unwrapped.data + tgss->read.ofs, len);
193 :
194 3673436 : base += len;
195 3673436 : state->vector[0].iov_base = (char *) base;
196 3673436 : state->vector[0].iov_len -= len;
197 :
198 3673436 : tgss->read.ofs += len;
199 3673436 : tgss->read.left -= len;
200 :
201 3673436 : if (state->vector[0].iov_len == 0) {
202 3646466 : state->vector += 1;
203 3646466 : state->count -= 1;
204 : }
205 :
206 3673436 : state->ret += len;
207 : }
208 :
209 4805212 : if (state->count == 0) {
210 3646466 : tevent_req_done(req);
211 3646466 : return;
212 : }
213 :
214 1158746 : data_blob_free(&tgss->read.unwrapped);
215 1158746 : ZERO_STRUCT(state->wrapped);
216 :
217 1158746 : subreq = tstream_readv_pdu_send(state, state->ev,
218 : tgss->plain_stream,
219 : tstream_gensec_readv_next_vector,
220 : state);
221 1158746 : if (tevent_req_nomem(subreq, req)) {
222 0 : return;
223 : }
224 1158746 : tevent_req_set_callback(subreq, tstream_gensec_readv_wrapped_done, req);
225 : }
226 :
227 3424814 : static int tstream_gensec_readv_next_vector(struct tstream_context *unix_stream,
228 : void *private_data,
229 : TALLOC_CTX *mem_ctx,
230 : struct iovec **_vector,
231 : size_t *_count)
232 : {
233 2912 : struct tstream_gensec_readv_state *state =
234 3424814 : talloc_get_type_abort(private_data,
235 : struct tstream_gensec_readv_state);
236 2912 : struct iovec *vector;
237 3424814 : size_t count = 1;
238 :
239 : /* we need to get a message header */
240 3424814 : vector = talloc_array(mem_ctx, struct iovec, count);
241 3424814 : if (!vector) {
242 0 : return -1;
243 : }
244 :
245 3424814 : if (!state->wrapped.asked_for_hdr) {
246 1158746 : state->wrapped.asked_for_hdr = true;
247 1158746 : vector[0].iov_base = (char *)state->wrapped.hdr;
248 1158746 : vector[0].iov_len = sizeof(state->wrapped.hdr);
249 2266068 : } else if (!state->wrapped.asked_for_blob) {
250 930 : uint32_t msg_len;
251 :
252 1133034 : state->wrapped.asked_for_blob = true;
253 :
254 1133034 : msg_len = RIVAL(state->wrapped.hdr, 0);
255 :
256 : /*
257 : * I got a Windows 2012R2 server responding with
258 : * a message of 0x1b28a33.
259 : */
260 1133034 : if (msg_len > 0x0FFFFFFF) {
261 0 : errno = EMSGSIZE;
262 0 : return -1;
263 : }
264 :
265 1133034 : if (msg_len == 0) {
266 0 : errno = EMSGSIZE;
267 0 : return -1;
268 : }
269 :
270 1133034 : state->wrapped.blob = data_blob_talloc(state, NULL, msg_len);
271 1133034 : if (state->wrapped.blob.data == NULL) {
272 0 : return -1;
273 : }
274 :
275 1133034 : vector[0].iov_base = (char *)state->wrapped.blob.data;
276 1133034 : vector[0].iov_len = state->wrapped.blob.length;
277 : } else {
278 1133034 : *_vector = NULL;
279 1133034 : *_count = 0;
280 1133034 : return 0;
281 : }
282 :
283 2291780 : *_vector = vector;
284 2291780 : *_count = count;
285 2291780 : return 0;
286 : }
287 :
288 1158741 : static void tstream_gensec_readv_wrapped_done(struct tevent_req *subreq)
289 : {
290 1052 : struct tevent_req *req =
291 1158741 : tevent_req_callback_data(subreq,
292 : struct tevent_req);
293 1052 : struct tstream_gensec_readv_state *state =
294 1158741 : tevent_req_data(req,
295 : struct tstream_gensec_readv_state);
296 1052 : struct tstream_gensec *tgss =
297 1158741 : tstream_context_data(state->stream,
298 : struct tstream_gensec);
