2 Unix SMB/CIFS implementation.
4 endpoint server for the backupkey interface
6 Copyright (C) Matthieu Patou <mat@samba.org> 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "rpc_server/dcerpc_server.h"
24 #include "librpc/gen_ndr/ndr_backupkey.h"
25 #include "dsdb/common/util.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "lib/ldb/include/ldb_errors.h"
28 #include "../lib/util/util_ldb.h"
29 #include "param/param.h"
30 #include "auth/session.h"
31 #include "system/network.h"
34 #include <hcrypto/rsa.h>
35 #include <hcrypto/bn.h>
36 #include <hcrypto/sha.h>
38 #include "../lib/tsocket/tsocket.h"
39 #include "../libcli/security/security.h"
41 #define BACKUPKEY_MIN_VERSION 2
42 #define BACKUPKEY_MAX_VERSION 3
44 static const unsigned rsa_with_var_num
[] = { 1, 2, 840, 113549, 1, 1, 1 };
45 /* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/
46 static const AlgorithmIdentifier _hx509_signature_rsa_with_var_num
= {
47 { 7, discard_const_p(unsigned, rsa_with_var_num
) }, NULL
50 static NTSTATUS
set_lsa_secret(TALLOC_CTX
*mem_ctx
,
51 struct ldb_context
*ldb
,
53 const DATA_BLOB
*secret
)
55 struct ldb_message
*msg
;
56 struct ldb_result
*res
;
57 struct ldb_dn
*domain_dn
;
58 struct ldb_dn
*system_dn
;
62 struct timeval now
= timeval_current();
63 NTTIME nt_now
= timeval_to_nttime(&now
);
64 const char *attrs
[] = {
68 domain_dn
= ldb_get_default_basedn(ldb
);
70 return NT_STATUS_INTERNAL_ERROR
;
73 msg
= ldb_msg_new(mem_ctx
);
75 return NT_STATUS_NO_MEMORY
;
79 * This function is a lot like dcesrv_lsa_CreateSecret
80 * in the rpc_server/lsa directory
81 * The reason why we duplicate the effort here is that:
82 * * we want to keep the former function static
83 * * we want to avoid the burden of doing LSA calls
84 * when we can just manipulate the secrets directly
85 * * taillor the function to the particular needs of backup protocol
88 system_dn
= samdb_search_dn(ldb
, msg
, domain_dn
, "(&(objectClass=container)(cn=System))");
89 if (system_dn
== NULL
) {
91 return NT_STATUS_NO_MEMORY
;
94 name2
= talloc_asprintf(msg
, "%s Secret", name
);
97 return NT_STATUS_NO_MEMORY
;
100 ret
= ldb_search(ldb
, mem_ctx
, &res
, system_dn
, LDB_SCOPE_SUBTREE
, attrs
,
101 "(&(cn=%s)(objectclass=secret))",
102 ldb_binary_encode_string(mem_ctx
, name2
));
104 if (ret
!= LDB_SUCCESS
|| res
->count
!= 0 ) {
105 DEBUG(2, ("Secret %s already exists !\n", name2
));
107 return NT_STATUS_OBJECT_NAME_COLLISION
;
111 * We don't care about previous value as we are
112 * here only if the key didn't exists before
115 msg
->dn
= ldb_dn_copy(mem_ctx
, system_dn
);
116 if (msg
->dn
== NULL
) {
118 return NT_STATUS_NO_MEMORY
;
120 if (!ldb_dn_add_child_fmt(msg
->dn
, "cn=%s", name2
)) {
122 return NT_STATUS_NO_MEMORY
;
125 ret
= ldb_msg_add_string(msg
, "cn", name2
);
126 if (ret
!= LDB_SUCCESS
) {
128 return NT_STATUS_NO_MEMORY
;
130 ret
= ldb_msg_add_string(msg
, "objectClass", "secret");
131 if (ret
!= LDB_SUCCESS
) {
133 return NT_STATUS_NO_MEMORY
;
135 ret
= samdb_msg_add_uint64(ldb
, mem_ctx
, msg
, "priorSetTime", nt_now
);
136 if (ret
!= LDB_SUCCESS
) {
138 return NT_STATUS_NO_MEMORY
;
140 val
.data
= secret
->data
;
141 val
.length
= secret
->length
;
142 ret
= ldb_msg_add_value(msg
, "currentValue", &val
, NULL
);
143 if (ret
!= LDB_SUCCESS
) {
145 return NT_STATUS_NO_MEMORY
;
147 ret
= samdb_msg_add_uint64(ldb
, mem_ctx
, msg
, "lastSetTime", nt_now
);
148 if (ret
!= LDB_SUCCESS
) {
150 return NT_STATUS_NO_MEMORY
;
154 * create the secret with DSDB_MODIFY_RELAX
155 * otherwise dsdb/samdb/ldb_modules/objectclass.c forbid
156 * the create of LSA secret object
158 ret
= dsdb_add(ldb
, msg
, DSDB_MODIFY_RELAX
);
159 if (ret
!= LDB_SUCCESS
) {
160 DEBUG(2,("Failed to create secret record %s: %s\n",
161 ldb_dn_get_linearized(msg
->dn
),
162 ldb_errstring(ldb
)));
164 return NT_STATUS_ACCESS_DENIED
;
171 /* This function is pretty much like dcesrv_lsa_QuerySecret */
172 static NTSTATUS
get_lsa_secret(TALLOC_CTX
*mem_ctx
,
173 struct ldb_context
*ldb
,
