LCOV - code coverage report
Current view: top level - libcli/lsarpc - util_lsarpc.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 125 189 66.1 %
Date: 2023-11-21 12:31:41 Functions: 7 7 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Authentication utility functions
       4             :    Copyright (C) Sumit Bose 2010
       5             : 
       6             :    This program is free software; you can redistribute it and/or modify
       7             :    it under the terms of the GNU General Public License as published by
       8             :    the Free Software Foundation; either version 3 of the License, or
       9             :    (at your option) any later version.
      10             : 
      11             :    This program is distributed in the hope that it will be useful,
      12             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :    GNU General Public License for more details.
      15             : 
      16             :    You should have received a copy of the GNU General Public License
      17             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      18             : */
      19             : 
      20             : #include "includes.h"
      21             : #include "../librpc/gen_ndr/ndr_drsblobs.h"
      22             : #include "../librpc/gen_ndr/ndr_lsa.h"
      23             : #include "libcli/lsarpc/util_lsarpc.h"
      24             : 
      25           8 : static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx,
      26             :                                 uint32_t count,
      27             :                                 struct AuthenticationInformationArray *ai,
      28             :                                 struct lsa_TrustDomainInfoBuffer **_b)
      29             : {
      30           8 :         NTSTATUS status;
      31           8 :         struct lsa_TrustDomainInfoBuffer *b;
      32           8 :         int i;
      33             : 
      34           8 :         b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count);
      35           8 :         if (b == NULL) {
      36           0 :                 return NT_STATUS_NO_MEMORY;
      37             :         }
      38             : 
      39          20 :         for(i = 0; i < count; i++) {
      40          12 :                 size_t size = 0;
      41          12 :                 b[i].last_update_time = ai->array[i].LastUpdateTime;
      42          12 :                 b[i].AuthType = ai->array[i].AuthType;
      43          12 :                 switch(ai->array[i].AuthType) {
      44           0 :                         case TRUST_AUTH_TYPE_NONE:
      45           0 :                                 b[i].data.size = 0;
      46           0 :                                 b[i].data.data = NULL;
      47           0 :                                 break;
      48           0 :                         case TRUST_AUTH_TYPE_NT4OWF:
      49           0 :                                 if (ai->array[i].AuthInfo.nt4owf.size != 16) {
      50           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
      51           0 :                                         goto fail;
      52             :                                 }
      53           0 :                                 b[i].data.data = (uint8_t *)talloc_memdup(b,
      54             :                                     &ai->array[i].AuthInfo.nt4owf.password.hash,
      55             :                                     16);
      56           0 :                                 if (b[i].data.data == NULL) {
      57           0 :                                         status = NT_STATUS_NO_MEMORY;
      58           0 :                                         goto fail;
      59             :                                 }
      60           0 :                                 break;
      61           8 :                         case TRUST_AUTH_TYPE_CLEAR:
      62           8 :                                 if (!convert_string_talloc(b,
      63             :                                                            CH_UTF16LE, CH_UNIX,
      64           8 :                                                            ai->array[i].AuthInfo.clear.password,
      65           8 :                                                            ai->array[i].AuthInfo.clear.size,
      66           8 :                                                            &b[i].data.data,
      67             :                                                            &size)) {
      68           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
      69           0 :                                         goto fail;
      70             :                                 }
      71           8 :                                 b[i].data.size = size;
      72           8 :                                 break;
      73           4 :                         case TRUST_AUTH_TYPE_VERSION:
      74           4 :                                 if (ai->array[i].AuthInfo.version.size != 4) {
      75           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
      76           0 :                                         goto fail;
      77             :                                 }
      78           4 :                                 b[i].data.size = 4;
      79           4 :                                 b[i].data.data = (uint8_t *)talloc_memdup(b,
      80             :                                      &ai->array[i].AuthInfo.version.version, 4);
      81           4 :                                 if (b[i].data.data == NULL) {