299 1052 : int ret;
300 1052 : int sys_errno;
301 1052 : NTSTATUS status;
302 :
303 1158741 : ret = tstream_readv_pdu_recv(subreq, &sys_errno);
304 1158741 : TALLOC_FREE(subreq);
305 1158741 : if (ret == -1) {
306 25707 : tgss->error = sys_errno;
307 25707 : tevent_req_error(req, sys_errno);
308 25829 : return;
309 : }
310 :
311 1133034 : status = gensec_unwrap(tgss->gensec_security,
312 : state,
313 1133034 : &state->wrapped.blob,
314 : &tgss->read.unwrapped);
315 1133034 : if (!NT_STATUS_IS_OK(status)) {
316 0 : tgss->error = EIO;
317 0 : tevent_req_error(req, tgss->error);
318 0 : return;
319 : }
320 :
321 1133034 : data_blob_free(&state->wrapped.blob);
322 :
323 1133034 : talloc_steal(tgss, tgss->read.unwrapped.data);
324 1133034 : tgss->read.left = tgss->read.unwrapped.length;
325 1133034 : tgss->read.ofs = 0;
326 :
327 1133034 : tstream_gensec_readv_wrapped_next(req);
328 : }
329 :
330 3672173 : static int tstream_gensec_readv_recv(struct tevent_req *req, int *perrno)
331 : {
332 2552 : struct tstream_gensec_readv_state *state =
333 3672173 : tevent_req_data(req,
334 : struct tstream_gensec_readv_state);
335 2552 : int ret;
336 :
337 3672173 : ret = tsocket_simple_int_recv(req, perrno);
338 3672173 : if (ret == 0) {
339 3646466 : ret = state->ret;
340 : }
341 :
342 3672173 : tevent_req_received(req);
343 3672173 : return ret;
344 : }
345 :
346 : struct tstream_gensec_writev_state {
347 : struct tevent_context *ev;
348 : struct tstream_context *stream;
349 :
350 : struct iovec *vector;
351 : int count;
352 :
353 : struct {
354 : off_t ofs;
355 : size_t left;
356 : DATA_BLOB blob;
357 : } unwrapped;
358 :
359 : struct {
360 : uint8_t hdr[4];
361 : DATA_BLOB blob;
362 : struct iovec iov[2];
363 : } wrapped;
364 :
365 : int ret;
366 : };
367 :
368 : static void tstream_gensec_writev_wrapped_next(struct tevent_req *req);
369 :
370 1106043 : static struct tevent_req *tstream_gensec_writev_send(TALLOC_CTX *mem_ctx,
371 : struct tevent_context *ev,
372 : struct tstream_context *stream,
373 : const struct iovec *vector,
374 : size_t count)
375 : {
376 930 : struct tstream_gensec *tgss =
377 1106043 : tstream_context_data(stream,
378 : struct tstream_gensec);
379 930 : struct tevent_req *req;
380 930 : struct tstream_gensec_writev_state *state;
381 930 : size_t i;
382 930 : int total;
383 930 : int chunk;
384 :
385 1106043 : req = tevent_req_create(mem_ctx, &state,
386 : struct tstream_gensec_writev_state);
387 1106043 : if (req == NULL) {
388 0 : return NULL;
389 : }
390 :
391 1106043 : if (tgss->error != 0) {
392 0 : tevent_req_error(req, tgss->error);
393 0 : return tevent_req_post(req, ev);
394 : }
395 :
396 1106043 : state->ev = ev;
397 1106043 : state->stream = stream;
398 1106043 : state->ret = 0;
399 :
400 : /*
401 : * we make a copy of the vector so we can change the structure
402 : */
403 1106043 : state->vector = talloc_array(state, struct iovec, count);
404 1106043 : if (tevent_req_nomem(state->vector, req)) {
405 0 : return tevent_req_post(req, ev);
406 : }
407 1106043 : memcpy(state->vector, vector, sizeof(struct iovec) * count);
408 1106043 : state->count = count;
409 :
410 1106043 : total = 0;
411 2933206 : for (i = 0; i < count; i++) {
412 : /*
413 : * the generic tstream code makes sure that
414 : * this never wraps.