178 struct ldb_result
*res
;
179 struct ldb_dn
*domain_dn
;
180 struct ldb_dn
*system_dn
;
181 const struct ldb_val
*val
;
183 const char *attrs
[] = {
192 domain_dn
= ldb_get_default_basedn(ldb
);
194 return NT_STATUS_INTERNAL_ERROR
;
197 tmp_mem
= talloc_new(mem_ctx
);
198 if (tmp_mem
== NULL
) {
199 return NT_STATUS_NO_MEMORY
;
202 system_dn
= samdb_search_dn(ldb
, tmp_mem
, domain_dn
, "(&(objectClass=container)(cn=System))");
203 if (system_dn
== NULL
) {
204 talloc_free(tmp_mem
);
205 return NT_STATUS_NO_MEMORY
;
208 ret
= ldb_search(ldb
, mem_ctx
, &res
, system_dn
, LDB_SCOPE_SUBTREE
, attrs
,
209 "(&(cn=%s Secret)(objectclass=secret))",
210 ldb_binary_encode_string(tmp_mem
, name
));
212 if (ret
!= LDB_SUCCESS
|| res
->count
== 0) {
213 talloc_free(tmp_mem
);
215 * Important NOT to use NT_STATUS_OBJECT_NAME_NOT_FOUND
216 * as this return value is used to detect the case
217 * when we have the secret but without the currentValue
220 return NT_STATUS_RESOURCE_NAME_NOT_FOUND
;
223 if (res
->count
> 1) {
224 DEBUG(2, ("Secret %s collision\n", name
));
225 talloc_free(tmp_mem
);
226 return NT_STATUS_INTERNAL_DB_CORRUPTION
;
229 val
= ldb_msg_find_ldb_val(res
->msgs
[0], "currentValue");
232 * The secret object is here but we don't have the secret value
233 * The most common case is a RODC
235 talloc_free(tmp_mem
);
236 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
240 secret
->data
= talloc_move(mem_ctx
, &data
);
241 secret
->length
= val
->length
;
243 talloc_free(tmp_mem
);
247 static DATA_BLOB
*reverse_and_get_blob(TALLOC_CTX
*mem_ctx
, BIGNUM
*bn
)
250 DATA_BLOB
*rev
= talloc(mem_ctx
, DATA_BLOB
);
253 blob
.length
= BN_num_bytes(bn
);
254 blob
.data
= talloc_array(mem_ctx
, uint8_t, blob
.length
);
256 if (blob
.data
== NULL
) {
260 BN_bn2bin(bn
, blob
.data
);
262 rev
->data
= talloc_array(mem_ctx
, uint8_t, blob
.length
);
263 if (rev
->data
== NULL
) {
267 for(i
=0; i
< blob
.length
; i
++) {
268 rev
->data
[i
] = blob
.data
[blob
.length
- i
-1];
270 rev
->length
= blob
.length
;
271 talloc_free(blob
.data
);
275 static BIGNUM
*reverse_and_get_bignum(TALLOC_CTX
*mem_ctx
, DATA_BLOB
*blob
)
281 rev
.data
= talloc_array(mem_ctx
, uint8_t, blob
->length
);
282 if (rev
.data
== NULL
) {
286 for(i
=0; i
< blob
->length
; i
++) {
287 rev
.data
[i
] = blob
->data
[blob
->length
- i
-1];
289 rev
.length
= blob
->length
;
291 ret
= BN_bin2bn(rev
.data
, rev
.length
, NULL
);
292 talloc_free(rev
.data
);
297 static NTSTATUS
get_pk_from_raw_keypair_params(TALLOC_CTX
*ctx
,
298 struct bkrp_exported_RSA_key_pair
*keypair
,
299 hx509_private_key
*pk
)
303 struct hx509_private_key_ops
*ops
;
305 hx509_context_init(&hctx
);
306 ops
= hx509_find_private_alg(&_hx509_signature_rsa_with_var_num
.algorithm
);
308 DEBUG(2, ("Not supported algorithm\n"));
309 return NT_STATUS_INTERNAL_ERROR
;
312 if (hx509_private_key_init(pk
, ops
, NULL
) != 0) {
313 hx509_context_free(&hctx
);
314 return NT_STATUS_NO_MEMORY
;
319 hx509_context_free(&hctx
);
320 return NT_STATUS_INVALID_PARAMETER
;
323 rsa
->n
= reverse_and_get_bignum(ctx
, &(keypair
->modulus
));
324 if (rsa
->n
== NULL
) {
326 hx509_context_free(&hctx
);
327 return NT_STATUS_INVALID_PARAMETER
;
329 rsa
->d
= reverse_and_get_bignum(ctx
, &(keypair
->private_exponent
));
330 if (rsa
->d
== NULL
) {
332 hx509_context_free(&hctx
);
333 return NT_STATUS_INVALID_PARAMETER
;
335 rsa
->p
= reverse_and_get_bignum(ctx
, &(keypair
->prime1
));
336 if (rsa
->p
== NULL
) {
338 hx509_context_free(&hctx
);
339 return NT_STATUS_INVALID_PARAMETER
;
341 rsa
->q
= reverse_and_get_bignum(ctx
, &(keypair
->prime2
));
342 if (rsa
->q
== NULL
) {
344 hx509_context_free(&hctx
);
345 return NT_STATUS_INVALID_PARAMETER
;
347 rsa
->dmp1
= reverse_and_get_bignum(ctx
, &(keypair
->exponent1
));
348 if (rsa
->dmp1
== NULL
) {
350 hx509_context_free(&hctx
);
351 return NT_STATUS_INVALID_PARAMETER
;
353 rsa
->dmq1
= reverse_and_get_bignum(ctx
, &(keypair
->exponent2
));
354 if (rsa
->dmq1
== NULL
) {
356 hx509_context_free(&hctx
