LCOV - code coverage report
Current view: top level - libcli/auth - spnego_parse.c (source / functions) Hit Total Coverage
Test: coverage report for fix-15632 9995c5c2 Lines: 205 271 75.6 %
Date: 2024-04-13 12:30:31 Functions: 7 8 87.5 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    RFC2478 Compliant SPNEGO implementation
       5             : 
       6             :    Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2003
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "../libcli/auth/spnego.h"
      25             : #include "../lib/util/asn1.h"
      26             : 
      27      107139 : static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
      28             :                               struct spnego_negTokenInit *token)
      29             : {
      30      107139 :         ZERO_STRUCTP(token);
      31             : 
      32      107139 :         if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
      33      107139 :         if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
      34             : 
      35      321411 :         while (asn1_tag_remaining(asn1) > 0) {
      36        4272 :                 int i;
      37        4272 :                 uint8_t context;
      38             : 
      39      214272 :                 if (!asn1_peek_uint8(asn1, &context)) {
      40           0 :                         asn1_set_error(asn1);
      41           0 :                         break;
      42             :                 }
      43             : 
      44      214272 :                 switch (context) {
      45             :                 /* Read mechTypes */
      46      107139 :                 case ASN1_CONTEXT(0): {
      47        2136 :                         const char **mechTypes;
      48             : 
      49      107139 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
      50      107139 :                         if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
      51             : 
      52      107139 :                         mechTypes = talloc(mem_ctx, const char *);
      53      107139 :                         if (mechTypes == NULL) {
      54           0 :                                 asn1_set_error(asn1);
      55           0 :                                 return false;
      56             :                         }
      57      302267 :                         for (i = 0; asn1_tag_remaining(asn1) > 0; i++) {
      58        5971 :                                 char *oid;
      59        5971 :                                 const char **p;
      60      195128 :                                 p = talloc_realloc(mem_ctx,
      61             :                                                    mechTypes,
      62             :                                                    const char *, i+2);
      63      195128 :                                 if (p == NULL) {
      64           0 :                                         talloc_free(mechTypes);
      65           0 :                                         asn1_set_error(asn1);
      66           0 :                                         return false;
      67             :                                 }
      68      195128 :                                 mechTypes = p;
      69             : 
      70      195128 :                                 if (!asn1_read_OID(asn1, mechTypes, &oid)) return false;
      71      195128 :                                 mechTypes[i] = oid;
      72             :                         }
      73      107139 :                         mechTypes[i] = NULL;
      74      107139 :                         token->mechTypes = mechTypes;
      75             : 
      76      107139 :                         asn1_end_tag(asn1);
      77      107139 :                         asn1_end_tag(asn1);
      78      107139 :                         break;
      79             :                 }
      80             :                 /* Read reqFlags */
      81           0 :                 case ASN1_CONTEXT(1):
      82           0 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return false;
      83           0 :                         if (!asn1_read_BitString(asn1, mem_ctx, &token->reqFlags,
      84           0 :                                             &token->reqFlagsPadding)) return false;
      85           0 :                         if (!asn1_end_tag(asn1)) return false;
      86           0 :                         break;
      87             :                 /* Read mechToken */
      88       68838 :                 case ASN1_CONTEXT(2):
      89       68838 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(2))) return false;
      90       68838 :                         if (!asn1_read_OctetString(asn1, mem_ctx, &token->mechToken)) return false;
      91       68838 :                         if (!asn1_end_tag(asn1)) return false;
      92       67809 :                         break;
      93             :                 /* Read mecListMIC */
      94       38295 :                 case ASN1_CONTEXT(3):
      95             :                 {
      96        1107 :                         uint8_t type_peek;