      82           0 :                                         status = NT_STATUS_NO_MEMORY;
      83           0 :                                         goto fail;
      84             :                                 }
      85           0 :                                 break;
      86           0 :                         default:
      87           0 :                                 status = NT_STATUS_INVALID_PARAMETER;
      88           0 :                                 goto fail;
      89             :                 }
      90             :         }
      91             : 
      92           8 :         *_b = b;
      93             : 
      94           8 :         return NT_STATUS_OK;
      95             : 
      96           0 : fail:
      97           0 :         talloc_free(b);
      98           0 :         return status;
      99             : }
     100             : 
     101           6 : static NTSTATUS trustauth_inout_blob_2_auth_info(TALLOC_CTX *mem_ctx,
     102             :                                     DATA_BLOB *inout_blob,
     103             :                                     uint32_t *count,
     104             :                                     struct lsa_TrustDomainInfoBuffer **current,
     105             :                                     struct lsa_TrustDomainInfoBuffer **previous)
     106             : {
     107           6 :         NTSTATUS status;
     108           6 :         struct trustAuthInOutBlob iopw;
     109           6 :         enum ndr_err_code ndr_err;
     110           6 :         TALLOC_CTX *tmp_ctx;
     111             : 
     112           6 :         tmp_ctx = talloc_new(mem_ctx);
     113           6 :         if (tmp_ctx == NULL) {
     114           0 :                 return NT_STATUS_NO_MEMORY;
     115             :         }
     116             : 
     117           6 :         ndr_err = ndr_pull_struct_blob(inout_blob, tmp_ctx, &iopw,
     118             :                               (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
     119           6 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     120           0 :                 status = NT_STATUS_INVALID_PARAMETER;
     121           0 :                 goto done;
     122             :         }
     123             : 
     124           6 :         *count = iopw.count;
     125             : 
     126           6 :         status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
     127             :                                                       &iopw.current, current);
     128           6 :         if (!NT_STATUS_IS_OK(status)) {
     129           0 :                 goto done;
     130             :         }
     131             : 
     132           6 :         if (iopw.previous.count > 0) {
     133           2 :                 status = ai_array_2_trust_domain_info_buffer(mem_ctx, iopw.count,
     134             :                                                              &iopw.previous, previous);
     135           2 :                 if (!NT_STATUS_IS_OK(status)) {
     136           0 :                         goto done;
     137             :                 }
     138             :         } else {
     139           4 :                 *previous = NULL;
     140             :         }
     141             : 
     142           0 :         status = NT_STATUS_OK;
     143             : 
     144           6 : done:
     145           6 :         talloc_free(tmp_ctx);
     146           6 :         return status;
     147             : }
     148             : 
     149           5 : NTSTATUS auth_blob_2_auth_info(TALLOC_CTX *mem_ctx,
     150             :                                DATA_BLOB incoming, DATA_BLOB outgoing,
     151             :                                struct lsa_TrustDomainInfoAuthInfo *auth_info)
     152             : {
     153           5 :         NTSTATUS status;
     154             : 
     155           5 :         if (incoming.length != 0) {
     156           3 :                 status = trustauth_inout_blob_2_auth_info(mem_ctx,
     157             :                                         &incoming,
     158             :                                         &auth_info->incoming_count,
     159             :                                         &auth_info->incoming_current_auth_info,
     160             :                                         &auth_info->incoming_previous_auth_info);
     161           3 :                 if (!NT_STATUS_IS_OK(status)) {
     162           0 :                         return status;
     163             :                 }
     164             :         } else {
     165           2 :                 auth_info->incoming_count = 0;
     166           2 :                 auth_info->incoming_current_auth_info = NULL;
     167           2 :                 auth_info->incoming_previous_auth_info = NULL;
     168             :         }
     169             : 
     170           5 :         if (outgoing.length != 0) {
     171           3 :                 status = trustauth_inout_blob_2_auth_info(mem_ctx,
     172             :                                         &outgoing,
     173             :                                         &auth_info->outgoing_count,
     174             :                                         &auth_info->outgoing_current_auth_info,
     175             :                                         &auth_info->outgoing_previous_auth_info);
     176           3 :                 if (!NT_STATUS_IS_OK(status)) {
     177           0 :                         return status;