);
357 return NT_STATUS_INVALID_PARAMETER
;
359 rsa
->iqmp
= reverse_and_get_bignum(ctx
, &(keypair
->coefficient
));
360 if (rsa
->iqmp
== NULL
) {
362 hx509_context_free(&hctx
);
363 return NT_STATUS_INVALID_PARAMETER
;
365 rsa
->e
= reverse_and_get_bignum(ctx
, &(keypair
->public_exponent
));
366 if (rsa
->e
== NULL
) {
368 hx509_context_free(&hctx
);
369 return NT_STATUS_INVALID_PARAMETER
;
372 hx509_private_key_assign_rsa(*pk
, rsa
);
374 hx509_context_free(&hctx
);
378 static WERROR
get_and_verify_access_check(TALLOC_CTX
*sub_ctx
,
381 uint8_t *access_check
,
382 uint32_t access_check_len
,
383 struct dom_sid
**access_sid
)
385 heim_octet_string iv
;
386 heim_octet_string access_check_os
;
393 enum ndr_err_code ndr_err
;
396 /* This one should not be freed */
397 const AlgorithmIdentifier
*alg
;
404 alg
= hx509_crypto_des_rsdi_ede3_cbc();
410 alg
=hx509_crypto_aes256_cbc();
414 return WERR_INVALID_DATA
;
417 hx509_context_init(&hctx
);
418 res
= hx509_crypto_init(hctx
, NULL
,
421 hx509_context_free(&hctx
);
424 return WERR_INVALID_DATA
;
427 res
= hx509_crypto_set_key_data(crypto
, key_and_iv
, key_len
);
429 iv
.data
= talloc_memdup(sub_ctx
, key_len
+ key_and_iv
, iv_len
);
433 hx509_crypto_destroy(crypto
);
434 return WERR_INVALID_DATA
;
437 hx509_crypto_set_padding(crypto
, HX509_CRYPTO_PADDING_NONE
);
438 res
= hx509_crypto_decrypt(crypto
,
445 hx509_crypto_destroy(crypto
);
446 return WERR_INVALID_DATA
;
449 blob_us
.data
= access_check_os
.data
;
450 blob_us
.length
= access_check_os
.length
;
452 hx509_crypto_destroy(crypto
);
455 uint32_t hash_size
= 20;
456 uint8_t hash
[hash_size
];
458 struct bkrp_access_check_v2 uncrypted_accesscheckv2
;
460 ndr_err
= ndr_pull_struct_blob(&blob_us
, sub_ctx
, &uncrypted_accesscheckv2
,
461 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_access_check_v2
);
462 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
463 /* Unable to unmarshall */
464 der_free_octet_string(&access_check_os
);
465 return WERR_INVALID_DATA
;
467 if (uncrypted_accesscheckv2
.magic
!= 0x1) {
469 der_free_octet_string(&access_check_os
);
470 return WERR_INVALID_DATA
;
474 SHA1_Update(&sctx
, blob_us
.data
, blob_us
.length
- hash_size
);
475 SHA1_Final(hash
, &sctx
);
476 der_free_octet_string(&access_check_os
);
478 * We free it after the sha1 calculation because blob.data
479 * point to the same area
482 if (memcmp(hash
, uncrypted_accesscheckv2
.hash
, hash_size
) != 0) {
483 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
484 return WERR_INVALID_DATA
;
486 *access_sid
= dom_sid_dup(sub_ctx
, &(uncrypted_accesscheckv2
.sid
));
487 if (*access_sid
== NULL
) {
494 uint32_t hash_size
= 64;
495 uint8_t hash
[hash_size
];
496 struct hc_sha512state sctx
;
497 struct bkrp_access_check_v3 uncrypted_accesscheckv3
;
499 ndr_err
= ndr_pull_struct_blob(&blob_us
, sub_ctx
, &uncrypted_accesscheckv3
,
500 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_access_check_v3
);
501 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
502 /* Unable to unmarshall */
503 der_free_octet_string(&access_check_os
);
504 return WERR_INVALID_DATA
;
506 if (uncrypted_accesscheckv3
.magic
!= 0x1) {
508 der_free_octet_string(&access_check_os
);
509 return WERR_INVALID_DATA
;
513 SHA512_Update(&sctx
, blob_us
.data
, blob_us
.length
- hash_size
);
514 SHA512_Final(hash
, &sctx
);
515 der_free_octet_string(&access_check_os
);
517 * We free it after the sha1 calculation because blob.data
518 * point to the same area
521 if (memcmp(hash
, uncrypted_accesscheckv3
.hash
, hash_size
) != 0) {
522 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
523 return WERR_INVALID_DATA
;
525 *access_sid
= dom_sid_dup(sub_ctx
, &(uncrypted_accesscheckv3
.sid
));
526 if (*access_sid
== NULL
) {
532 /* Never reached normally as we filtered at the switch / case level */
533 return WERR_INVALID_DATA
;
536 static WERROR
bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state
*dce_call
,
538 struct bkrp_BackupKey
*r
,
539 struct ldb_context