      97       38295 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(3))) return false;
      98       38295 :                         if (!asn1_peek_uint8(asn1, &type_peek)) {
      99           0 :                                 asn1_set_error(asn1);
     100       38295 :                                 break;
     101             :                         }
     102       38295 :                         if (type_peek == ASN1_OCTET_STRING) {
     103           0 :                                 if (!asn1_read_OctetString(asn1, mem_ctx,
     104           0 :                                                       &token->mechListMIC)) return false;
     105             :                         } else {
     106             :                                 /* RFC 2478 says we have an Octet String here,
     107             :                                    but W2k sends something different... */
     108        1107 :                                 char *mechListMIC;
     109       38295 :                                 if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
     110       38295 :                                 if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
     111       38295 :                                 if (!asn1_read_GeneralString(asn1, mem_ctx, &mechListMIC)) return false;
     112       38295 :                                 if (!asn1_end_tag(asn1)) return false;
     113       38295 :                                 if (!asn1_end_tag(asn1)) return false;
     114             : 
     115       38295 :                                 token->targetPrincipal = mechListMIC;
     116             :                         }
     117       38295 :                         if (!asn1_end_tag(asn1)) return false;
     118       37188 :                         break;
     119             :                 }
     120           0 :                 default:
     121           0 :                         asn1_set_error(asn1);
     122           0 :                         break;
     123             :                 }
     124             :         }
     125             : 
     126      107139 :         if (!asn1_end_tag(asn1)) return false;
     127      107139 :         if (!asn1_end_tag(asn1)) return false;
     128             : 
     129      107139 :         return !asn1_has_error(asn1);
     130             : }
     131             : 
     132      121266 : static bool write_negTokenInit(struct asn1_data *asn1, struct spnego_negTokenInit *token)
     133             : {
     134      121266 :         if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
     135      121266 :         if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
     136             : 
     137             :         /* Write mechTypes */
     138      121266 :         if (token->mechTypes && *token->mechTypes) {
     139        2607 :                 int i;
     140             : 
     141      121266 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
     142      121266 :                 if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
     143      339559 :                 for (i = 0; token->mechTypes[i]; i++) {
     144      218293 :                         if (!asn1_write_OID(asn1, token->mechTypes[i])) return false;
     145             :                 }
     146      121266 :                 if (!asn1_pop_tag(asn1)) return false;
     147      121266 :                 if (!asn1_pop_tag(asn1)) return false;
     148             :         }
     149             : 
     150             :         /* write reqFlags */
     151      121266 :         if (token->reqFlags.length > 0) {
     152           0 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
     153           0 :                 if (!asn1_write_BitString(asn1, token->reqFlags.data,
     154             :                                      token->reqFlags.length,
     155           0 :                                      token->reqFlagsPadding)) return false;
     156           0 :                 if (!asn1_pop_tag(asn1)) return false;
     157             :         }
     158             : 
     159             :         /* write mechToken */
     160      121266 :         if (token->mechToken.data) {
     161       70606 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(2))) return false;
     162       70606 :                 if (!asn1_write_OctetString(asn1, token->mechToken.data,
     163           0 :                                        token->mechToken.length)) return false;
     164       70606 :                 if (!asn1_pop_tag(asn1)) return false;
     165             :         }
     166             : 
     167             :         /* write mechListMIC */
     168      121266 :         if (token->mechListMIC.data) {
     169       50654 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(3))) return false;
     170             : #if 0
     171             :                 /* This is what RFC 2478 says ... */
     172             :                 asn1_write_OctetString(asn1, token->mechListMIC.data,
     173             :                                        token->mechListMIC.length);
