search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
backupkey: Remove an unused variable
[Samba.git] / source4 / rpc_server / backupkey / dcesrv_backupkey.c
blob04308bc4632c29b4975a4e67f808c3db209a0fa2
1 /*
2 Unix SMB/CIFS implementation.
3
4 endpoint server for the backupkey interface
5
6 Copyright (C) Matthieu Patou <mat@samba.org> 2010
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "rpc_server/dcerpc_server.h"
24 #include "librpc/gen_ndr/ndr_backupkey.h"
25 #include "dsdb/common/util.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "lib/ldb/include/ldb_errors.h"
28 #include "../lib/util/util_ldb.h"
29 #include "param/param.h"
30 #include "auth/session.h"
31 #include "system/network.h"
32 #include <com_err.h>
33 #include <hx509.h>
34 #include <hcrypto/rsa.h>
35 #include <hcrypto/bn.h>
36 #include <hcrypto/sha.h>
37 #include <hcrypto/evp.h>
38 #include <hcrypto/hmac.h>
39 #include <der.h>
40 #include "../lib/tsocket/tsocket.h"
41 #include "../libcli/security/security.h"
42 #include "librpc/gen_ndr/ndr_security.h"
43 #include "lib/crypto/arcfour.h"
44 #include <gnutls/gnutls.h>
45 #include <gnutls/x509.h>
46 #if HAVE_GCRYPT_H
47 #include <gcrypt.h>
48 #endif
49
50
51 static const unsigned rsa_with_var_num[] = { 1, 2, 840, 113549, 1, 1, 1 };
52 /* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/
53 static const AlgorithmIdentifier _hx509_signature_rsa_with_var_num = {
54 { 7, discard_const_p(unsigned, rsa_with_var_num) }, NULL
55 };
56
57 static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
58 struct ldb_context *ldb,
59 const char *name,
60 const DATA_BLOB *lsa_secret)
61 {
62 struct ldb_message *msg;
63 struct ldb_result *res;
64 struct ldb_dn *domain_dn;
65 struct ldb_dn *system_dn;
66 struct ldb_val val;
67 int ret;
68 char *name2;
69 struct timeval now = timeval_current();
70 NTTIME nt_now = timeval_to_nttime(&now);
71 const char *attrs[] = {
72 NULL
73 };
74
75 domain_dn = ldb_get_default_basedn(ldb);
76 if (!domain_dn) {
77 return NT_STATUS_INTERNAL_ERROR;
78 }
79
80 msg = ldb_msg_new(mem_ctx);
81 if (msg == NULL) {
82 return NT_STATUS_NO_MEMORY;
83 }
84
85 /*
86 * This function is a lot like dcesrv_lsa_CreateSecret
87 * in the rpc_server/lsa directory
88 * The reason why we duplicate the effort here is that:
89 * * we want to keep the former function static
90 * * we want to avoid the burden of doing LSA calls
91 * when we can just manipulate the secrets directly
92 * * taillor the function to the particular needs of backup protocol
93 */
94
95 system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
96 if (system_dn == NULL) {
97 talloc_free(msg);
98 return NT_STATUS_NO_MEMORY;
99 }
100
101 name2 = talloc_asprintf(msg, "%s Secret", name);
102 if (name2 == NULL) {
103 talloc_free(msg);
104 return NT_STATUS_NO_MEMORY;
105 }
106
107 ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
108 "(&(cn=%s)(objectclass=secret))",
109 ldb_binary_encode_string(mem_ctx, name2));
110
111 if (ret != LDB_SUCCESS || res->count != 0 ) {
112 DEBUG(2, ("Secret %s already exists !\n", name2));
113 talloc_free(msg);
114 return NT_STATUS_OBJECT_NAME_COLLISION;
115 }
116
117 /*
118 * We don't care about previous value as we are
119 * here only if the key didn't exists before
120 */
121
122 msg->dn = ldb_dn_copy(mem_ctx, system_dn);
123 if (msg->dn == NULL) {
124 talloc_free(msg);
125 return NT_STATUS_NO_MEMORY;
126 }
127 if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
128 talloc_free(msg);
129 return NT_STATUS_NO_MEMORY;
130 }
131
132 ret = ldb_msg_add_string(msg, "cn", name2);
133 if (ret != LDB_SUCCESS) {
134 talloc_free(msg);
135 return NT_STATUS_NO_MEMORY;
136 }
137 ret = ldb_msg_add_string(msg, "objectClass", "secret");
138 if (ret != LDB_SUCCESS) {
139 talloc_free(msg);
140 return NT_STATUS_NO_MEMORY;
141 }
142 ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
143 if (ret != LDB_SUCCESS) {
144 talloc_free(msg);
145 return NT_STATUS_NO_MEMORY;
146 }
147 val.data = lsa_secret->data;
148 val.length = lsa_secret->length;
149 ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
150 if (ret != LDB_SUCCESS) {
151 talloc_free(msg);
152 return NT_STATUS_NO_MEMORY;
153 }
154 ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
155 if (ret != LDB_SUCCESS) {
156 talloc_free(msg);
157 return NT_STATUS_NO_MEMORY;
158 }
159
160 /*
161 * create the secret with DSDB_MODIFY_RELAX
162 * otherwise dsdb/samdb/ldb_modules/objectclass.c forbid
163 * the create of LSA secret object
164 */
165 ret = dsdb_add(ldb, msg, DSDB_MODIFY_RELAX);
166 if (ret != LDB_SUCCESS) {
167 DEBUG(2,("Failed to create secret record %s: %s\n",
168 ldb_dn_get_linearized(msg->dn),
169 ldb_errstring(ldb)));
170 talloc_free(msg);
171 return NT_STATUS_ACCESS_DENIED;
172 }
173
174 talloc_free(msg);
175 return NT_STATUS_OK;
176 }
177
178 /* This function is pretty much like dcesrv_lsa_QuerySecret */
179 static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
180 struct ldb_context *ldb,
181 const char *name,
182 DATA_BLOB *lsa_secret)
183 {
184 TALLOC_CTX *tmp_mem;
185 struct ldb_result *res;
186 struct ldb_dn *domain_dn;
187 struct ldb_dn *system_dn;
188 const struct ldb_val *val;
189 uint8_t *data;
190 const char *attrs[] = {
191 "currentValue",
192 NULL
193 };
194 int ret;
195
196 lsa_secret->data = NULL;
197 lsa_secret->length = 0;
198
199 domain_dn = ldb_get_default_basedn(ldb);
200 if (!domain_dn) {
201 return NT_STATUS_INTERNAL_ERROR;
202 }
203
204 tmp_mem = talloc_new(mem_ctx);
205 if (tmp_mem == NULL) {
206 return NT_STATUS_NO_MEMORY;
207 }
208
209 system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))");
210 if (system_dn == NULL) {
211 talloc_free(tmp_mem);
212 return NT_STATUS_NO_MEMORY;
213 }
214
215 ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
216 "(&(cn=%s Secret)(objectclass=secret))",
217 ldb_binary_encode_string(tmp_mem, name));
218
219 if (ret != LDB_SUCCESS) {
220 talloc_free(tmp_mem);
221 return NT_STATUS_INTERNAL_DB_CORRUPTION;
222 }
223 if (res->count == 0) {
224 talloc_free(tmp_mem);
225 return NT_STATUS_RESOURCE_NAME_NOT_FOUND;
226 }
227 if (res->count > 1) {
228 DEBUG(2, ("Secret %s collision\n", name));
229 talloc_free(tmp_mem);
230 return NT_STATUS_INTERNAL_DB_CORRUPTION;
231 }
232
233 val = ldb_msg_find_ldb_val(res->msgs[0], "currentValue");
234 if (val == NULL) {
235 /*
236 * The secret object is here but we don't have the secret value
237 * The most common case is a RODC
238 */
239 *lsa_secret = data_blob_null;
240 talloc_free(tmp_mem);
241 return NT_STATUS_OK;
242 }
243
244 data = val->data;
245 lsa_secret->data = talloc_move(mem_ctx, &data);
246 lsa_secret->length = val->length;
247
248 talloc_free(tmp_mem);
249 return NT_STATUS_OK;
250 }
251
252 static DATA_BLOB *reverse_and_get_blob(TALLOC_CTX *mem_ctx, BIGNUM *bn)
253 {
254 DATA_BLOB blob;
255 DATA_BLOB *rev = talloc(mem_ctx, DATA_BLOB);
256 uint32_t i;
257
258 blob.length = BN_num_bytes(bn);
259 blob.data = talloc_array(mem_ctx, uint8_t, blob.length);
260
261 if (blob.data == NULL) {
262 return NULL;
263 }
264
265 BN_bn2bin(bn, blob.data);
266
267 rev->data = talloc_array(mem_ctx, uint8_t, blob.length);
268 if (rev->data == NULL) {
269 return NULL;
270 }
271
272 for(i=0; i < blob.length; i++) {
273 rev->data[i] = blob.data[blob.length - i -1];
274 }
275 rev->length = blob.length;
276 talloc_free(blob.data);
277 return rev;
278 }
279
280 static BIGNUM *reverse_and_get_bignum(TALLOC_CTX *mem_ctx, DATA_BLOB *blob)
281 {