*ldb_ctx
)
541 struct bkrp_client_side_wrapped uncrypt_request
;
543 enum ndr_err_code ndr_err
;
545 char *cert_secret_name
;
547 DATA_BLOB
*uncrypted
;
550 blob
.data
= r
->in
.data_in
;
551 blob
.length
= r
->in
.data_in_len
;
553 if (r
->in
.data_in_len
== 0 || r
->in
.data_in
== NULL
) {
554 return WERR_INVALID_PARAM
;
557 ndr_err
= ndr_pull_struct_blob(&blob
, mem_ctx
, &uncrypt_request
,
558 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_client_side_wrapped
);
559 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
560 return WERR_INVALID_PARAM
;
563 if (uncrypt_request
.version
< BACKUPKEY_MIN_VERSION
) {
564 return WERR_INVALID_PARAMETER
;
567 if (uncrypt_request
.version
> BACKUPKEY_MAX_VERSION
) {
568 return WERR_INVALID_PARAMETER
;
571 guid_string
= GUID_string(mem_ctx
, &uncrypt_request
.guid
);
572 if (guid_string
== NULL
) {
576 cert_secret_name
= talloc_asprintf(mem_ctx
,
579 if (cert_secret_name
== NULL
) {
583 status
= get_lsa_secret(mem_ctx
,
587 if (!NT_STATUS_IS_OK(status
)) {
588 DEBUG(10, ("Error while fetching secret %s\n", cert_secret_name
));
589 if (NT_STATUS_EQUAL(status
,NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
590 /* we do not have the real secret attribute */
591 return WERR_INVALID_PARAMETER
;
593 return WERR_FILE_NOT_FOUND
;
597 if (secret
.length
!= 0) {
599 struct bkrp_exported_RSA_key_pair keypair
;
600 hx509_private_key pk
;
602 struct dom_sid
*access_sid
= NULL
;
603 heim_octet_string reversed_secret
;
604 heim_octet_string uncrypted_secret
;
605 AlgorithmIdentifier alg
;
606 struct dom_sid
*caller_sid
;
610 ndr_err
= ndr_pull_struct_blob(&secret
, mem_ctx
, &keypair
, (ndr_pull_flags_fn_t
)ndr_pull_bkrp_exported_RSA_key_pair
);
611 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
612 DEBUG(2, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name
));
613 return WERR_FILE_NOT_FOUND
;
616 status
= get_pk_from_raw_keypair_params(mem_ctx
, &keypair
, &pk
);
617 if (!NT_STATUS_IS_OK(status
)) {
618 return WERR_INTERNAL_ERROR
;
621 reversed_secret
.data
= talloc_array(mem_ctx
, uint8_t,
622 uncrypt_request
.encrypted_secret_len
);
623 if (reversed_secret
.data
== NULL
) {
624 hx509_private_key_free(&pk
);
628 /* The secret has to be reversed ... */
629 for(i
=0; i
< uncrypt_request
.encrypted_secret_len
; i
++) {
630 uint8_t *reversed
= (uint8_t *)reversed_secret
.data
;
631 uint8_t *uncrypt
= uncrypt_request
.encrypted_secret
;
632 reversed
[i
] = uncrypt
[uncrypt_request
.encrypted_secret_len
- 1 - i
];
634 reversed_secret
.length
= uncrypt_request
.encrypted_secret_len
;
637 * Let's try to decrypt the secret now that
638 * we have the private key ...
640 hx509_context_init(&hctx
);
641 res
= hx509_private_key_private_decrypt(hctx
, &reversed_secret
,
644 hx509_context_free(&hctx
);
645 hx509_private_key_free(&pk
);
647 /* We are not able to decrypt the secret, looks like something is wrong */
648 return WERR_INVALID_DATA
;
650 blob_us
.data
= uncrypted_secret
.data
;
651 blob_us
.length
= uncrypted_secret
.length
;
653 if (uncrypt_request
.version
== 2) {
654 struct bkrp_encrypted_secret_v2 uncrypted_secretv2
;
656 ndr_err
= ndr_pull_struct_blob(&blob_us
, mem_ctx
, &uncrypted_secretv2
,
657 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_encrypted_secret_v2
);
658 der_free_octet_string(&uncrypted_secret
);
659 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
660 /* Unable to unmarshall */
661 return WERR_INVALID_DATA
;
663 if (uncrypted_secretv2
.magic
!= 0x20) {
665 return WERR_INVALID_DATA
;
668 werr
= get_and_verify_access_check(mem_ctx
, 2,
669 uncrypted_secretv2
.payload_key
,
670 uncrypt_request
.access_check
,
671 uncrypt_request
.access_check_len
,
673 if (!W_ERROR_IS_OK(werr
)) {
676 uncrypted
= talloc(mem_ctx
, DATA_BLOB
);
677 if (uncrypted
== NULL
) {
678 return WERR_INVALID_DATA
;
681 uncrypted
->data
= uncrypted_secretv2
.secret
;
682 uncrypted
->length
= uncrypted_secretv2
.secret_len
;
684 if (uncrypt_request
.version
== 3) {