     174             : #else
     175             :                 /* ... but unfortunately this is what Windows
     176             :                    sends/expects */
     177       50654 :                 if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
     178       50654 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
     179       50654 :                 if (!asn1_push_tag(asn1, ASN1_GENERAL_STRING)) return false;
     180       50654 :                 if (!asn1_write(asn1, token->mechListMIC.data,
     181       50654 :                            token->mechListMIC.length)) return false;
     182       50654 :                 if (!asn1_pop_tag(asn1)) return false;
     183       50654 :                 if (!asn1_pop_tag(asn1)) return false;
     184       50654 :                 if (!asn1_pop_tag(asn1)) return false;
     185             : #endif
     186       50654 :                 if (!asn1_pop_tag(asn1)) return false;
     187             :         }
     188             : 
     189      121266 :         if (!asn1_pop_tag(asn1)) return false;
     190      121266 :         if (!asn1_pop_tag(asn1)) return false;
     191             : 
     192      121266 :         return !asn1_has_error(asn1);
     193             : }
     194             : 
     195      146809 : static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
     196             :                               struct spnego_negTokenTarg *token)
     197             : {
     198      146809 :         ZERO_STRUCTP(token);
     199             : 
     200      146809 :         if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return false;
     201      146809 :         if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
     202             : 
     203      506753 :         while (asn1_tag_remaining(asn1) > 0) {
     204        4020 :                 uint8_t context;
     205        4020 :                 uint8_t neg_result;
     206        4020 :                 char *oid;
     207             : 
     208      359944 :                 if (!asn1_peek_uint8(asn1, &context)) {
     209           0 :                         asn1_set_error(asn1);
     210           0 :                         break;
     211             :                 }
     212             : 
     213      359944 :                 switch (context) {
     214      105780 :                 case ASN1_CONTEXT(0):
     215      105780 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
     216      105780 :                         if (!asn1_start_tag(asn1, ASN1_ENUMERATED)) return false;
     217      105780 :                         if (!asn1_read_uint8(asn1, &neg_result)) return false;
     218      105780 :                         token->negResult = neg_result;
     219      105780 :                         if (!asn1_end_tag(asn1)) return false;
     220      105780 :                         if (!asn1_end_tag(asn1)) return false;
     221      104518 :                         break;
     222       68553 :                 case ASN1_CONTEXT(1):
     223       68553 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return false;
     224       68553 :                         if (!asn1_read_OID(asn1, mem_ctx, &oid)) return false;
     225       68553 :                         token->supportedMech = oid;
     226       68553 :                         if (!asn1_end_tag(asn1)) return false;
     227       67525 :                         break;
     228      109570 :                 case ASN1_CONTEXT(2):
     229      109570 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(2))) return false;
     230      109570 :                         if (!asn1_read_OctetString(asn1, mem_ctx, &token->responseToken)) return false;
     231      109570 :                         if (!asn1_end_tag(asn1)) return false;
     232      108298 :                         break;
     233       76041 :                 case ASN1_CONTEXT(3):
     234       76041 :                         if (!asn1_start_tag(asn1, ASN1_CONTEXT(3))) return false;
     235       76041 :                         if (!asn1_read_OctetString(asn1, mem_ctx, &token->mechListMIC)) return false;
     236       76041 :                         if (!asn1_end_tag(asn1)) return false;
     237       75583 :                         break;
     238           0 :                 default:
     239           0 :                         asn1_set_error(asn1);
     240           0 :                         break;
     241             :                 }
     242             :         }
     243             : 
     244      146809 :         if (!asn1_end_tag(asn1)) return false;
     245      146809 :         if (!asn1_end_tag(asn1)) return false;
     246             : 
     247      146809 :         return !asn1_has_error(asn1);
     248             : }
     249             : 
     250      146984 : static bool write_negTokenTarg(struct asn1_data *asn1, struct spnego_negTokenTarg *token)
     251             : {
     252      146984 :         if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
     253      146984 :         if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
