search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
packaging: Update READMEs to reflect current status.
[Samba.git] / libcli / drsuapi / repl_decrypt.c
blob54d288853423420c802610b64e1e212f9d13b245
1 /*
2 Unix SMB/CIFS implementation.
3 Helper functions for applying replicated objects
4
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20
21 */
22
23 #include "includes.h"
24 #include "../lib/util/dlinklist.h"
25 #include "librpc/gen_ndr/ndr_misc.h"
26 #include "librpc/gen_ndr/ndr_drsuapi.h"
27 #include "librpc/gen_ndr/ndr_drsblobs.h"
28 #include "../lib/crypto/arcfour.h"
29 #include "zlib.h"
30 #include "../libcli/drsuapi/drsuapi.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "dsdb/samdb/samdb.h"
33
34 #include <gnutls/gnutls.h>
35 #include <gnutls/crypto.h>
36
37 WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
38 const DATA_BLOB *gensec_skey,
39 bool rid_crypt,
40 uint32_t rid,
41 DATA_BLOB *in,
42 DATA_BLOB *out)
43 {
44 DATA_BLOB confounder;
45 DATA_BLOB enc_buffer;
46
47 gnutls_hash_hd_t hash_hnd = NULL;
48 uint8_t _enc_key[16];
49 DATA_BLOB enc_key;
50
51 DATA_BLOB dec_buffer;
52
53 uint32_t crc32_given;
54 uint32_t crc32_calc;
55 DATA_BLOB checked_buffer;
56
57 DATA_BLOB plain_buffer;
58 WERROR result;
59 int rc;
60
61 /*
62 * users with rid == 0 should not exist
63 */
64 if (rid_crypt && rid == 0) {
65 return WERR_DS_DRA_INVALID_PARAMETER;
66 }
67
68 /*
69 * the first 16 bytes at the beginning are the confounder
70 * followed by the 4 byte crc32 checksum
71 */
72 if (in->length < 20) {
73 return WERR_DS_DRA_INVALID_PARAMETER;
74 }
75 confounder = data_blob_const(in->data, 16);
76 enc_buffer = data_blob_const(in->data + 16, in->length - 16);
77
78 /*
79 * build the encryption key md5 over the session key followed
80 * by the confounder
81 *
82 * here the gensec session key is used and
83 * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
84 */
85 enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
86
87 rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
88 if (rc < 0) {
89 result = WERR_NOT_ENOUGH_MEMORY;
90 goto out;
91 }
92 rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
93 if (rc < 0) {
94 gnutls_hash_deinit(hash_hnd, NULL);
95 result = WERR_INTERNAL_ERROR;
96 goto out;
97 }
98 rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
99 if (rc < 0) {
100 gnutls_hash_deinit(hash_hnd, NULL);
101 result = WERR_INTERNAL_ERROR;
102 goto out;
103 }
104
105 gnutls_hash_deinit(hash_hnd, enc_key.data);
106
107 /*
108 * copy the encrypted buffer part and
109 * decrypt it using the created encryption key using arcfour
110 */
111 dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length);
112 arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
113
114 ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
115
116 /*
117 * the first 4 byte are the crc32 checksum
118 * of the remaining bytes
119 */
120 crc32_given = IVAL(dec_buffer.data, 0);
121 crc32_calc = crc32(0, Z_NULL, 0);
122 crc32_calc = crc32(crc32_calc,
123 dec_buffer.data + 4 ,
124 dec_buffer.length - 4);
125 checked_buffer = data_blob_const(dec_buffer.data + 4, dec_buffer.length - 4);
126
127 plain_buffer = data_blob_talloc(mem_ctx, checked_buffer.data, checked_buffer.length);
128 W_ERROR_HAVE_NO_MEMORY(plain_buffer.data);
129
130 if (crc32_given != crc32_calc) {
131 result = W_ERROR(HRES_ERROR_V(HRES_SEC_E_DECRYPT_FAILURE));
132 goto out;
133 }
134 /*
135 * The following rid_crypt obfuscation isn't session specific
136 * and not really needed here, because we allways know the rid of the
137 * user account.