685 struct bkrp_encrypted_secret_v3 uncrypted_secretv3
;
687 ndr_err
= ndr_pull_struct_blob(&blob_us
, mem_ctx
, &uncrypted_secretv3
,
688 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_encrypted_secret_v3
);
690 der_free_octet_string(&uncrypted_secret
);
691 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
692 /* Unable to unmarshall */
693 return WERR_INVALID_DATA
;
696 if (uncrypted_secretv3
.magic1
!= 0x30 ||
697 uncrypted_secretv3
.magic2
!= 0x6610 ||
698 uncrypted_secretv3
.magic3
!= 0x800e) {
700 return WERR_INVALID_DATA
;
703 werr
= get_and_verify_access_check(mem_ctx
, 3,
704 uncrypted_secretv3
.payload_key
,
705 uncrypt_request
.access_check
,
706 uncrypt_request
.access_check_len
,
708 if (!W_ERROR_IS_OK(werr
)) {
712 uncrypted
= talloc(mem_ctx
, DATA_BLOB
);
713 if (uncrypted
== NULL
) {
714 return WERR_INVALID_DATA
;
717 uncrypted
->data
= uncrypted_secretv3
.secret
;
718 uncrypted
->length
= uncrypted_secretv3
.secret_len
;
721 caller_sid
= &dce_call
->conn
->auth_state
.session_info
->security_token
->sids
[PRIMARY_USER_SID_INDEX
];
723 if (!dom_sid_equal(caller_sid
, access_sid
)) {
724 talloc_free(uncrypted
);
725 return WERR_INVALID_ACCESS
;
729 * Yeah if we are here all looks pretty good:
731 * - user sid is the same as the one in access check
732 * - we were able to decrypt the whole stuff
736 if (uncrypted
->data
== NULL
) {
737 return WERR_INVALID_DATA
;
740 /* There is a magic value a the beginning of the data
741 * we can use an adhoc structure but as the
742 * parent structure is just an array of bytes it a lot of work
743 * work just prepending 4 bytes
745 *(r
->out
.data_out
) = talloc_zero_array(mem_ctx
, uint8_t, uncrypted
->length
+ 4);
746 W_ERROR_HAVE_NO_MEMORY(*(r
->out
.data_out
));
747 memcpy(4+*(r
->out
.data_out
), uncrypted
->data
, uncrypted
->length
);
748 *(r
->out
.data_out_len
) = uncrypted
->length
+ 4;
753 static WERROR
create_heimdal_rsa_key(TALLOC_CTX
*ctx
, hx509_context
*hctx
,
754 hx509_private_key
*pk
, RSA
**_rsa
)
762 int RSA_returned_bits
;
767 if(pub_expo
== NULL
) {
768 return WERR_INTERNAL_ERROR
;
771 /* set the public expo to 65537 like everyone */
772 BN_set_word(pub_expo
, 0x10001);
777 return WERR_INTERNAL_ERROR
;
780 while (RSA_returned_bits
!= bits
) {
781 ret
= RSA_generate_key_ex(rsa
, bits
, pub_expo
, NULL
);
785 return WERR_INTERNAL_ERROR
;
787 RSA_returned_bits
= BN_num_bits(rsa
->n
);
788 DEBUG(6, ("RSA_generate_key_ex returned %d Bits\n", RSA_returned_bits
));
792 len
= i2d_RSAPrivateKey(rsa
, NULL
);
795 return WERR_INTERNAL_ERROR
;
798 p0
= p
= talloc_array(ctx
, uint8_t, len
);
801 return WERR_INTERNAL_ERROR
;
804 len
= i2d_RSAPrivateKey(rsa
, &p
);
808 return WERR_INTERNAL_ERROR
;
812 * To dump the key we can use :
813 * rk_dumpdata("h5lkey", p0, len);
815 ret
= hx509_parse_private_key(*hctx
, &_hx509_signature_rsa_with_var_num
,
816 p0
, len
, HX509_KEY_FORMAT_DER
, pk
);
821 return WERR_INTERNAL_ERROR
;
828 static WERROR
self_sign_cert(TALLOC_CTX
*ctx
, hx509_context
*hctx
, hx509_request
*req
,
829 time_t lifetime
, hx509_private_key
*private_key
,
830 hx509_cert
*cert
, DATA_BLOB
*guidblob
)
832 SubjectPublicKeyInfo spki
;
833 hx509_name subject
= NULL
;
835 struct heim_bit_string uniqueid
;
836 struct heim_integer serialnumber
;
839 uniqueid
.data
= talloc_memdup(ctx
, guidblob
->data
, guidblob
->length
);
840 if (uniqueid
.data
== NULL
) {
843 /* uniqueid is a bit string in which each byte represent 1 bit (1 or 0)
844 * so as 1 byte is 8 bits we need to provision 8 times more space as in the
847 uniqueid
.length
= 8 * guidblob
->length
;
849 serialnumber
.data
= talloc_array(ctx
, uint8_t,
851 if (serialnumber
.data
== NULL
) {
852 talloc_free(uniqueid
.data
);
856 /* Native AD generates certificates with serialnumber in reversed notation */
857 for (i
= 0; i
< guidblob
->length
; i
++) {
858 uint8_t *reversed
= (uint8_t *)serialnumber
.data
;
859 uint8_t *uncrypt
= guidblob
->data
;
860 reversed
[i
] = uncrypt
[guidblob
->length
- 1 - i
];
862 serialnumber
.length