     254             : 
     255      146984 :         if (token->negResult != SPNEGO_NONE_RESULT) {
     256      105763 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
     257      105763 :                 if (!asn1_write_enumerated(asn1, token->negResult)) return false;
     258      105763 :                 if (!asn1_pop_tag(asn1)) return false;
     259             :         }
     260             : 
     261      146984 :         if (token->supportedMech) {
     262       68651 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
     263       68651 :                 if (!asn1_write_OID(asn1, token->supportedMech)) return false;
     264       68651 :                 if (!asn1_pop_tag(asn1)) return false;
     265             :         }
     266             : 
     267      146984 :         if (token->responseToken.data) {
     268      109860 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(2))) return false;
     269      109860 :                 if (!asn1_write_OctetString(asn1, token->responseToken.data,
     270           0 :                                        token->responseToken.length)) return false;
     271      109860 :                 if (!asn1_pop_tag(asn1)) return false;
     272             :         }
     273             : 
     274      146984 :         if (token->mechListMIC.data) {
     275       76028 :                 if (!asn1_push_tag(asn1, ASN1_CONTEXT(3))) return false;
     276       76028 :                 if (!asn1_write_OctetString(asn1, token->mechListMIC.data,
     277           0 :                                       token->mechListMIC.length)) return false;
     278       76028 :                 if (!asn1_pop_tag(asn1)) return false;
     279             :         }
     280             : 
     281      146984 :         if (!asn1_pop_tag(asn1)) return false;
     282      146984 :         if (!asn1_pop_tag(asn1)) return false;
     283             : 
     284      146984 :         return !asn1_has_error(asn1);
     285             : }
     286             : 
     287      254095 : ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data *token)
     288             : {
     289        3642 :         struct asn1_data *asn1;
     290      254095 :         ssize_t ret = -1;
     291        3642 :         uint8_t context;
     292             : 
     293      254095 :         ZERO_STRUCTP(token);
     294             : 
     295      254095 :         if (data.length == 0) {
     296           0 :                 return ret;
     297             :         }
     298             : 
     299      254095 :         asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
     300      254095 :         if (asn1 == NULL) {
     301           0 :                 return -1;
     302             :         }
     303             : 
     304      254095 :         if (!asn1_load(asn1, data)) goto err;
     305             : 
     306      254095 :         if (!asn1_peek_uint8(asn1, &context)) {
     307           0 :                 asn1_set_error(asn1);
     308             :         } else {
     309      254095 :                 switch (context) {
     310      107184 :                 case ASN1_APPLICATION(0):
     311      107184 :                         if (!asn1_start_tag(asn1, ASN1_APPLICATION(0))) goto err;
     312      107184 :                         if (!asn1_check_OID(asn1, OID_SPNEGO)) goto err;
     313      107139 :                         if (read_negTokenInit(asn1, mem_ctx, &token->negTokenInit)) {
     314      107139 :                                 token->type = SPNEGO_NEG_TOKEN_INIT;
     315             :                         }
     316      107139 :                         if (!asn1_end_tag(asn1)) goto err;
     317      105003 :                         break;
     318      146809 :                 case ASN1_CONTEXT(1):
     319      146809 :                         if (read_negTokenTarg(asn1, mem_ctx, &token->negTokenTarg)) {
     320      146809 :                                 token->type = SPNEGO_NEG_TOKEN_TARG;
     321             :                         }
     322      145303 :                         break;
     323         102 :                 default:
     324         102 :                         asn1_set_error(asn1);
     325         102 :                         break;
     326             :                 }
     327             :         }
     328             : 
     329      254050 :         if (!asn1_has_error(asn1)) {
     330      253948 :                 ret = asn1_current_ofs(asn1);
     331             :         }
     332             : 
     333         102 :   err:
     334             : 
     335      254095 :         asn1_free(asn1);
     336             : 
     337      254095 :         return ret;
     338             : }
     339             : 
     340      268250 : ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_data *spnego)
     341             : {
     342      268250 :         struct asn1_data *asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
     343      268250 :         ssize_t ret = -1;
     344             : 
     345      268250 :         if (asn1 == NULL) {