282 BIGNUM *ret;
283 DATA_BLOB rev;
284 uint32_t i;
285
286 rev.data = talloc_array(mem_ctx, uint8_t, blob->length);
287 if (rev.data == NULL) {
288 return NULL;
289 }
290
291 for(i=0; i < blob->length; i++) {
292 rev.data[i] = blob->data[blob->length - i -1];
293 }
294 rev.length = blob->length;
295
296 ret = BN_bin2bn(rev.data, rev.length, NULL);
297 talloc_free(rev.data);
298
299 return ret;
300 }
301
302 static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
303 struct bkrp_exported_RSA_key_pair *keypair,
304 hx509_private_key *pk)
305 {
306 hx509_context hctx;
307 RSA *rsa;
308 struct hx509_private_key_ops *ops;
309
310 hx509_context_init(&hctx);
311 ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
312 if (ops == NULL) {
313 DEBUG(2, ("Not supported algorithm\n"));
314 return NT_STATUS_INTERNAL_ERROR;
315 }
316
317 if (hx509_private_key_init(pk, ops, NULL) != 0) {
318 hx509_context_free(&hctx);
319 return NT_STATUS_NO_MEMORY;
320 }
321
322 rsa = RSA_new();
323 if (rsa ==NULL) {
324 hx509_context_free(&hctx);
325 return NT_STATUS_INVALID_PARAMETER;
326 }
327
328 rsa->n = reverse_and_get_bignum(ctx, &(keypair->modulus));
329 if (rsa->n == NULL) {
330 RSA_free(rsa);
331 hx509_context_free(&hctx);
332 return NT_STATUS_INVALID_PARAMETER;
333 }
334 rsa->d = reverse_and_get_bignum(ctx, &(keypair->private_exponent));
335 if (rsa->d == NULL) {
336 RSA_free(rsa);
337 hx509_context_free(&hctx);
338 return NT_STATUS_INVALID_PARAMETER;
339 }
340 rsa->p = reverse_and_get_bignum(ctx, &(keypair->prime1));
341 if (rsa->p == NULL) {
342 RSA_free(rsa);
343 hx509_context_free(&hctx);
344 return NT_STATUS_INVALID_PARAMETER;
345 }
346 rsa->q = reverse_and_get_bignum(ctx, &(keypair->prime2));
347 if (rsa->q == NULL) {
348 RSA_free(rsa);
349 hx509_context_free(&hctx);
350 return NT_STATUS_INVALID_PARAMETER;
351 }
352 rsa->dmp1 = reverse_and_get_bignum(ctx, &(keypair->exponent1));
353 if (rsa->dmp1 == NULL) {
354 RSA_free(rsa);
355 hx509_context_free(&hctx);
356 return NT_STATUS_INVALID_PARAMETER;
357 }
358 rsa->dmq1 = reverse_and_get_bignum(ctx, &(keypair->exponent2));
359 if (rsa->dmq1 == NULL) {
360 RSA_free(rsa);
361 hx509_context_free(&hctx);
362 return NT_STATUS_INVALID_PARAMETER;
363 }
364 rsa->iqmp = reverse_and_get_bignum(ctx, &(keypair->coefficient));
365 if (rsa->iqmp == NULL) {
366 RSA_free(rsa);
367 hx509_context_free(&hctx);
368 return NT_STATUS_INVALID_PARAMETER;
369 }
370 rsa->e = reverse_and_get_bignum(ctx, &(keypair->public_exponent));
371 if (rsa->e == NULL) {
372 RSA_free(rsa);
373 hx509_context_free(&hctx);
374 return NT_STATUS_INVALID_PARAMETER;
375 }
376
377 hx509_private_key_assign_rsa(*pk, rsa);
378
379 hx509_context_free(&hctx);
380 return NT_STATUS_OK;
381 }
382
383 static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
384 uint32_t version,
385 uint8_t *key_and_iv,
386 uint8_t *access_check,
387 uint32_t access_check_len,
388 struct auth_session_info *session_info)
389 {
390 heim_octet_string iv;
391 heim_octet_string access_check_os;
392 hx509_crypto crypto;
393
394 DATA_BLOB blob_us;
395 uint32_t key_len;
396 uint32_t iv_len;
397 int res;
398 enum ndr_err_code ndr_err;
399 hx509_context hctx;
400
401 struct dom_sid *access_sid = NULL;
402 struct dom_sid *caller_sid = NULL;
403
404 /* This one should not be freed */
405 const AlgorithmIdentifier *alg;
406
407 switch (version) {
408 case 2:
409 key_len = 24;
410 iv_len = 8;
411 alg = hx509_crypto_des_rsdi_ede3_cbc();
412 break;
413
414 case 3:
415 key_len = 32;
416 iv_len = 16;
417 alg =hx509_crypto_aes256_cbc();
418 break;
419
420 default:
421 return WERR_INVALID_DATA;
422 }
423
424 hx509_context_init(&hctx);
425 res = hx509_crypto_init(hctx, NULL,
426 &(alg->algorithm),
427 &crypto);
428 hx509_context_free(&hctx);
429
430 if (res != 0) {
431 return WERR_INVALID_DATA;
432 }
433
434 res = hx509_crypto_set_key_data(crypto, key_and_iv, key_len);
435
436 iv.data = talloc_memdup(sub_ctx, key_len + key_and_iv, iv_len);
437 iv.length = iv_len;
438
439 if (res != 0) {
440 hx509_crypto_destroy(crypto);
441 return WERR_INVALID_DATA;
442 }
443
444 hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
445 res = hx509_crypto_decrypt(crypto,
446 access_check,
447 access_check_len,
448 &iv,
449 &access_check_os);
450
451 if (res != 0) {
452 hx509_crypto_destroy(crypto);
453 return WERR_INVALID_DATA;
454 }
455
456 blob_us.data = access_check_os.data;
457 blob_us.length = access_check_os.length;
458
459 hx509_crypto_destroy(crypto);
460
461 switch (version) {
462 case 2:
463 {
464 uint32_t hash_size = 20;
465 uint8_t hash[hash_size];
466 struct sha sctx;
467 struct bkrp_access_check_v2 uncrypted_accesscheckv2;
468
469 ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv2,
470 (ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v2);
471 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
472 /* Unable to unmarshall */
473 der_free_octet_string(&access_check_os);
474 return WERR_INVALID_DATA;
475 }
476 if (uncrypted_accesscheckv2.magic != 0x1) {
477 /* wrong magic */
478 der_free_octet_string(&access_check_os);
479 return WERR_INVALID_DATA;
480 }
481
482 SHA1_Init(&sctx);
483 SHA1_Update(&sctx, blob_us.data, blob_us.length - hash_size);
484 SHA1_Final(hash, &sctx);
485 der_free_octet_string(&access_check_os);
486 /*
487 * We free it after the sha1 calculation because blob.data
488 * point to the same area
489 */
490
491 if (memcmp(hash, uncrypted_accesscheckv2.hash, hash_size) != 0) {
492 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
493 return WERR_INVALID_DATA;
494 }
495 access_sid = &(uncrypted_accesscheckv2.sid);
496 break;
497 }
498 case 3:
499 {
500 uint32_t hash_size = 64;
501 uint8_t hash[hash_size];
502 struct hc_sha512state sctx;
503 struct bkrp_access_check_v3 uncrypted_accesscheckv3;
504
505 ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv3,
506 (ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v3);
507 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
508 /* Unable to unmarshall */
509 der_free_octet_string(&access_check_os);
510 return WERR_INVALID_DATA;
511 }
512 if (uncrypted_accesscheckv3.magic != 0x1) {
513 /* wrong magic */
514 der_free_octet_string(&access_check_os);
515 return WERR_INVALID_DATA;
516 }
517
518 SHA512_Init(&sctx);
519 SHA512_Update(&sctx, blob_us.data, blob_us.length - hash_size);
520 SHA512_Final(hash, &sctx);
521 der_free_octet_string(&access_check_os);
522 /*
523 * We free it after the sha1 calculation because blob.data
524 * point to the same area
525 */
526
527 if (memcmp(hash, uncrypted_accesscheckv3.hash, hash_size) != 0) {
528 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
529 return WERR_INVALID_DATA;
530 }
531 access_sid = &(uncrypted_accesscheckv3.sid);
532 break;
533 }
534 default:
535 /* Never reached normally as we filtered at the switch / case level */
536 return WERR_INVALID_DATA;
537 }
538
539 caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
540
541 if (!dom_sid_equal(caller_sid, access_sid)) {
542 return WERR_INVALID_ACCESS;
543 }
544 return WERR_OK;
545 }
546
547 /*
548 * We have some data, such as saved website or IMAP passwords that the
549 * client has in profile on-disk. This needs to be decrypted. This
550 * version gives the server the data over the network (protected by
551 * the X.509 certificate and public key encryption, and asks that it
552 * be decrypted returned for short-term use, protected only by the
553 * negotiated transport encryption.