= guidblob
->length
;
863 serialnumber
.negative
= 0;
865 memset(&spki
, 0, sizeof(spki
));
867 ret
= hx509_request_get_name(*hctx
, *req
, &subject
);
871 ret
= hx509_request_get_SubjectPublicKeyInfo(*hctx
, *req
, &spki
);
876 ret
= hx509_ca_tbs_init(*hctx
, &tbs
);
881 ret
= hx509_ca_tbs_set_spki(*hctx
, tbs
, &spki
);
885 ret
= hx509_ca_tbs_set_subject(*hctx
, tbs
, subject
);
889 ret
= hx509_ca_tbs_set_ca(*hctx
, tbs
, 1);
893 ret
= hx509_ca_tbs_set_notAfter_lifetime(*hctx
, tbs
, lifetime
);
897 ret
= hx509_ca_tbs_set_unique(*hctx
, tbs
, &uniqueid
, &uniqueid
);
901 ret
= hx509_ca_tbs_set_serialnumber(*hctx
, tbs
, &serialnumber
);
905 ret
= hx509_ca_sign_self(*hctx
, tbs
, *private_key
, cert
);
909 hx509_name_free(&subject
);
910 free_SubjectPublicKeyInfo(&spki
);
911 hx509_ca_tbs_free(&tbs
);
916 hx509_ca_tbs_free(&tbs
);
918 free_SubjectPublicKeyInfo(&spki
);
920 hx509_name_free(&subject
);
922 talloc_free(uniqueid
.data
);
923 talloc_free(serialnumber
.data
);
924 return WERR_INTERNAL_ERROR
;
927 static WERROR
create_req(TALLOC_CTX
*ctx
, hx509_context
*hctx
, hx509_request
*req
,
928 hx509_private_key
*signer
,RSA
**rsa
, const char *dn
)
931 SubjectPublicKeyInfo key
;
936 w_err
= create_heimdal_rsa_key(ctx
, hctx
, signer
, rsa
);
937 if (!W_ERROR_IS_OK(w_err
)) {
941 hx509_request_init(*hctx
, req
);
942 ret
= hx509_parse_name(*hctx
, dn
, &name
);
945 hx509_private_key_free(signer
);
946 hx509_request_free(req
);
947 hx509_name_free(&name
);
948 return WERR_INTERNAL_ERROR
;
951 ret
= hx509_request_set_name(*hctx
, *req
, name
);
954 hx509_private_key_free(signer
);
955 hx509_request_free(req
);
956 hx509_name_free(&name
);
957 return WERR_INTERNAL_ERROR
;
959 hx509_name_free(&name
);
961 ret
= hx509_private_key2SPKI(*hctx
, *signer
, &key
);
964 hx509_private_key_free(signer
);
965 hx509_request_free(req
);
966 return WERR_INTERNAL_ERROR
;
968 ret
= hx509_request_set_SubjectPublicKeyInfo(*hctx
, *req
, &key
);
971 hx509_private_key_free(signer
);
972 free_SubjectPublicKeyInfo(&key
);
973 hx509_request_free(req
);
974 return WERR_INTERNAL_ERROR
;
977 free_SubjectPublicKeyInfo(&key
);
982 /* Return an error when we fail to generate a certificate */
983 static WERROR
generate_bkrp_cert(TALLOC_CTX
*ctx
, struct dcesrv_call_state
*dce_call
, struct ldb_context
*ldb_ctx
, const char *dn
)
985 heim_octet_string data
;
989 hx509_private_key pk
;
993 DATA_BLOB blobkeypair
;
997 struct GUID guid
= GUID_random();
1000 struct bkrp_exported_RSA_key_pair keypair
;
1001 enum ndr_err_code ndr_err
;
1002 uint32_t nb_days_validity
= 3600 * 24 * 365;
1004 DEBUG(6, ("Trying to generate a certificate\n"));
1005 hx509_context_init(&hctx
);
1006 w_err
= create_req(ctx
, &hctx
, &req
, &pk
, &rsa
, dn
);
1007 if (!W_ERROR_IS_OK(w_err
)) {
1008 hx509_context_free(&hctx
);
1012 status
= GUID_to_ndr_blob(&guid
, ctx
, &blob
);
1013 if (!NT_STATUS_IS_OK(status
)) {
1014 hx509_context_free(&hctx
);
1015 hx509_private_key_free(&pk
);
1017 return WERR_INVALID_DATA
;
1020 w_err
= self_sign_cert(ctx
, &hctx
, &req
, nb_days_validity
, &pk
, &cert
, &blob
);
1021 if (!W_ERROR_IS_OK(w_err
)) {
1022 hx509_private_key_free(&pk
);
1023 hx509_context_free(&hctx
);
1024 return WERR_INVALID_DATA
;
1027 ret
= hx509_cert_binary(hctx
, cert
, &data
);
1029 hx509_cert_free(cert
);
1030 hx509_private_key_free(&pk
);
1031 hx509_context_free(&hctx
);
1032 return WERR_INVALID_DATA
;
1035 keypair
.cert
.data
= talloc_memdup(ctx
, data
.data
, data
.length
);
1036 keypair
.cert
.length
= data
.length
;
1039 * Heimdal's bignum are big endian and the
1040 * structure expect it to be in little endian
1041 * so we reverse the buffer to make it work
1043 tmp
= reverse_and_get_blob(ctx
, rsa
->e
);
1047 keypair
.public_exponent
= *tmp
;
1048 SMB_ASSERT(tmp
->length
<= 4);
1050 * The value is now in little endian but if can happen that the length is
1051 * less than 4 bytes.
1052 * So if we have less than 4 bytes we pad with zeros so that it correctly
1053 * fit into the structure.