     346           0 :                 return -1;
     347             :         }
     348             : 
     349      268250 :         switch (spnego->type) {
     350      121266 :         case SPNEGO_NEG_TOKEN_INIT:
     351      121266 :                 if (!asn1_push_tag(asn1, ASN1_APPLICATION(0))) goto err;
     352      121266 :                 if (!asn1_write_OID(asn1, OID_SPNEGO)) goto err;
     353      121266 :                 if (!write_negTokenInit(asn1, &spnego->negTokenInit)) goto err;
     354      121266 :                 if (!asn1_pop_tag(asn1)) goto err;
     355      118659 :                 break;
     356      146984 :         case SPNEGO_NEG_TOKEN_TARG:
     357      146984 :                 write_negTokenTarg(asn1, &spnego->negTokenTarg);
     358      146984 :                 break;
     359           0 :         default:
     360           0 :                 asn1_set_error(asn1);
     361           0 :                 break;
     362             :         }
     363             : 
     364      268250 :         if (!asn1_extract_blob(asn1, mem_ctx, blob)) {
     365           0 :                 goto err;
     366             :         }
     367             : 
     368      268250 :         ret = asn1_current_ofs(asn1);
     369             : 
     370      268250 :   err:
     371             : 
     372      268250 :         asn1_free(asn1);
     373             : 
     374      268250 :         return ret;
     375             : }
     376             : 
     377           0 : bool spnego_free_data(struct spnego_data *spnego)
     378             : {
     379           0 :         bool ret = true;
     380             : 
     381           0 :         if (!spnego) goto out;
     382             : 
     383           0 :         switch(spnego->type) {
     384           0 :         case SPNEGO_NEG_TOKEN_INIT:
     385           0 :                 if (spnego->negTokenInit.mechTypes) {
     386           0 :                         talloc_free(discard_const(spnego->negTokenInit.mechTypes));
     387             :                 }
     388           0 :                 data_blob_free(&spnego->negTokenInit.reqFlags);
     389           0 :                 data_blob_free(&spnego->negTokenInit.mechToken);
     390           0 :                 data_blob_free(&spnego->negTokenInit.mechListMIC);
     391           0 :                 talloc_free(spnego->negTokenInit.targetPrincipal);
     392           0 :                 break;
     393           0 :         case SPNEGO_NEG_TOKEN_TARG:
     394           0 :                 if (spnego->negTokenTarg.supportedMech) {
     395           0 :                         talloc_free(discard_const(spnego->negTokenTarg.supportedMech));
     396             :                 }
     397           0 :                 data_blob_free(&spnego->negTokenTarg.responseToken);
     398           0 :                 data_blob_free(&spnego->negTokenTarg.mechListMIC);
     399           0 :                 break;
     400           0 :         default:
     401           0 :                 ret = false;
     402           0 :                 break;
     403             :         }
     404           0 :         ZERO_STRUCTP(spnego);
     405           0 : out:
     406           0 :         return ret;
     407             : }
     408             : 
     409      190110 : bool spnego_write_mech_types(TALLOC_CTX *mem_ctx,
     410             :                              const char * const *mech_types,
     411             :                              DATA_BLOB *blob)
     412             : {
     413      190110 :         bool ret = false;
     414      190110 :         struct asn1_data *asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
     415             : 
     416      190110 :         if (asn1 == NULL) {
     417           0 :                 return false;
     418             :         }
     419             : 
     420             :         /* Write mechTypes */
     421      190110 :         if (mech_types && *mech_types) {
     422        3636 :                 int i;
     423             : 
     424      190110 :                 if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) goto err;
     425      534236 :                 for (i = 0; mech_types[i]; i++) {
     426      344126 :                         if (!asn1_write_OID(asn1, mech_types[i])) goto err;
     427             :                 }
     428      190110 :                 if (!asn1_pop_tag(asn1)) goto err;
     429             :         }
     430             : 
     431      190110 :         if (asn1_has_error(asn1)) {
     432           0 :                 goto err;
     433             :         }
     434             : 
     435      190110 :         if (!asn1_extract_blob(asn1, mem_ctx, blob)) {
     436           0 :                 goto err;
     437             :         }
     438             : 
     439      186474 :         ret = true;
     440             : 
     441      190110 :   err:
     442             : 
     443      190110 :         asn1_free(asn1);
     444             : 
     445      190110 :         return ret;
     446             : }

Generated by: LCOV version 1.14