554 *
555 * The data is NOT stored in the LSA, but a X.509 certificate, public
556 * and private keys used to encrypt the data will be stored. There is
557 * only one active encryption key pair and certificate per domain, it
558 * is pointed at with G$BCKUPKEY_PREFERRED in the LSA secrets store.
559 *
560 * The potentially multiple valid decrypting key pairs are in turn
561 * stored in the LSA secrets store as G$BCKUPKEY_keyGuidString.
562 *
563 */
564 static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
565 TALLOC_CTX *mem_ctx,
566 struct bkrp_BackupKey *r,
567 struct ldb_context *ldb_ctx)
568 {
569 struct bkrp_client_side_wrapped uncrypt_request;
570 DATA_BLOB blob;
571 enum ndr_err_code ndr_err;
572 char *guid_string;
573 char *cert_secret_name;
574 DATA_BLOB lsa_secret;
575 DATA_BLOB *uncrypted_data = NULL;
576 NTSTATUS status;
577 uint32_t requested_version;
578
579 blob.data = r->in.data_in;
580 blob.length = r->in.data_in_len;
581
582 if (r->in.data_in_len < 4 || r->in.data_in == NULL) {
583 return WERR_INVALID_PARAM;
584 }
585
586 /*
587 * We check for the version here, so we can actually print the
588 * message as we are unlikely to parse it with NDR.
589 */
590 requested_version = IVAL(r->in.data_in, 0);
591 if ((requested_version != BACKUPKEY_CLIENT_WRAP_VERSION2)
592 && (requested_version != BACKUPKEY_CLIENT_WRAP_VERSION3)) {
593 DEBUG(1, ("Request for unknown BackupKey sub-protocol %d\n", requested_version));
594 return WERR_INVALID_PARAMETER;
595 }
596
597 ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &uncrypt_request,
598 (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_wrapped);
599 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
600 return WERR_INVALID_PARAM;
601 }
602
603 if ((uncrypt_request.version != BACKUPKEY_CLIENT_WRAP_VERSION2)
604 && (uncrypt_request.version != BACKUPKEY_CLIENT_WRAP_VERSION3)) {
605 DEBUG(1, ("Request for unknown BackupKey sub-protocol %d\n", uncrypt_request.version));
606 return WERR_INVALID_PARAMETER;
607 }
608
609 guid_string = GUID_string(mem_ctx, &uncrypt_request.guid);
610 if (guid_string == NULL) {
611 return WERR_NOMEM;
612 }
613
614 cert_secret_name = talloc_asprintf(mem_ctx,
615 "BCKUPKEY_%s",
616 guid_string);
617 if (cert_secret_name == NULL) {
618 return WERR_NOMEM;
619 }
620
621 status = get_lsa_secret(mem_ctx,
622 ldb_ctx,
623 cert_secret_name,
624 &lsa_secret);
625 if (!NT_STATUS_IS_OK(status)) {
626 DEBUG(10, ("Error while fetching secret %s\n", cert_secret_name));
627 return WERR_INVALID_DATA;
628 } else if (lsa_secret.length == 0) {
629 /* we do not have the real secret attribute, like if we are an RODC */
630 return WERR_INVALID_PARAMETER;
631 } else {
632 hx509_context hctx;
633 struct bkrp_exported_RSA_key_pair keypair;
634 hx509_private_key pk;
635 uint32_t i, res;
636 heim_octet_string reversed_secret;
637 heim_octet_string uncrypted_secret;
638 AlgorithmIdentifier alg;
639 DATA_BLOB blob_us;
640 WERROR werr;
641
642 ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, &keypair, (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
643 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
644 DEBUG(2, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name));
645 return WERR_FILE_NOT_FOUND;
646 }
647
648 status = get_pk_from_raw_keypair_params(mem_ctx, &keypair, &pk);
649 if (!NT_STATUS_IS_OK(status)) {
650 return WERR_INTERNAL_ERROR;
651 }
652
653 reversed_secret.data = talloc_array(mem_ctx, uint8_t,
654 uncrypt_request.encrypted_secret_len);
655 if (reversed_secret.data == NULL) {
656 hx509_private_key_free(&pk);
657 return WERR_NOMEM;
658 }
659
660 /* The secret has to be reversed ... */
661 for(i=0; i< uncrypt_request.encrypted_secret_len; i++) {
662 uint8_t *reversed = (uint8_t *)reversed_secret.data;
663 uint8_t *uncrypt = uncrypt_request.encrypted_secret;
664 reversed[i] = uncrypt[uncrypt_request.encrypted_secret_len - 1 - i];
665 }
666 reversed_secret.length = uncrypt_request.encrypted_secret_len;
667
668 /*
669 * Let's try to decrypt the secret now that
670 * we have the private key ...
671 */
672 hx509_context_init(&hctx);
673 res = hx509_private_key_private_decrypt(hctx, &reversed_secret,
674 &alg.algorithm, pk,
675 &uncrypted_secret);
676 hx509_context_free(&hctx);
677 hx509_private_key_free(&pk);
678 if (res != 0) {
679 /* We are not able to decrypt the secret, looks like something is wrong */
680 return WERR_INVALID_PARAMETER;
681 }
682 blob_us.data = uncrypted_secret.data;
683 blob_us.length = uncrypted_secret.length;
684
685 if (uncrypt_request.version == 2) {
686 struct bkrp_encrypted_secret_v2 uncrypted_secretv2;
687
688 ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv2,
689 (ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v2);
690 der_free_octet_string(&uncrypted_secret);
691 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
692 /* Unable to unmarshall */
693 return WERR_INVALID_DATA;
694 }
695 if (uncrypted_secretv2.magic != 0x20) {
696 /* wrong magic */
697 return WERR_INVALID_DATA;
698 }
699
700 werr = get_and_verify_access_check(mem_ctx, 2,
701 uncrypted_secretv2.payload_key,
702 uncrypt_request.access_check,
703 uncrypt_request.access_check_len,
704 dce_call->conn->auth_state.session_info);
705 if (!W_ERROR_IS_OK(werr)) {
706 return werr;
707 }
708 uncrypted_data = talloc(mem_ctx, DATA_BLOB);
709 if (uncrypted_data == NULL) {
710 return WERR_INVALID_DATA;
711 }
712
713 uncrypted_data->data = uncrypted_secretv2.secret;
714 uncrypted_data->length = uncrypted_secretv2.secret_len;
715 }
716 if (uncrypt_request.version == 3) {
717 struct bkrp_encrypted_secret_v3 uncrypted_secretv3;
718
719 ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv3,
720 (ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v3);
721
722 der_free_octet_string(&uncrypted_secret);
723 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
724 /* Unable to unmarshall */
725 return WERR_INVALID_DATA;
726 }
727
728 if (uncrypted_secretv3.magic1 != 0x30 ||
729 uncrypted_secretv3.magic2 != 0x6610 ||
730 uncrypted_secretv3.magic3 != 0x800e) {
731 /* wrong magic */
732 return WERR_INVALID_DATA;
733 }
734
735 /*
736 * Confirm that the caller is permitted to
737 * read this particular data. Because one key
738 * pair is used per domain, the caller could
739 * have stolen the profile data on-disk and
740 * would otherwise be able to read the
741 * passwords.