     178             :                 }
     179             :         } else {
     180           2 :                 auth_info->outgoing_count = 0;
     181           2 :                 auth_info->outgoing_current_auth_info = NULL;
     182           2 :                 auth_info->outgoing_previous_auth_info = NULL;
     183             :         }
     184             : 
     185           5 :         return NT_STATUS_OK;
     186             : }
     187             : 
     188           8 : static NTSTATUS trust_domain_info_buffer_2_ai_array(TALLOC_CTX *mem_ctx,
     189             :                                                     uint32_t count,
     190             :                                                     struct lsa_TrustDomainInfoBuffer *b,
     191             :                                                     struct AuthenticationInformationArray *ai)
     192             : {
     193           8 :         NTSTATUS status;
     194           8 :         int i;
     195             : 
     196           8 :         ai->count = count;
     197           8 :         ai->array = talloc_zero_array(mem_ctx, struct AuthenticationInformation,
     198             :                                       count);
     199           8 :         if (ai->array == NULL) {
     200           0 :                 return NT_STATUS_NO_MEMORY;
     201             :         }
     202             : 
     203          20 :         for(i = 0; i < count; i++) {
     204          12 :                 size_t size = 0;
     205          12 :                 ai->array[i].LastUpdateTime = b[i].last_update_time;
     206          12 :                 ai->array[i].AuthType = b[i].AuthType;
     207          12 :                 switch(ai->array[i].AuthType) {
     208           0 :                         case TRUST_AUTH_TYPE_NONE:
     209           0 :                                 ai->array[i].AuthInfo.none.size = 0;
     210           0 :                                 break;
     211           0 :                         case TRUST_AUTH_TYPE_NT4OWF:
     212           0 :                                 if (b[i].data.size != 16) {
     213           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
     214           0 :                                         goto fail;
     215             :                                 }
     216          12 :                                 memcpy(&ai->array[i].AuthInfo.nt4owf.password.hash,
     217           0 :                                        b[i].data.data, 16);
     218           0 :                                 break;
     219           8 :                         case TRUST_AUTH_TYPE_CLEAR:
     220           8 :                                 if (!convert_string_talloc(ai->array,
     221             :                                                            CH_UNIX, CH_UTF16,
     222           8 :                                                            b[i].data.data,
     223           8 :                                                            b[i].data.size,
     224           8 :                                                            &ai->array[i].AuthInfo.clear.password,
     225             :                                                            &size)) {
     226           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
     227           0 :                                         goto fail;
     228             :                                 }
     229           8 :                                 ai->array[i].AuthInfo.clear.size = size;
     230           8 :                                 break;
     231           4 :                         case TRUST_AUTH_TYPE_VERSION:
     232           4 :                                 if (b[i].data.size != 4) {
     233           0 :                                         status = NT_STATUS_INVALID_PARAMETER;
     234           0 :                                         goto fail;
     235             :                                 }
     236           4 :                                 ai->array[i].AuthInfo.version.size = 4;
     237          12 :                                 memcpy(&ai->array[i].AuthInfo.version.version,
     238           4 :                                        b[i].data.data, 4);
     239           0 :                                 break;
     240           0 :                         default:
     241           0 :                                 status = NT_STATUS_INVALID_PARAMETER;
     242           0 :                                 goto fail;
     243             :                 }
     244             :         }
     245             : 
     246           8 :         return NT_STATUS_OK;
     247             : 
     248           0 : fail:
     249           0 :         talloc_free(ai->array);
     250           0 :         return status;
     251             : }
     252             : 
     253           6 : NTSTATUS auth_info_2_trustauth_inout(TALLOC_CTX *mem_ctx,
     254             :                                      uint32_t count,
     255             :                                      struct lsa_TrustDomainInfoBuffer *current,
     256             :                                      struct lsa_TrustDomainInfoBuffer *previous,
     257             :                                      struct trustAuthInOutBlob **iopw_out)
     258             : {
     259           6 :         NTSTATUS status;
     260           6 :         struct trustAuthInOutBlob *iopw;
     261             : 
     262           6 :         iopw = talloc_zero(mem_ctx, struct trustAuthInOutBlob);