415 : */
416 1827163 : total += vector[i].iov_len;
417 : }
418 :
419 : /*
420 : * We may need to send data in chunks.
421 : */
422 1106043 : chunk = MIN(total, tgss->write.max_unwrapped_size);
423 :
424 1106043 : state->unwrapped.blob = data_blob_talloc(state, NULL, chunk);
425 1106043 : if (tevent_req_nomem(state->unwrapped.blob.data, req)) {
426 0 : return tevent_req_post(req, ev);
427 : }
428 :
429 1106043 : tstream_gensec_writev_wrapped_next(req);
430 1106043 : if (!tevent_req_is_in_progress(req)) {
431 0 : return tevent_req_post(req, ev);
432 : }
433 :
434 1105113 : return req;
435 : }
436 :
437 : static void tstream_gensec_writev_wrapped_done(struct tevent_req *subreq);
438 :
439 2239056 : static void tstream_gensec_writev_wrapped_next(struct tevent_req *req)
440 : {
441 1860 : struct tstream_gensec_writev_state *state =
442 2239056 : tevent_req_data(req,
443 : struct tstream_gensec_writev_state);
444 1860 : struct tstream_gensec *tgss =
445 2239056 : tstream_context_data(state->stream,
446 : struct tstream_gensec);
447 1860 : struct tevent_req *subreq;
448 1860 : NTSTATUS status;
449 :
450 2239056 : data_blob_free(&state->wrapped.blob);
451 :
452 2239056 : state->unwrapped.left = state->unwrapped.blob.length;
453 2239056 : state->unwrapped.ofs = 0;
454 :
455 : /*
456 : * first fill our buffer
457 : */
458 4093189 : while (state->unwrapped.left > 0 && state->count > 0) {
459 1854133 : uint8_t *base = (uint8_t *)state->vector[0].iov_base;
460 1854133 : size_t len = MIN(state->unwrapped.left, state->vector[0].iov_len);
461 :
462 1854133 : memcpy(state->unwrapped.blob.data + state->unwrapped.ofs, base, len);
463 :
464 1854133 : base += len;
465 1854133 : state->vector[0].iov_base = (char *) base;
466 1854133 : state->vector[0].iov_len -= len;
467 :
468 1854133 : state->unwrapped.ofs += len;
469 1854133 : state->unwrapped.left -= len;
470 :
471 1854133 : if (state->vector[0].iov_len == 0) {
472 1827163 : state->vector += 1;
473 1827163 : state->count -= 1;
474 : }
475 :
476 1854133 : state->ret += len;
477 : }
478 :
479 2239056 : if (state->unwrapped.ofs == 0) {
480 1106042 : tevent_req_done(req);
481 1106972 : return;
482 : }
483 :
484 1133014 : state->unwrapped.blob.length = state->unwrapped.ofs;
485 :
486 1133014 : status = gensec_wrap(tgss->gensec_security,
487 : state,
488 1133014 : &state->unwrapped.blob,
489 : &state->wrapped.blob);
490 1133014 : if (!NT_STATUS_IS_OK(status)) {
491 0 : tgss->error = EIO;
492 0 : tevent_req_error(req, tgss->error);
493 0 : return;
494 : }
495 :
496 1133014 : RSIVAL(state->wrapped.hdr, 0, state->wrapped.blob.length);
497 :
498 1133014 : state->wrapped.iov[0].iov_base = (void *)state->wrapped.hdr;
499 1133014 : state->wrapped.iov[0].iov_len = sizeof(state->wrapped.hdr);
500 1133014 : state->wrapped.iov[1].iov_base = (void *)state->wrapped.blob.data;
501 1133014 : state->wrapped.iov[1].iov_len = state->wrapped.blob.length;
502 :
503 1133944 : subreq = tstream_writev_send(state, state->ev,
504 : tgss->plain_stream,
505 1133014 : state->wrapped.iov, 2);
506 1133014 : if (tevent_req_nomem(subreq, req)) {
507 0 : return;
508 : }
509 1133014 : tevent_req_set_callback(subreq,