742 */
743
744 werr = get_and_verify_access_check(mem_ctx, 3,
745 uncrypted_secretv3.payload_key,
746 uncrypt_request.access_check,
747 uncrypt_request.access_check_len,
748 dce_call->conn->auth_state.session_info);
749 if (!W_ERROR_IS_OK(werr)) {
750 return werr;
751 }
752
753 uncrypted_data = talloc(mem_ctx, DATA_BLOB);
754 if (uncrypted_data == NULL) {
755 return WERR_INVALID_DATA;
756 }
757
758 uncrypted_data->data = uncrypted_secretv3.secret;
759 uncrypted_data->length = uncrypted_secretv3.secret_len;
760 }
761
762 /*
763 * Yeah if we are here all looks pretty good:
764 * - hash is ok
765 * - user sid is the same as the one in access check
766 * - we were able to decrypt the whole stuff
767 */
768 }
769
770 if (uncrypted_data->data == NULL) {
771 return WERR_INVALID_DATA;
772 }
773
774 /* There is a magic value a the beginning of the data
775 * we can use an adhoc structure but as the
776 * parent structure is just an array of bytes it a lot of work
777 * work just prepending 4 bytes
778 */
779 *(r->out.data_out) = talloc_zero_array(mem_ctx, uint8_t, uncrypted_data->length + 4);
780 W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
781 memcpy(4+*(r->out.data_out), uncrypted_data->data, uncrypted_data->length);
782 *(r->out.data_out_len) = uncrypted_data->length + 4;
783
784 return WERR_OK;
785 }
786
787 /*
788 * Strictly, this function no longer uses Heimdal in order to generate an RSA
789 * key, but GnuTLS.
790 *
791 * The resulting key is then imported into Heimdal's RSA structure.
792 *
793 * We use GnuTLS because it can reliably generate 2048 bit keys every time.
794 * Windows clients strictly require 2048, no more since it won't fit and no
795 * less either. Heimdal would almost always generate a smaller key.
796 */
797 static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
798 hx509_private_key *pk, RSA **rsa)
799 {
800 int ret;
801 uint8_t *p0 = NULL;
802 const uint8_t *p;
803 size_t len;
804 int bits = 2048;
805 int RSA_returned_bits;
806 gnutls_x509_privkey gtls_key;
807 WERROR werr;
808
809 *rsa = NULL;
810
811 gnutls_global_init();
812 #ifdef HAVE_GCRYPT_H
813 DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
814 gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
815 #endif
816 ret = gnutls_x509_privkey_init(&gtls_key);
817 if (ret != 0) {
818 gnutls_global_deinit();
819 return WERR_INTERNAL_ERROR;
820 }
821
822 /*
823 * Unlike Heimdal's RSA_generate_key_ex(), this generates a
824 * 2048 bit key 100% of the time. The heimdal code had a ~1/8
825 * chance of doing so, chewing vast quantities of computation
826 * and entropy in the process.
827 */
828
829 ret = gnutls_x509_privkey_generate(gtls_key, GNUTLS_PK_RSA, bits, 0);
830 if (ret != 0) {
831 werr = WERR_INTERNAL_ERROR;
832 goto done;
833 }
834
835 /* No need to check error code, this SHOULD fail */
836 gnutls_x509_privkey_export(gtls_key, GNUTLS_X509_FMT_DER, NULL, &len);
837
838 if (len < 1) {
839 werr = WERR_INTERNAL_ERROR;
840 goto done;
841 }
842
843 p0 = talloc_size(ctx, len);
844 if (p0 == NULL) {
845 werr = WERR_NOMEM;
846 goto done;
847 }
848 p = p0;
849
850 /*
851 * Only this GnuTLS export function correctly exports the key,
852 * we can't use gnutls_rsa_params_export_raw() because while
853 * it appears to be fixed in more recent versions, in the
854 * Ubuntu 14.04 version 2.12.23 (at least) it incorrectly
855 * exports one of the key parameters (qInv). Additionally, we
856 * would have to work around subtle differences in big number
857 * representations.
858 *
859 * We need access to the RSA parameters directly (in the
860 * parameter RSA **rsa) as the caller has to manually encode
861 * them in a non-standard data structure.
862 */
863 ret = gnutls_x509_privkey_export(gtls_key, GNUTLS_X509_FMT_DER, p0, &len);
864
865 if (ret != 0) {
866 werr = WERR_INTERNAL_ERROR;
867 goto done;
868 }
869
870 /*
871 * To dump the key we can use :
872 * rk_dumpdata("h5lkey", p0, len);
873 */
874 ret = hx509_parse_private_key(*hctx, &_hx509_signature_rsa_with_var_num ,
875 p0, len, HX509_KEY_FORMAT_DER, pk);
876
877 if (ret != 0) {
878 werr = WERR_INTERNAL_ERROR;
879 goto done;
880 }
881
882 *rsa = d2i_RSAPrivateKey(NULL, &p, len);
883 TALLOC_FREE(p0);
884
885 if (*rsa == NULL) {
886 hx509_private_key_free(pk);
887 werr = WERR_INTERNAL_ERROR;
888 goto done;
889 }
890
891 RSA_returned_bits = BN_num_bits((*rsa)->n);
892 DEBUG(6, ("GnuTLS returned an RSA private key with %d bits\n", RSA_returned_bits));
893
894 if (RSA_returned_bits != bits) {
895 DEBUG(0, ("GnuTLS unexpectedly returned an RSA private key with %d bits, needed %d\n", RSA_returned_bits, bits));
896 hx509_private_key_free(pk);
897 werr = WERR_INTERNAL_ERROR;
898 goto done;
899 }
900
901 werr = WERR_OK;
902
903 done:
904 if (p0 != NULL) {
905 memset(p0, 0, len);
906 TALLOC_FREE(p0);
907 }
908
909 gnutls_x509_privkey_deinit(gtls_key);
910 gnutls_global_deinit();
911 return werr;
912 }
913
914 static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *req,
915 time_t lifetime, hx509_private_key *private_key,
916 hx509_cert *cert, DATA_BLOB *guidblob)
917 {
918 SubjectPublicKeyInfo spki;
919 hx509_name subject = NULL;
920 hx509_ca_tbs tbs;
921 struct heim_bit_string uniqueid;
922 struct heim_integer serialnumber;
923 int ret, i;
924
925 uniqueid.data = talloc_memdup(ctx, guidblob->data, guidblob->length);
926 if (uniqueid.data == NULL) {
927 return WERR_NOMEM;
928 }
929 /* uniqueid is a bit string in which each byte represent 1 bit (1 or 0)
930 * so as 1 byte is 8 bits we need to provision 8 times more space as in the
931 * blob
932 */
933 uniqueid.length = 8 * guidblob->length;
934