138 *
139 * some attributes with this 'additional encryption' include
140 * dBCSPwd, unicodePwd, ntPwdHistory, lmPwdHistory
141 *
142 * But for the rest of samba it's easier when we remove this static
143 * obfuscation here
144 */
145 if (rid_crypt) {
146 uint32_t i, num_hashes;
147
148 if ((checked_buffer.length % 16) != 0) {
149 result = WERR_DS_DRA_INVALID_PARAMETER;
150 goto out;
151 }
152
153 num_hashes = plain_buffer.length / 16;
154 for (i = 0; i < num_hashes; i++) {
155 uint32_t offset = i * 16;
156 sam_rid_crypt(rid, checked_buffer.data + offset, plain_buffer.data + offset, 0);
157 }
158 }
159
160 *out = plain_buffer;
161 result = WERR_OK;
162 out:
163 return result;
164 }
165
166 WERROR drsuapi_decrypt_attribute(TALLOC_CTX *mem_ctx,
167 const DATA_BLOB *gensec_skey,
168 uint32_t rid,
169 uint32_t dsdb_repl_flags,
170 struct drsuapi_DsReplicaAttribute *attr)
171 {
172 WERROR status;
173 DATA_BLOB *enc_data;
174 DATA_BLOB plain_data;
175 bool rid_crypt = false;
176
177 if (attr->value_ctr.num_values == 0) {
178 return WERR_OK;
179 }
180
181 switch (attr->attid) {
182 case DRSUAPI_ATTID_dBCSPwd:
183 case DRSUAPI_ATTID_unicodePwd:
184 case DRSUAPI_ATTID_ntPwdHistory:
185 case DRSUAPI_ATTID_lmPwdHistory:
186 rid_crypt = true;
187 break;
188 case DRSUAPI_ATTID_supplementalCredentials:
189 case DRSUAPI_ATTID_priorValue:
190 case DRSUAPI_ATTID_currentValue:
191 case DRSUAPI_ATTID_trustAuthOutgoing:
192 case DRSUAPI_ATTID_trustAuthIncoming:
193 case DRSUAPI_ATTID_initialAuthOutgoing:
194 case DRSUAPI_ATTID_initialAuthIncoming:
195 break;
196 default:
197 return WERR_OK;
198 }
199
200 if (dsdb_repl_flags & DSDB_REPL_FLAG_EXPECT_NO_SECRETS) {
201 return WERR_TOO_MANY_SECRETS;
202 }
203
204 if (attr->value_ctr.num_values > 1) {
205 return WERR_DS_DRA_INVALID_PARAMETER;
206 }
207
208 if (!attr->value_ctr.values[0].blob) {
209 return WERR_DS_DRA_INVALID_PARAMETER;
210 }
211
212 enc_data = attr->value_ctr.values[0].blob;
213
214 status = drsuapi_decrypt_attribute_value(mem_ctx,
215 gensec_skey,
216 rid_crypt,
217 rid,
218 enc_data,
219 &plain_data);
220 W_ERROR_NOT_OK_RETURN(status);
221
222 talloc_free(attr->value_ctr.values[0].blob->data);
223 *attr->value_ctr.values[0].blob = plain_data;
224
225 return WERR_OK;
226 }
227
228 static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
229 const DATA_BLOB *gensec_skey,
230 bool rid_crypt,
231 uint32_t rid,
232 DATA_BLOB *in,
233 DATA_BLOB *out)
234 {
235 DATA_BLOB rid_crypt_out = data_blob(NULL, 0);
236 DATA_BLOB confounder;
237
238 gnutls_hash_hd_t hash_hnd = NULL;
239 uint8_t _enc_key[16];
240 DATA_BLOB enc_key;
241
242 DATA_BLOB enc_buffer;
243
244 uint32_t crc32_calc;
245 WERROR result;
246 int rc;
247
248 /*
249 * users with rid == 0 should not exist
250 */
251 if (rid_crypt && rid == 0) {
252 return WERR_DS_DRA_INVALID_PARAMETER;
253 }
254
255 /*
256 * The following rid_crypt obfuscation isn't session specific
257 * and not really needed here, because we allways know the rid of the
258 * user account.