510 : tstream_gensec_writev_wrapped_done,
511 : req);
512 : }
513 :
514 1133013 : static void tstream_gensec_writev_wrapped_done(struct tevent_req *subreq)
515 : {
516 930 : struct tevent_req *req =
517 1133013 : tevent_req_callback_data(subreq,
518 : struct tevent_req);
519 930 : struct tstream_gensec_writev_state *state =
520 1133013 : tevent_req_data(req,
521 : struct tstream_gensec_writev_state);
522 930 : struct tstream_gensec *tgss =
523 1133013 : tstream_context_data(state->stream,
524 : struct tstream_gensec);
525 930 : int sys_errno;
526 930 : int ret;
527 :
528 1133013 : ret = tstream_writev_recv(subreq, &sys_errno);
529 1133013 : TALLOC_FREE(subreq);
530 1133013 : if (ret == -1) {
531 0 : tgss->error = sys_errno;
532 0 : tevent_req_error(req, sys_errno);
533 0 : return;
534 : }
535 :
536 1133013 : tstream_gensec_writev_wrapped_next(req);
537 : }
538 :
539 1106042 : static int tstream_gensec_writev_recv(struct tevent_req *req,
540 : int *perrno)
541 : {
542 930 : struct tstream_gensec_writev_state *state =
543 1106042 : tevent_req_data(req,
544 : struct tstream_gensec_writev_state);
545 930 : int ret;
546 :
547 1106042 : ret = tsocket_simple_int_recv(req, perrno);
548 1106042 : if (ret == 0) {
549 1106042 : ret = state->ret;
550 : }
551 :
552 1106042 : tevent_req_received(req);
553 1106042 : return ret;
554 : }
555 :
556 : struct tstream_gensec_disconnect_state {
557 : uint8_t _dummy;
558 : };
559 :
560 25731 : static struct tevent_req *tstream_gensec_disconnect_send(TALLOC_CTX *mem_ctx,
561 : struct tevent_context *ev,
562 : struct tstream_context *stream)
563 : {
564 122 : struct tstream_gensec *tgss =
565 25731 : tstream_context_data(stream,
566 : struct tstream_gensec);
567 122 : struct tevent_req *req;
568 122 : struct tstream_gensec_disconnect_state *state;
569 :
570 25731 : req = tevent_req_create(mem_ctx, &state,
571 : struct tstream_gensec_disconnect_state);
572 25731 : if (req == NULL) {
573 0 : return NULL;
574 : }
575 :
576 25731 : if (tgss->error != 0) {
577 25707 : tevent_req_error(req, tgss->error);
578 25707 : return tevent_req_post(req, ev);
579 : }
580 :
581 : /*
582 : * The caller is responsible to do the real disconnect
583 : * on the plain stream!
584 : */
585 24 : tgss->plain_stream = NULL;
586 24 : tgss->error = ENOTCONN;
587 :
588 24 : tevent_req_done(req);
589 24 : return tevent_req_post(req, ev);
590 : }
591 :
592 25731 : static int tstream_gensec_disconnect_recv(struct tevent_req *req,
593 : int *perrno)
594 : {
595 122 : int ret;
596 :
597 25731 : ret = tsocket_simple_int_recv(req, perrno);
598 :
599 25731 : tevent_req_received(req);
600 25731 : return ret;
601 : }
602 :
603 : static const struct tstream_context_ops tstream_gensec_ops = {
604 : .name = "gensec",
605 :
606 : .pending_bytes = tstream_gensec_pending_bytes,
607 :
608 : .readv_send = tstream_gensec_readv_send,
609 : .readv_recv = tstream_gensec_readv_recv,
610 :
611 : .writev_send = tstream_gensec_writev_send,
612 : .writev_recv = tstream_gensec_writev_recv,
613 :
614 : .disconnect_send = tstream_gensec_disconnect_send,
615 : .disconnect_recv = tstream_gensec_disconnect_recv,
616 : };
|