935 serialnumber.data = talloc_array(ctx, uint8_t,
936 guidblob->length);
937 if (serialnumber.data == NULL) {
938 talloc_free(uniqueid.data);
939 return WERR_NOMEM;
940 }
941
942 /* Native AD generates certificates with serialnumber in reversed notation */
943 for (i = 0; i < guidblob->length; i++) {
944 uint8_t *reversed = (uint8_t *)serialnumber.data;
945 uint8_t *uncrypt = guidblob->data;
946 reversed[i] = uncrypt[guidblob->length - 1 - i];
947 }
948 serialnumber.length = guidblob->length;
949 serialnumber.negative = 0;
950
951 memset(&spki, 0, sizeof(spki));
952
953 ret = hx509_request_get_name(*hctx, *req, &subject);
954 if (ret !=0) {
955 goto fail_subject;
956 }
957 ret = hx509_request_get_SubjectPublicKeyInfo(*hctx, *req, &spki);
958 if (ret !=0) {
959 goto fail_spki;
960 }
961
962 ret = hx509_ca_tbs_init(*hctx, &tbs);
963 if (ret !=0) {
964 goto fail_tbs;
965 }
966
967 ret = hx509_ca_tbs_set_spki(*hctx, tbs, &spki);
968 if (ret !=0) {
969 goto fail;
970 }
971 ret = hx509_ca_tbs_set_subject(*hctx, tbs, subject);
972 if (ret !=0) {
973 goto fail;
974 }
975 ret = hx509_ca_tbs_set_ca(*hctx, tbs, 1);
976 if (ret !=0) {
977 goto fail;
978 }
979 ret = hx509_ca_tbs_set_notAfter_lifetime(*hctx, tbs, lifetime);
980 if (ret !=0) {
981 goto fail;
982 }
983 ret = hx509_ca_tbs_set_unique(*hctx, tbs, &uniqueid, &uniqueid);
984 if (ret !=0) {
985 goto fail;
986 }
987 ret = hx509_ca_tbs_set_serialnumber(*hctx, tbs, &serialnumber);
988 if (ret !=0) {
989 goto fail;
990 }
991 ret = hx509_ca_sign_self(*hctx, tbs, *private_key, cert);
992 if (ret !=0) {
993 goto fail;
994 }
995 hx509_name_free(&subject);
996 free_SubjectPublicKeyInfo(&spki);
997 hx509_ca_tbs_free(&tbs);
998
999 return WERR_OK;
1000
1001 fail:
1002 hx509_ca_tbs_free(&tbs);
1003 fail_tbs:
1004 free_SubjectPublicKeyInfo(&spki);
1005 fail_spki:
1006 hx509_name_free(&subject);
1007 fail_subject:
1008 talloc_free(uniqueid.data);
1009 talloc_free(serialnumber.data);
1010 return WERR_INTERNAL_ERROR;
1011 }
1012
1013 static WERROR create_req(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *req,
1014 hx509_private_key *signer,RSA **rsa, const char *dn)
1015 {
1016 int ret;
1017 SubjectPublicKeyInfo key;
1018
1019 hx509_name name;
1020 WERROR werr;
1021
1022 werr = create_heimdal_rsa_key(ctx, hctx, signer, rsa);
1023 if (!W_ERROR_IS_OK(werr)) {
1024 return werr;
1025 }
1026
1027 hx509_request_init(*hctx, req);
1028 ret = hx509_parse_name(*hctx, dn, &name);
1029 if (ret != 0) {
1030 RSA_free(*rsa);
1031 hx509_private_key_free(signer);
1032 hx509_request_free(req);
1033 hx509_name_free(&name);
1034 return WERR_INTERNAL_ERROR;
1035 }
1036
1037 ret = hx509_request_set_name(*hctx, *req, name);
1038 if (ret != 0) {
1039 RSA_free(*rsa);
1040 hx509_private_key_free(signer);
1041 hx509_request_free(req);
1042 hx509_name_free(&name);
1043 return WERR_INTERNAL_ERROR;
1044 }
1045 hx509_name_free(&name);
1046
1047 ret = hx509_private_key2SPKI(*hctx, *signer, &key);
1048 if (ret != 0) {
1049 RSA_free(*rsa);
1050 hx509_private_key_free(signer);
1051 hx509_request_free(req);
1052 return WERR_INTERNAL_ERROR;
1053 }
1054 ret = hx509_request_set_SubjectPublicKeyInfo(*hctx, *req, &key);
1055 if (ret != 0) {
1056 RSA_free(*rsa);
1057 hx509_private_key_free(signer);
1058 free_SubjectPublicKeyInfo(&key);
1059 hx509_request_free(req);
1060 return WERR_INTERNAL_ERROR;
1061 }
1062
1063 free_SubjectPublicKeyInfo(&key);
1064
1065 return WERR_OK;
1066 }
1067
1068 /* Return an error when we fail to generate a certificate */
1069 static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_call, struct ldb_context *ldb_ctx, const char *dn)
1070 {
1071 heim_octet_string data;
1072 WERROR werr;
1073 RSA *rsa;
1074 hx509_context hctx;
1075 hx509_private_key pk;
1076 hx509_request req;
1077 hx509_cert cert;
1078 DATA_BLOB blob;
1079 DATA_BLOB blobkeypair;
1080 DATA_BLOB *tmp;
1081 int ret;
1082 bool ok = true;
1083 struct GUID guid = GUID_random();
1084 NTSTATUS status;
1085 char *secret_name;
1086 struct bkrp_exported_RSA_key_pair keypair;
1087 enum ndr_err_code ndr_err;
1088 uint32_t nb_seconds_validity = 3600 * 24 * 365;
1089
1090 DEBUG(6, ("Trying to generate a certificate\n"));
1091 hx509_context_init(&hctx);
1092 werr = create_req(ctx, &hctx, &req, &pk, &rsa, dn);
1093 if (!W_ERROR_IS_OK(werr)) {
1094 hx509_context_free(&hctx);
1095 return werr;
1096 }
1097
1098 status = GUID_to_ndr_blob(&guid, ctx, &blob);
1099 if (!NT_STATUS_IS_OK(status)) {
1100 hx509_context_free(&hctx);
1101 hx509_private_key_free(&pk);
1102 RSA_free(rsa);
1103 return WERR_INVALID_DATA;
1104 }
1105
1106 werr = self_sign_cert(ctx, &hctx, &req, nb_seconds_validity, &pk, &cert, &blob);
1107 if (!W_ERROR_IS_OK(werr)) {
1108 hx509_private_key_free(&pk);
1109 hx509_context_free(&hctx);
1110 return WERR_INVALID_DATA;
1111 }
1112
1113 ret = hx509_cert_binary(hctx, cert, &data);
1114 if (ret !=0) {
1115 hx509_cert_free(cert);
1116 hx509_private_key_free(&pk);
1117 hx509_context_free(&hctx);
1118 return WERR_INVALID_DATA;
1119 }
1120
1121 keypair.cert.data = talloc_memdup(ctx, data.data, data.length);
1122 keypair.cert.length = data.length;
1123
1124 /*
1125 * Heimdal's bignum are big endian and the
1126 * structure expect it to be in little endian
1127 * so we reverse the buffer to make it work
1128 */
1129 tmp = reverse_and_get_blob(ctx, rsa->e);
1130 if (tmp == NULL) {
1131 ok = false;
1132 } else {
1133 keypair.public_exponent = *tmp;
1134 SMB_ASSERT(tmp->length <= 4);
1135 /*
1136 * The value is now in little endian but if can happen that the length is
1137 * less than 4 bytes.
1138 * So if we have less than 4 bytes we pad with zeros so that it correctly
1139 * fit into the structure.