1055 if (tmp
->length
< 4) {
1057 * We need the expo to fit 4 bytes
1059 keypair
.public_exponent
.data
= talloc_zero_array(ctx
, uint8_t, 4);
1060 memcpy(keypair
.public_exponent
.data
, tmp
->data
, tmp
->length
);
1061 keypair
.public_exponent
.length
= 4;
1065 tmp
= reverse_and_get_blob(ctx
,rsa
->d
);
1069 keypair
.private_exponent
= *tmp
;
1072 tmp
= reverse_and_get_blob(ctx
,rsa
->n
);
1076 keypair
.modulus
= *tmp
;
1079 tmp
= reverse_and_get_blob(ctx
,rsa
->p
);
1083 keypair
.prime1
= *tmp
;
1086 tmp
= reverse_and_get_blob(ctx
,rsa
->q
);
1090 keypair
.prime2
= *tmp
;
1093 tmp
= reverse_and_get_blob(ctx
,rsa
->dmp1
);
1097 keypair
.exponent1
= *tmp
;
1100 tmp
= reverse_and_get_blob(ctx
,rsa
->dmq1
);
1104 keypair
.exponent2
= *tmp
;
1107 tmp
= reverse_and_get_blob(ctx
,rsa
->iqmp
);
1111 keypair
.coefficient
= *tmp
;
1114 /* One of the keypair allocation was wrong */
1116 der_free_octet_string(&data
);
1117 hx509_cert_free(cert
);
1118 hx509_private_key_free(&pk
);
1119 hx509_context_free(&hctx
);
1121 return WERR_INVALID_DATA
;
1123 keypair
.certificate_len
= keypair
.cert
.length
;
1124 ndr_err
= ndr_push_struct_blob(&blobkeypair
, ctx
, &keypair
, (ndr_push_flags_fn_t
)ndr_push_bkrp_exported_RSA_key_pair
);
1125 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
1126 der_free_octet_string(&data
);
1127 hx509_cert_free(cert
);
1128 hx509_private_key_free(&pk
);
1129 hx509_context_free(&hctx
);
1131 return WERR_INVALID_DATA
;
1134 secret_name
= talloc_asprintf(ctx
, "BCKUPKEY_%s", GUID_string(ctx
, &guid
));
1135 if (secret_name
== NULL
) {
1136 der_free_octet_string(&data
);
1137 hx509_cert_free(cert
);
1138 hx509_private_key_free(&pk
);
1139 hx509_context_free(&hctx
);
1141 return WERR_OUTOFMEMORY
;
1144 status
= set_lsa_secret(ctx
, ldb_ctx
, secret_name
, &blobkeypair
);
1145 if (!NT_STATUS_IS_OK(status
)) {
1146 DEBUG(2, ("Failed to save the secret %s\n", secret_name
));
1148 talloc_free(secret_name
);
1150 GUID_to_ndr_blob(&guid
, ctx
, &blob
);
1151 status
= set_lsa_secret(ctx
, ldb_ctx
, "BCKUPKEY_PREFERRED", &blob
);
1152 if (!NT_STATUS_IS_OK(status
)) {
1153 DEBUG(2, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
1156 der_free_octet_string(&data
);
1157 hx509_cert_free(cert
);
1158 hx509_private_key_free(&pk
);
1159 hx509_context_free(&hctx
);
1164 static WERROR
bkrp_do_retrieve_client_wrap_key(struct dcesrv_call_state
*dce_call
, TALLOC_CTX
*mem_ctx
,
1165 struct bkrp_BackupKey
*r
,struct ldb_context
*ldb_ctx
)
1170 enum ndr_err_code ndr_err
;
1174 * here we basicaly need to return our certificate
1175 * search for lsa secret BCKUPKEY_PREFERRED first
1178 status
= get_lsa_secret(mem_ctx
,
1180 "BCKUPKEY_PREFERRED",
1182 if (!NT_STATUS_IS_OK(status
)) {
1183 DEBUG(10, ("Error while fetching secret BCKUPKEY_PREFERRED\n"));
1184 if (!NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
1185 /* Ok we can be in this case if there was no certs */
1186 struct loadparm_context
*lp_ctx
= dce_call
->conn
->dce_ctx
->lp_ctx
;
1187 char *dn
= talloc_asprintf(mem_ctx
, "CN=%s",
1188 lpcfg_realm(lp_ctx
));
1190 WERROR werr
= generate_bkrp_cert(mem_ctx
, dce_call
, ldb_ctx
, dn
);
1191 if (!W_ERROR_IS_OK(werr
)) {
1192 return WERR_INVALID_PARAMETER
;
1194 status
= get_lsa_secret(mem_ctx
,
1196 "BCKUPKEY_PREFERRED",
1199 if (!NT_STATUS_IS_OK(status
)) {
1200 /* Ok we really don't manage to get this certs ...*/
1201 DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
1202 return WERR_FILE_NOT_FOUND
;
1205 /* In theory we should NEVER reach this point as it
1206 should only appear in a rodc server */
1207 /* we do not have the real secret attribute */
1208 return WERR_INVALID_PARAMETER
;
1212 if (secret
.length
!= 0) {
1213 char *cert_secret_name
;
1215 status
= GUID_from_ndr_blob(&secret
, &guid
);
1216 if (!NT_STATUS_IS_OK(status
)) {
1217 return WERR_FILE_NOT_FOUND
;
1220 guid_string
= GUID_string(mem_ctx