259 *
260 * some attributes with this 'additional encryption' include
261 * dBCSPwd, unicodePwd, ntPwdHistory, lmPwdHistory
262 *
263 * But for the rest of samba it's easier when we remove this static
264 * obfuscation here
265 */
266 if (rid_crypt) {
267 uint32_t i, num_hashes;
268 rid_crypt_out = data_blob_talloc(mem_ctx, in->data, in->length);
269 W_ERROR_HAVE_NO_MEMORY(rid_crypt_out.data);
270
271 if ((rid_crypt_out.length % 16) != 0) {
272 return WERR_DS_DRA_INVALID_PARAMETER;
273 }
274
275 num_hashes = rid_crypt_out.length / 16;
276 for (i = 0; i < num_hashes; i++) {
277 uint32_t offset = i * 16;
278 sam_rid_crypt(rid, in->data + offset, rid_crypt_out.data + offset, 1);
279 }
280 in = &rid_crypt_out;
281 }
282
283 /*
284 * the first 16 bytes at the beginning are the confounder
285 * followed by the 4 byte crc32 checksum
286 */
287
288 enc_buffer = data_blob_talloc(mem_ctx, NULL, in->length+20);
289 if (!enc_buffer.data) {
290 talloc_free(rid_crypt_out.data);
291 return WERR_NOT_ENOUGH_MEMORY;
292 };
293
294 confounder = data_blob_const(enc_buffer.data, 16);
295 generate_random_buffer(confounder.data, confounder.length);
296
297 /*
298 * build the encryption key md5 over the session key followed
299 * by the confounder
300 *
301 * here the gensec session key is used and
302 * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
303 */
304 enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
305
306 rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
307 if (rc < 0) {
308 result = WERR_NOT_ENOUGH_MEMORY;
309 goto out;
310 }
311
312 rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
313 if (rc < 0) {
314 gnutls_hash_deinit(hash_hnd, NULL);
315 result = WERR_INTERNAL_ERROR;
316 goto out;
317 }
318 rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
319 if (rc < 0) {
320 gnutls_hash_deinit(hash_hnd, NULL);
321 result = WERR_INTERNAL_ERROR;
322 goto out;
323 }
324 gnutls_hash_deinit(hash_hnd, enc_key.data);
325
326 /*
327 * the first 4 byte are the crc32 checksum
328 * of the remaining bytes
329 */
330 crc32_calc = crc32(0, Z_NULL, 0);
331 crc32_calc = crc32(crc32_calc, in->data, in->length);
332 SIVAL(enc_buffer.data, 16, crc32_calc);
333
334 /*
335 * copy the plain buffer part and
336 * encrypt it using the created encryption key using arcfour
337 */
338 memcpy(enc_buffer.data+20, in->data, in->length);
339 talloc_free(rid_crypt_out.data);
340
341 arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
342
343 ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
344
345 *out = enc_buffer;
346 result = WERR_OK;
347 out:
348 return result;
349 }
350
351 /*
352 encrypt a DRSUAPI attribute ready for sending over the wire
353 Only some attribute types are encrypted
354 */
355 WERROR drsuapi_encrypt_attribute(TALLOC_CTX *mem_ctx,
356 const DATA_BLOB *gensec_skey,
357 uint32_t rid,
358 struct drsuapi_DsReplicaAttribute *attr)
359 {
360 WERROR status;
361 DATA_BLOB *plain_data;
362 DATA_BLOB enc_data;
363 bool rid_crypt = false;
364
365 if (attr->value_ctr.num_values == 0) {
366 return WERR_OK;
367 }
368
369 switch (attr->attid) {
370 case DRSUAPI_ATTID_dBCSPwd:
371 case DRSUAPI_ATTID_unicodePwd:
372 case DRSUAPI_ATTID_ntPwdHistory:
373 case DRSUAPI_ATTID_lmPwdHistory:
374 rid_crypt = true;
375 break;
376 case DRSUAPI_ATTID_supplementalCredentials:
377 case DRSUAPI_ATTID_priorValue:
378 case DRSUAPI_ATTID_currentValue:
379 case DRSUAPI_ATTID_trustAuthOutgoing:
380 case DRSUAPI_ATTID_trustAuthIncoming:
381 case DRSUAPI_ATTID_initialAuthOutgoing:
382 case DRSUAPI_ATTID_initialAuthIncoming:
383 break;
384 default:
385 return WERR_OK;
386 }
387
388 if (attr->value_ctr.num_values > 1) {
389 return WERR_DS_DRA_INVALID_PARAMETER;
390 }
391
392 if (!attr->value_ctr.values[0].blob) {
393 return WERR_DS_DRA_INVALID_PARAMETER;
394 }
395
396 plain_data = attr->value_ctr.values[0].blob;
397
398 status = drsuapi_encrypt_attribute_value(mem_ctx,
399 gensec_skey,
400 rid_crypt,
401 rid,
402 plain_data,
403 &enc_data);
404 W_ERROR_NOT_OK_RETURN(status);
405
406 talloc_free(attr->value_ctr.values[0].blob->data);
407 *attr->value_ctr.values[0].blob = enc_data;
408
409 return WERR_OK;
410 }
411
Samba GIT mirror