1140 */
1141 if (tmp->length < 4) {
1142 /*
1143 * We need the expo to fit 4 bytes
1144 */
1145 keypair.public_exponent.data = talloc_zero_array(ctx, uint8_t, 4);
1146 memcpy(keypair.public_exponent.data, tmp->data, tmp->length);
1147 keypair.public_exponent.length = 4;
1148 }
1149 }
1150
1151 tmp = reverse_and_get_blob(ctx,rsa->d);
1152 if (tmp == NULL) {
1153 ok = false;
1154 } else {
1155 keypair.private_exponent = *tmp;
1156 }
1157
1158 tmp = reverse_and_get_blob(ctx,rsa->n);
1159 if (tmp == NULL) {
1160 ok = false;
1161 } else {
1162 keypair.modulus = *tmp;
1163 }
1164
1165 tmp = reverse_and_get_blob(ctx,rsa->p);
1166 if (tmp == NULL) {
1167 ok = false;
1168 } else {
1169 keypair.prime1 = *tmp;
1170 }
1171
1172 tmp = reverse_and_get_blob(ctx,rsa->q);
1173 if (tmp == NULL) {
1174 ok = false;
1175 } else {
1176 keypair.prime2 = *tmp;
1177 }
1178
1179 tmp = reverse_and_get_blob(ctx,rsa->dmp1);
1180 if (tmp == NULL) {
1181 ok = false;
1182 } else {
1183 keypair.exponent1 = *tmp;
1184 }
1185
1186 tmp = reverse_and_get_blob(ctx,rsa->dmq1);
1187 if (tmp == NULL) {
1188 ok = false;
1189 } else {
1190 keypair.exponent2 = *tmp;
1191 }
1192
1193 tmp = reverse_and_get_blob(ctx,rsa->iqmp);
1194 if (tmp == NULL) {
1195 ok = false;
1196 } else {
1197 keypair.coefficient = *tmp;
1198 }
1199
1200 /* One of the keypair allocation was wrong */
1201 if (ok == false) {
1202 der_free_octet_string(&data);
1203 hx509_cert_free(cert);
1204 hx509_private_key_free(&pk);
1205 hx509_context_free(&hctx);
1206 RSA_free(rsa);
1207 return WERR_INVALID_DATA;
1208 }
1209 keypair.certificate_len = keypair.cert.length;
1210 ndr_err = ndr_push_struct_blob(&blobkeypair, ctx, &keypair, (ndr_push_flags_fn_t)ndr_push_bkrp_exported_RSA_key_pair);
1211 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1212 der_free_octet_string(&data);
1213 hx509_cert_free(cert);
1214 hx509_private_key_free(&pk);
1215 hx509_context_free(&hctx);
1216 RSA_free(rsa);
1217 return WERR_INVALID_DATA;
1218 }
1219
1220 secret_name = talloc_asprintf(ctx, "BCKUPKEY_%s", GUID_string(ctx, &guid));
1221 if (secret_name == NULL) {
1222 der_free_octet_string(&data);
1223 hx509_cert_free(cert);
1224 hx509_private_key_free(&pk);
1225 hx509_context_free(&hctx);
1226 RSA_free(rsa);
1227 return WERR_OUTOFMEMORY;
1228 }
1229
1230 status = set_lsa_secret(ctx, ldb_ctx, secret_name, &blobkeypair);
1231 if (!NT_STATUS_IS_OK(status)) {
1232 DEBUG(2, ("Failed to save the secret %s\n", secret_name));
1233 }
1234 talloc_free(secret_name);
1235
1236 GUID_to_ndr_blob(&guid, ctx, &blob);
1237 status = set_lsa_secret(ctx, ldb_ctx, "BCKUPKEY_PREFERRED", &blob);
1238 if (!NT_STATUS_IS_OK(status)) {
1239 DEBUG(2, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
1240 }
1241
1242 der_free_octet_string(&data);
1243 hx509_cert_free(cert);
1244 hx509_private_key_free(&pk);
1245 hx509_context_free(&hctx);
1246 RSA_free(rsa);
1247 return WERR_OK;
1248 }
1249
1250 static WERROR bkrp_retrieve_client_wrap_key(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1251 struct bkrp_BackupKey *r, struct ldb_context *ldb_ctx)
1252 {
1253 struct GUID guid;
1254 char *guid_string;
1255 DATA_BLOB lsa_secret;
1256 enum ndr_err_code ndr_err;
1257 NTSTATUS status;
1258
1259 /*
1260 * here we basicaly need to return our certificate
1261 * search for lsa secret BCKUPKEY_PREFERRED first
1262 */
1263
1264 status = get_lsa_secret(mem_ctx,
1265 ldb_ctx,
1266 "BCKUPKEY_PREFERRED",
1267 &lsa_secret);
1268 if (NT_STATUS_EQUAL(status, NT_STATUS_RESOURCE_NAME_NOT_FOUND)) {
1269 /* Ok we can be in this case if there was no certs */
1270 struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
1271 char *dn = talloc_asprintf(mem_ctx, "CN=%s",
1272 lpcfg_realm(lp_ctx));
1273
1274 WERROR werr = generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);
1275 if (!W_ERROR_IS_OK(werr)) {
1276 return WERR_INVALID_PARAMETER;
1277 }
1278 status = get_lsa_secret(mem_ctx,
1279 ldb_ctx,
1280 "BCKUPKEY_PREFERRED",
1281 &lsa_secret);
1282
1283 if (!NT_STATUS_IS_OK(status)) {
1284 /* Ok we really don't manage to get this certs ...*/
1285 DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
1286 return WERR_FILE_NOT_FOUND;
1287 }
1288 } else if (!NT_STATUS_IS_OK(status)) {
1289 return WERR_INTERNAL_ERROR;
1290 }
1291
1292 if (lsa_secret.length == 0) {
1293 DEBUG(1, ("No secret in BCKUPKEY_PREFERRED, are we an undetected RODC?\n"));
1294 return WERR_INTERNAL_ERROR;
1295 } else {
1296 char *cert_secret_name;
1297
1298 status = GUID_from_ndr_blob(&lsa_secret, &guid);
1299 if (!NT_STATUS_IS_OK(status)) {
1300 return WERR_FILE_NOT_FOUND;
1301 }
1302
1303 guid_string = GUID_string(mem_ctx, &guid);
1304 if (guid_string == NULL) {
1305 /* We return file not found because the client
1306 * expect this error
1307 */
1308 return WERR_FILE_NOT_FOUND;
1309 }
1310
1311 cert_secret_name = talloc_asprintf(mem_ctx,
1312 "BCKUPKEY_%s",
1313 guid_string);
1314 status = get_lsa_secret(mem_ctx,
1315 ldb_ctx,
1316 cert_secret_name,
1317 &lsa_secret);
1318 if (!NT_STATUS_IS_OK(status)) {
1319 return WERR_FILE_NOT_FOUND;
1320 }
1321
1322 if (lsa_secret.length != 0) {
1323 struct bkrp_exported_RSA_key_pair keypair;
1324 ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, &keypair,
1325 (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
1326 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1327 return WERR_FILE_NOT_FOUND;
1328 }
1329 *(r->out.data_out_len) = keypair.cert.length;
1330 *(r->out.data_out) = talloc_memdup(mem_ctx, keypair.cert.data, keypair.cert.length);
1331 W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
1332 return WERR_OK;
1333 } else {
1334 DEBUG(1, ("No or broken secret called %s\n", cert_secret_name));
1335 return WERR_INTERNAL_ERROR;
1336 }
1337 }
1338
1339 return WERR_NOT_SUPPORTED;
1340 }
1341
1342 static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context *ldb_ctx)
1343 {
1344 struct GUID guid = GUID_random();
1345 enum ndr_err_code ndr_err;
1346 DATA_BLOB blob_wrap_key, guid_blob;
1347 struct bkrp_dc_serverwrap_key wrap_key;
1348 NTSTATUS status;
1349 char *secret_name;
1350 TALLOC_CTX *frame = talloc_stackframe();
1351
1352 generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
1353
1354 ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
1355 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1356 TALLOC_FREE(frame);
1357 return WERR_INVALID_DATA;
1358 }
1359
1360 secret_name = talloc_asprintf(frame, "BCKUPKEY_%s", GUID_string(ctx, &guid));
1361 if (secret_name == NULL) {
1362 TALLOC_FREE(frame);
1363 return WERR_NOMEM;
1364 }
1365
1366 status = set_lsa_secret(frame, ldb_ctx, secret_name, &blob_wrap_key);
1367 if (!NT_STATUS_IS_OK(status)) {
1368 DEBUG(2, ("Failed to save the secret %s\n", secret_name));
1369 TALLOC_FREE(frame);
1370 return WERR_INTERNAL_ERROR;
1371 }
1372
1373 status = GUID_to_ndr_blob(&guid, frame, &guid_blob);
1374 if (!NT_STATUS_IS_OK(status)) {
1375 DEBUG(2, ("Failed to save the secret %s\n", secret_name));
1376 TALLOC_FREE(frame);
1377 }
1378
1379 status = set_lsa_secret(frame, ldb_ctx, "BCKUPKEY_P", &guid_blob);
1380 if (!NT_STATUS_IS_OK(status)) {
1381 DEBUG(2, ("Failed to save the secret %s\n", secret_name));
1382 TALLOC_FREE(frame);
1383 return WERR_INTERNAL_ERROR;
1384 }
1385
1386 TALLOC_FREE(frame);
1387
1388 return WERR_OK;
1389 }
1390
1391 /*
1392 * Find the specified decryption keys from the LSA secrets store as
1393 * G$BCKUPKEY_keyGuidString.
1394 */
1395
1396 static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_context *ldb_ctx,
1397 struct bkrp_dc_serverwrap_key *server_key,
1398 struct GUID *guid)
1399 {
1400 NTSTATUS status;
1401 DATA_BLOB lsa_secret;
1402 char *secret_name;
1403 char *guid_string;
1404 enum ndr_err_code ndr_err;
1405
1406 guid_string = GUID_string(mem_ctx, guid);
1407 if (guid_string == NULL) {
1408 /* We return file not found because the client
1409 * expect this error
1410 */
1411 return WERR_FILE_NOT_FOUND;
1412 }
1413
1414 secret_name = talloc_asprintf(mem_ctx, "BCKUPKEY_%s", guid_string);
1415 if (secret_name == NULL) {
1416 return WERR_NOMEM;
1417 }
1418
1419 status = get_lsa_secret(mem_ctx, ldb_ctx, secret_name, &lsa_secret);
1420 if (!NT_STATUS_IS_OK(status)) {
1421 DEBUG(10, ("Error while fetching secret %s\n", secret_name));
1422 return WERR_INVALID_DATA;
1423 }
1424 if (lsa_secret.length == 0) {
1425 /* RODC case, we do not have secrets locally */
1426 DEBUG(1, ("Unable to fetch value for secret %s, are we an undetected RODC?\n",
1427 secret_name));
1428 return WERR_INTERNAL_ERROR;
1429 }
1430 ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, server_key,
1431 (ndr_pull_flags_fn_t)ndr_pull_bkrp_dc_serverwrap_key);
1432 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1433 DEBUG(2, ("Unable to parse the ndr encoded server wrap key %s\n", secret_name));
1434 return WERR_INVALID_DATA;
1435 }
1436
1437 return WERR_OK;
1438 }
1439
1440 /*
1441 * Find the current, preferred ServerWrap Key by looking at
1442 * G$BCKUPKEY_P in the LSA secrets store.