     263           6 :         if (iopw == NULL) {
     264           0 :                 return NT_STATUS_NO_MEMORY;
     265             :         }
     266             : 
     267           6 :         iopw->count = count;
     268           6 :         status = trust_domain_info_buffer_2_ai_array(iopw, count, current,
     269             :                                                      &iopw->current);
     270           6 :         if (!NT_STATUS_IS_OK(status)) {
     271           0 :                 goto done;
     272             :         }
     273             : 
     274           6 :         if (previous != NULL) {
     275           2 :                 status = trust_domain_info_buffer_2_ai_array(iopw, count,
     276             :                                                              previous,
     277             :                                                              &iopw->previous);
     278           2 :                 if (!NT_STATUS_IS_OK(status)) {
     279           0 :                         goto done;
     280             :                 }
     281             :         } else {
     282           4 :                 iopw->previous.count = 0;
     283           4 :                 iopw->previous.array = NULL;
     284             :         }
     285             : 
     286           6 :         *iopw_out = iopw;
     287             : 
     288           6 :         status = NT_STATUS_OK;
     289             : 
     290           6 : done:
     291           6 :         return status;
     292             : }
     293             : 
     294           6 : static NTSTATUS auth_info_2_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
     295             :                                      uint32_t count,
     296             :                                      struct lsa_TrustDomainInfoBuffer *current,
     297             :                                      struct lsa_TrustDomainInfoBuffer *previous,
     298             :                                      DATA_BLOB *inout_blob)
     299             : {
     300           6 :         NTSTATUS status;
     301           6 :         struct trustAuthInOutBlob *iopw = NULL;
     302           6 :         enum ndr_err_code ndr_err;
     303             : 
     304           6 :         status = auth_info_2_trustauth_inout(mem_ctx, count, current, previous, &iopw);
     305             : 
     306           6 :         if (!NT_STATUS_IS_OK(status)) {
     307           0 :                 goto done;
     308             :         }
     309             : 
     310           6 :         ndr_err = ndr_push_struct_blob(inout_blob, mem_ctx,
     311             :                               iopw,
     312             :                               (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
     313           6 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     314           0 :                 return NT_STATUS_INVALID_PARAMETER;
     315             :         }
     316             : 
     317           0 :         status = NT_STATUS_OK;
     318             : 
     319           6 : done:
     320           6 :         talloc_free(iopw);
     321           6 :         return status;
     322             : }
     323             : 
     324           8 : NTSTATUS auth_info_2_auth_blob(TALLOC_CTX *mem_ctx,
     325             :                                struct lsa_TrustDomainInfoAuthInfo *auth_info,
     326             :                                DATA_BLOB *incoming, DATA_BLOB *outgoing)
     327             : {
     328           5 :         NTSTATUS status;
     329             : 
     330           8 :         if (auth_info->incoming_count == 0) {
     331           5 :                 incoming->length = 0;
     332           5 :                 incoming->data = NULL;
     333             :         } else {
     334           3 :                 status = auth_info_2_trustauth_inout_blob(mem_ctx,
     335             :                                          auth_info->incoming_count,
     336             :                                          auth_info->incoming_current_auth_info,
     337             :                                          auth_info->incoming_previous_auth_info,
     338             :                                          incoming);
     339           3 :                 if (!NT_STATUS_IS_OK(status)) {
     340           0 :                         return status;
     341             :                 }
     342             :         }
     343             : 
     344           8 :         if (auth_info->outgoing_count == 0) {
     345           5 :                 outgoing->length = 0;
     346           5 :                 outgoing->data = NULL;
     347             :         } else {
     348           3 :                 status = auth_info_2_trustauth_inout_blob(mem_ctx,
     349             :                                          auth_info->outgoing_count,
     350             :                                          auth_info->outgoing_current_auth_info,
     351             :                                          auth_info->outgoing_previous_auth_info,
     352             :                                          outgoing);
     353           3 :                 if (!NT_STATUS_IS_OK(status)) {
     354           0 :                         return status;
     355             :                 }
     356             :         }
     357             : 
     358           8 :         return NT_STATUS_OK;
     359             : }

Generated by: LCOV version 1.14