, &guid
);
1221 if (guid_string
== NULL
) {
1222 /* We return file not found because the client
1225 return WERR_FILE_NOT_FOUND
;
1228 cert_secret_name
= talloc_asprintf(mem_ctx
,
1231 status
= get_lsa_secret(mem_ctx
,
1235 if (!NT_STATUS_IS_OK(status
)) {
1236 return WERR_FILE_NOT_FOUND
;
1239 if (secret
.length
!= 0) {
1240 struct bkrp_exported_RSA_key_pair keypair
;
1241 ndr_err
= ndr_pull_struct_blob(&secret
, mem_ctx
, &keypair
,
1242 (ndr_pull_flags_fn_t
)ndr_pull_bkrp_exported_RSA_key_pair
);
1243 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
1244 return WERR_FILE_NOT_FOUND
;
1246 *(r
->out
.data_out_len
) = keypair
.cert
.length
;
1247 *(r
->out
.data_out
) = talloc_memdup(mem_ctx
, keypair
.cert
.data
, keypair
.cert
.length
);
1248 W_ERROR_HAVE_NO_MEMORY(*(r
->out
.data_out
));
1251 DEBUG(10, ("No or broken secret called %s\n", cert_secret_name
));
1252 return WERR_FILE_NOT_FOUND
;
1255 DEBUG(10, ("No secret BCKUPKEY_PREFERRED\n"));
1256 return WERR_FILE_NOT_FOUND
;
1259 return WERR_NOT_SUPPORTED
;
1262 static WERROR
dcesrv_bkrp_BackupKey(struct dcesrv_call_state
*dce_call
,
1263 TALLOC_CTX
*mem_ctx
, struct bkrp_BackupKey
*r
)
1265 WERROR error
= WERR_INVALID_PARAM
;
1266 struct ldb_context
*ldb_ctx
;
1268 const char *addr
= "unknown";
1269 /* At which level we start to add more debug of what is done in the protocol */
1270 const int debuglevel
= 4;
1272 if (DEBUGLVL(debuglevel
)) {
1273 const struct tsocket_address
*remote_address
;
1274 remote_address
= dcesrv_connection_get_remote_address(dce_call
->conn
);
1275 if (tsocket_address_is_inet(remote_address
, "ip")) {
1276 addr
= tsocket_address_inet_addr_string(remote_address
, mem_ctx
);
1277 W_ERROR_HAVE_NO_MEMORY(addr
);
1281 if (lpcfg_server_role(dce_call
->conn
->dce_ctx
->lp_ctx
) != ROLE_ACTIVE_DIRECTORY_DC
) {
1282 return WERR_NOT_SUPPORTED
;
1285 if (!dce_call
->conn
->auth_state
.auth_info
||
1286 dce_call
->conn
->auth_state
.auth_info
->auth_level
!= DCERPC_AUTH_LEVEL_PRIVACY
) {
1287 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED
);
1290 ldb_ctx
= samdb_connect(mem_ctx
, dce_call
->event_ctx
,
1291 dce_call
->conn
->dce_ctx
->lp_ctx
,
1292 system_session(dce_call
->conn
->dce_ctx
->lp_ctx
), 0);
1294 if (samdb_rodc(ldb_ctx
, &is_rodc
) != LDB_SUCCESS
) {
1295 talloc_unlink(mem_ctx
, ldb_ctx
);
1296 return WERR_INVALID_PARAM
;
1300 if(strncasecmp(GUID_string(mem_ctx
, r
->in
.guidActionAgent
),
1301 BACKUPKEY_RESTORE_GUID
, strlen(BACKUPKEY_RESTORE_GUID
)) == 0) {
1302 DEBUG(debuglevel
, ("Client %s requested to decrypt a client side wrapped secret\n", addr
));
1303 error
= bkrp_do_uncrypt_client_wrap_key(dce_call
, mem_ctx
, r
, ldb_ctx
);
1306 if (strncasecmp(GUID_string(mem_ctx
, r
->in
.guidActionAgent
),
1307 BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID
, strlen(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID
)) == 0) {
1308 DEBUG(debuglevel
, ("Client %s requested certificate for client wrapped secret\n", addr
));
1309 error
= bkrp_do_retrieve_client_wrap_key(dce_call
, mem_ctx
, r
, ldb_ctx
);
1312 if (strncasecmp(GUID_string(mem_ctx
, r
->in
.guidActionAgent
),
1313 BACKUPKEY_RESTORE_GUID_WIN2K
, strlen(BACKUPKEY_RESTORE_GUID_WIN2K
)) == 0) {
1314 DEBUG(debuglevel
, ("Client %s requested to decrypt a server side wrapped secret, not implemented yet\n", addr
));
1315 return WERR_NOT_SUPPORTED
; /* is this appropriate? */
1318 if (strncasecmp(GUID_string(mem_ctx
, r
->in
.guidActionAgent
),
1319 BACKUPKEY_BACKUP_GUID
, strlen(BACKUPKEY_BACKUP_GUID
)) == 0) {
1320 DEBUG(debuglevel
, ("Client %s requested a server wrapped secret, not implemented yet\n", addr
));
1321 return WERR_NOT_SUPPORTED
; /* is this appropriate? */
1324 /*else: I am a RODC so I don't handle backup key protocol */
1326 talloc_unlink(mem_ctx
, ldb_ctx
);
1330 /* include the generated boilerplate */
1331 #include "librpc/gen_ndr/ndr_backupkey_s.c"