1443 *
1444 * Then find the current decryption keys from the LSA secrets store as
1445 * G$BCKUPKEY_keyGuidString.
1446 */
1447
1448 static WERROR bkrp_do_retrieve_default_server_wrap_key(TALLOC_CTX *mem_ctx,
1449 struct ldb_context *ldb_ctx,
1450 struct bkrp_dc_serverwrap_key *server_key,
1451 struct GUID *returned_guid)
1452 {
1453 NTSTATUS status;
1454 DATA_BLOB guid_binary;
1455
1456 status = get_lsa_secret(mem_ctx, ldb_ctx, "BCKUPKEY_P", &guid_binary);
1457 if (!NT_STATUS_IS_OK(status)) {
1458 DEBUG(10, ("Error while fetching secret BCKUPKEY_P to find current GUID\n"));
1459 return WERR_FILE_NOT_FOUND;
1460 } else if (guid_binary.length == 0) {
1461 /* RODC case, we do not have secrets locally */
1462 DEBUG(1, ("Unable to fetch value for secret BCKUPKEY_P, are we an undetected RODC?\n"));
1463 return WERR_INTERNAL_ERROR;
1464 }
1465
1466 status = GUID_from_ndr_blob(&guid_binary, returned_guid);
1467 if (!NT_STATUS_IS_OK(status)) {
1468 return WERR_FILE_NOT_FOUND;
1469 }
1470
1471 return bkrp_do_retrieve_server_wrap_key(mem_ctx, ldb_ctx,
1472 server_key, returned_guid);
1473 }
1474
1475 static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1476 struct bkrp_BackupKey *r ,struct ldb_context *ldb_ctx)
1477 {
1478 WERROR werr;
1479 struct bkrp_server_side_wrapped decrypt_request;
1480 DATA_BLOB sid_blob, encrypted_blob, symkey_blob;
1481 DATA_BLOB blob;
1482 enum ndr_err_code ndr_err;
1483 struct bkrp_dc_serverwrap_key server_key;
1484 struct bkrp_rc4encryptedpayload rc4payload;
1485 struct dom_sid *caller_sid;
1486 uint8_t symkey[20]; /* SHA-1 hash len */
1487 uint8_t mackey[20]; /* SHA-1 hash len */
1488 uint8_t mac[20]; /* SHA-1 hash len */
1489 unsigned int hash_len;
1490 HMAC_CTX ctx;
1491
1492 blob.data = r->in.data_in;
1493 blob.length = r->in.data_in_len;
1494
1495 if (r->in.data_in_len == 0 || r->in.data_in == NULL) {
1496 return WERR_INVALID_PARAM;
1497 }
1498
1499 ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &decrypt_request,
1500 (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
1501 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1502 return WERR_INVALID_PARAM;
1503 }
1504
1505 if (decrypt_request.magic != BACKUPKEY_SERVER_WRAP_VERSION) {
1506 return WERR_INVALID_PARAM;
1507 }
1508
1509 werr = bkrp_do_retrieve_server_wrap_key(mem_ctx, ldb_ctx, &server_key,
1510 &decrypt_request.guid);
1511 if (!W_ERROR_IS_OK(werr)) {
1512 return werr;
1513 }
1514
1515 dump_data_pw("server_key: \n", server_key.key, sizeof(server_key.key));
1516
1517 dump_data_pw("r2: \n", decrypt_request.r2, sizeof(decrypt_request.r2));
1518
1519 /*
1520 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1521 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1522 */
1523 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1524 decrypt_request.r2, sizeof(decrypt_request.r2),
1525 symkey, &hash_len);
1526
1527 dump_data_pw("symkey: \n", symkey, hash_len);
1528
1529 /* rc4 decrypt sid and secret using sym key */
1530 symkey_blob = data_blob_const(symkey, sizeof(symkey));
1531
1532 encrypted_blob = data_blob_const(decrypt_request.rc4encryptedpayload,
1533 decrypt_request.ciphertext_length);
1534
1535 arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
1536
1537 ndr_err = ndr_pull_struct_blob(&encrypted_blob, mem_ctx, &rc4payload,
1538 (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload);
1539 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1540 return WERR_INVALID_PARAM;
1541 }
1542
1543 if (decrypt_request.payload_length != rc4payload.secret_data.length) {
1544 return WERR_INVALID_PARAM;
1545 }
1546
1547 dump_data_pw("r3: \n", rc4payload.r3, sizeof(rc4payload.r3));
1548
1549 /*
1550 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1551 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1552 */
1553 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1554 rc4payload.r3, sizeof(rc4payload.r3),
1555 mackey, &hash_len);
1556
1557 dump_data_pw("mackey: \n", mackey, sizeof(mackey));
1558
1559 ndr_err = ndr_push_struct_blob(&sid_blob, mem_ctx, &rc4payload.sid,
1560 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1561 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1562 return WERR_INTERNAL_ERROR;
1563 }
1564
1565 HMAC_CTX_init(&ctx);
1566 HMAC_Init_ex(&ctx, mackey, hash_len, EVP_sha1(), NULL);
1567 /* SID field */
1568 HMAC_Update(&ctx, sid_blob.data, sid_blob.length);
1569 /* Secret field */
1570 HMAC_Update(&ctx, rc4payload.secret_data.data, rc4payload.secret_data.length);
1571 HMAC_Final(&ctx, mac, &hash_len);
1572 HMAC_CTX_cleanup(&ctx);
1573
1574 dump_data_pw("mac: \n", mac, sizeof(mac));
1575 dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
1576
1577 if (memcmp(mac, rc4payload.mac, sizeof(mac)) != 0) {
1578 return WERR_INVALID_ACCESS;
1579 }
1580
1581 caller_sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
1582
1583 if (!dom_sid_equal(&rc4payload.sid, caller_sid)) {
1584 return WERR_INVALID_ACCESS;
1585 }
1586
1587 *(r->out.data_out) = rc4payload.secret_data.data;
1588 *(r->out.data_out_len) = rc4payload.secret_data.length;
1589
1590 return WERR_OK;
1591 }
1592
1593 /*
1594 * For BACKUPKEY_RESTORE_GUID we need to check the first 4 bytes to
1595 * determine what type of restore is wanted.
1596 *
1597 * See MS-BKRP 3.1.4.1.4 BACKUPKEY_RESTORE_GUID point 1.
1598 */
1599
1600 static WERROR bkrp_generic_decrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1601 struct bkrp_BackupKey *r, struct ldb_context *ldb_ctx)
1602 {
1603 if (r->in.data_in_len < 4 || r->in.data_in == NULL) {
1604 return WERR_INVALID_PARAM;
1605 }
1606
1607 if (IVAL(r->in.data_in, 0) == BACKUPKEY_SERVER_WRAP_VERSION) {
1608 return bkrp_server_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
1609 }
1610
1611 return bkrp_client_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
1612 }
1613
1614 /*
1615 * We have some data, such as saved website or IMAP passwords that the
1616 * client would like to put into the profile on-disk. This needs to
1617 * be encrypted. This version gives the server the data over the
1618 * network (protected only by the negotiated transport encryption),
1619 * and asks that it be encrypted and returned for long-term storage.
1620 *
1621 * The data is NOT stored in the LSA, but a key to encrypt the data
1622 * will be stored. There is only one active encryption key per domain,
1623 * it is pointed at with G$BCKUPKEY_P in the LSA secrets store.
1624 *
1625 * The potentially multiple valid decryptiong keys (and the encryption
1626 * key) are in turn stored in the LSA secrets store as
1627 * G$BCKUPKEY_keyGuidString.
1628 *
1629 */
1630
1631 static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1632 struct bkrp_BackupKey *r ,struct ldb_context *ldb_ctx)
1633 {
1634 DATA_BLOB sid_blob, encrypted_blob, symkey_blob, server_wrapped_blob;
1635 WERROR werr;
1636 struct dom_sid *caller_sid;
1637 uint8_t symkey[20]; /* SHA-1 hash len */
1638 uint8_t mackey[20]; /* SHA-1 hash len */
1639 unsigned int hash_len;
1640 struct bkrp_rc4encryptedpayload rc4payload;
1641 HMAC_CTX ctx;
1642 struct bkrp_dc_serverwrap_key server_key;
1643 enum ndr_err_code ndr_err;
1644 struct bkrp_server_side_wrapped server_side_wrapped;
1645 struct GUID guid;
1646
1647 if (r->in.data_in_len == 0 || r->in.data_in == NULL) {
1648 return WERR_INVALID_PARAM;
1649 }
1650
1651 werr = bkrp_do_retrieve_default_server_wrap_key(mem_ctx,
1652 ldb_ctx, &server_key,
1653 &guid);
1654
1655 if (!W_ERROR_IS_OK(werr)) {
1656 if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
1657 /* Generate the server wrap key since one wasn't found */
1658 werr = generate_bkrp_server_wrap_key(mem_ctx,
1659 ldb_ctx);
1660 if (!W_ERROR_IS_OK(werr)) {
1661 return WERR_INVALID_PARAMETER;
1662 }
1663 werr = bkrp_do_retrieve_default_server_wrap_key(mem_ctx,
1664 ldb_ctx,
1665 &server_key,
1666 &guid);
1667
1668 if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
1669 /* Ok we really don't manage to get this secret ...*/
1670 return WERR_FILE_NOT_FOUND;
1671 }
1672 } else {
1673 /* In theory we should NEVER reach this point as it
1674 should only appear in a rodc server */
1675 /* we do not have the real secret attribute */
1676 return WERR_INVALID_PARAMETER;
1677 }
1678 }
1679
1680 caller_sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
1681
1682 dump_data_pw("server_key: \n", server_key.key, sizeof(server_key.key));
1683
1684 /*
1685 * This is the key derivation step, so that the HMAC and RC4
1686 * operations over the user-supplied data are not able to
1687 * disclose the master key. By using random data, the symkey
1688 * and mackey values are unique for this operation, and
1689 * discovering these (by reversing the RC4 over the
1690 * attacker-controlled data) does not return something able to
1691 * be used to decyrpt the encrypted data of other users
1692 */
1693 generate_random_buffer(server_side_wrapped.r2, sizeof(server_side_wrapped.r2));
1694
1695 dump_data_pw("r2: \n", server_side_wrapped.r2, sizeof(server_side_wrapped.r2));
1696
1697 generate_random_buffer(rc4payload.r3, sizeof(rc4payload.r3));
1698
1699 dump_data_pw("r3: \n", rc4payload.r3, sizeof(rc4payload.r3));
1700
1701
1702 /*
1703 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1704 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1705 */
1706 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1707 server_side_wrapped.r2, sizeof(server_side_wrapped.r2),
1708 symkey, &hash_len);
1709
1710 dump_data_pw("symkey: \n", symkey, hash_len);
1711
1712 /*
1713 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1714 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1715 */
1716 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1717 rc4payload.r3, sizeof(rc4payload.r3),
1718 mackey, &hash_len);
1719
1720 dump_data_pw("mackey: \n", mackey, sizeof(mackey));
1721
1722 ndr_err = ndr_push_struct_blob(&sid_blob, mem_ctx, caller_sid,
1723 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1724 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1725 return WERR_INTERNAL_ERROR;
1726 }
1727
1728 rc4payload.secret_data.data = r->in.data_in;
1729 rc4payload.secret_data.length = r->in.data_in_len;
1730
1731 HMAC_CTX_init(&ctx);
1732 HMAC_Init_ex(&ctx, mackey, 20, EVP_sha1(), NULL);
1733 /* SID field */
1734 HMAC_Update(&ctx, sid_blob.data, sid_blob.length);
1735 /* Secret field */
1736 HMAC_Update(&ctx, rc4payload.secret_data.data, rc4payload.secret_data.length);
1737 HMAC_Final(&ctx, rc4payload.mac, &hash_len);
1738 HMAC_CTX_cleanup(&ctx);
1739
1740 dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
1741
1742 rc4payload.sid = *caller_sid;
1743
1744 ndr_err = ndr_push_struct_blob(&encrypted_blob, mem_ctx, &rc4payload,
1745 (ndr_push_flags_fn_t)ndr_push_bkrp_rc4encryptedpayload);
1746 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1747 return WERR_INTERNAL_ERROR;
1748 }
1749
1750 /* rc4 encrypt sid and secret using sym key */
1751 symkey_blob = data_blob_const(symkey, sizeof(symkey));
1752 arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
1753
1754 /* create server wrap structure */
1755
1756 server_side_wrapped.payload_length = rc4payload.secret_data.length;
1757 server_side_wrapped.ciphertext_length = encrypted_blob.length;
1758 server_side_wrapped.guid = guid;
1759 server_side_wrapped.rc4encryptedpayload = encrypted_blob.data;
1760
1761 ndr_err = ndr_push_struct_blob(&server_wrapped_blob, mem_ctx, &server_side_wrapped,
1762 (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
1763 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1764 return WERR_INTERNAL_ERROR;
1765 }
1766
1767 *(r->out.data_out) = server_wrapped_blob.data;
1768 *(r->out.data_out_len) = server_wrapped_blob.length;
1769
1770 return WERR_OK;
1771 }
1772
1773 static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call,
1774 TALLOC_CTX *mem_ctx, struct bkrp_BackupKey *r)
1775 {
1776 WERROR error = WERR_INVALID_PARAM;
1777 struct ldb_context *ldb_ctx;
1778 bool is_rodc;
1779 const char *addr = "unknown";
1780 /* At which level we start to add more debug of what is done in the protocol */
1781 const int debuglevel = 4;
1782
1783 if (DEBUGLVL(debuglevel)) {
1784 const struct tsocket_address *remote_address;
1785 remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
1786 if (tsocket_address_is_inet(remote_address, "ip")) {
1787 addr = tsocket_address_inet_addr_string(remote_address, mem_ctx);
1788 W_ERROR_HAVE_NO_MEMORY(addr);
1789 }
1790 }
1791
1792 if (lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
1793 return WERR_NOT_SUPPORTED;
1794 }
1795
1796 if (!dce_call->conn->auth_state.auth_info ||
1797 dce_call->conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
1798 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
1799 }
1800
1801 ldb_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
1802 dce_call->conn->dce_ctx->lp_ctx,
1803 system_session(dce_call->conn->dce_ctx->lp_ctx), 0);
1804
1805 if (samdb_rodc(ldb_ctx, &is_rodc) != LDB_SUCCESS) {
1806 talloc_unlink(mem_ctx, ldb_ctx);
1807 return WERR_INVALID_PARAM;
1808 }
1809
1810 if (!is_rodc) {
1811 if(strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1812 BACKUPKEY_RESTORE_GUID, strlen(BACKUPKEY_RESTORE_GUID)) == 0) {
1813 DEBUG(debuglevel, ("Client %s requested to decrypt a wrapped secret\n", addr));
1814 error = bkrp_generic_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
1815 }
1816
1817 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1818 BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, strlen(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID)) == 0) {
1819 DEBUG(debuglevel, ("Client %s requested certificate for client wrapped secret\n", addr));
1820 error = bkrp_retrieve_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx);
1821 }
1822
1823 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1824 BACKUPKEY_RESTORE_GUID_WIN2K, strlen(BACKUPKEY_RESTORE_GUID_WIN2K)) == 0) {
1825 DEBUG(debuglevel, ("Client %s requested to decrypt a server side wrapped secret\n", addr));
1826 error = bkrp_server_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
1827 }
1828
1829 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1830 BACKUPKEY_BACKUP_GUID, strlen(BACKUPKEY_BACKUP_GUID)) == 0) {
1831 DEBUG(debuglevel, ("Client %s requested a server wrapped secret\n", addr));
1832 error = bkrp_server_wrap_encrypt_data(dce_call, mem_ctx, r, ldb_ctx);
1833 }
1834 }
1835 /*else: I am a RODC so I don't handle backup key protocol */
1836
1837 talloc_unlink(mem_ctx, ldb_ctx);
1838 return error;
1839 }
1840
1841 /* include the generated boilerplate */
1842 #include "librpc/gen_ndr/ndr_backupkey_s.c"
Samba GIT mirror