search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-backupkey: typo fix
[Samba.git] / source4 / rpc_server / backupkey / dcesrv_backupkey.c
blobf08eb832a6be8a2f61edbfc15d31d77fc477245b
1 /*
2 Unix SMB/CIFS implementation.
3
4 endpoint server for the backupkey interface
5
6 Copyright (C) Matthieu Patou <mat@samba.org> 2010
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "rpc_server/dcerpc_server.h"
24 #include "librpc/gen_ndr/ndr_backupkey.h"
25 #include "dsdb/common/util.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "lib/ldb/include/ldb_errors.h"
28 #include "../lib/util/util_ldb.h"
29 #include "param/param.h"
30 #include "auth/session.h"
31 #include "system/network.h"
32 #include <com_err.h>
33 #include <hx509.h>
34 #include <hcrypto/rsa.h>
35 #include <hcrypto/bn.h>
36 #include <hcrypto/sha.h>
37 #include <der.h>
38 #include "../lib/tsocket/tsocket.h"
39 #include "../libcli/security/security.h"
40
41 #define BACKUPKEY_MIN_VERSION 2
42 #define BACKUPKEY_MAX_VERSION 3
43
44 static const unsigned rsa_with_var_num[] = { 1, 2, 840, 113549, 1, 1, 1 };
45 /* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/
46 static const AlgorithmIdentifier _hx509_signature_rsa_with_var_num = {
47 { 7, discard_const_p(unsigned, rsa_with_var_num) }, NULL
48 };
49
50 static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
51 struct ldb_context *ldb,
52 const char *name,
53 const DATA_BLOB *secret)
54 {
55 struct ldb_message *msg;
56 struct ldb_result *res;
57 struct ldb_dn *domain_dn;
58 struct ldb_dn *system_dn;
59 struct ldb_val val;
60 int ret;
61 char *name2;
62 struct timeval now = timeval_current();
63 NTTIME nt_now = timeval_to_nttime(&now);
64 const char *attrs[] = {
65 NULL
66 };
67
68 domain_dn = ldb_get_default_basedn(ldb);
69 if (!domain_dn) {
70 return NT_STATUS_INTERNAL_ERROR;
71 }
72
73 msg = ldb_msg_new(mem_ctx);
74 if (msg == NULL) {
75 return NT_STATUS_NO_MEMORY;
76 }
77
78 /*
79 * This function is a lot like dcesrv_lsa_CreateSecret
80 * in the rpc_server/lsa directory
81 * The reason why we duplicate the effort here is that:
82 * * we want to keep the former function static
83 * * we want to avoid the burden of doing LSA calls
84 * when we can just manipulate the secrets directly
85 * * taillor the function to the particular needs of backup protocol
86 */
87
88 system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
89 if (system_dn == NULL) {
90 talloc_free(msg);
91 return NT_STATUS_NO_MEMORY;
92 }
93
94 name2 = talloc_asprintf(msg, "%s Secret", name);
95 if (name2 == NULL) {
96 talloc_free(msg);
97 return NT_STATUS_NO_MEMORY;
98 }
99
100 ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
101 "(&(cn=%s)(objectclass=secret))",
102 ldb_binary_encode_string(mem_ctx, name2));
103
104 if (ret != LDB_SUCCESS || res->count != 0 ) {
105 DEBUG(2, ("Secret %s already exists !\n", name2));
106 talloc_free(msg);
107 return NT_STATUS_OBJECT_NAME_COLLISION;
108 }
109
110 /*
111 * We don't care about previous value as we are
112 * here only if the key didn't exists before
113 */
114
115 msg->dn = ldb_dn_copy(mem_ctx, system_dn);
116 if (msg->dn == NULL) {
117 talloc_free(msg);
118 return NT_STATUS_NO_MEMORY;
119 }
120 if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
121 talloc_free(msg);
122 return NT_STATUS_NO_MEMORY;
123 }
124
125 ret = ldb_msg_add_string(msg, "cn", name2);
126 if (ret != LDB_SUCCESS) {
127 talloc_free(msg);
128 return NT_STATUS_NO_MEMORY;
129 }
130 ret = ldb_msg_add_string(msg, "objectClass", "secret");
131 if (ret != LDB_SUCCESS) {
132 talloc_free(msg);
133 return NT_STATUS_NO_MEMORY;
134 }
135 ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
136 if (ret != LDB_SUCCESS) {
137 talloc_free(msg);
138 return NT_STATUS_NO_MEMORY;
139 }
140 val.data = secret->data;
141 val.length = secret->length;
142 ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
143 if (ret != LDB_SUCCESS) {
144 talloc_free(msg);
145 return NT_STATUS_NO_MEMORY;
146 }
147 ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
148 if (ret != LDB_SUCCESS) {
149 talloc_free(msg);
150 return NT_STATUS_NO_MEMORY;
151 }
152
153 /*
154 * create the secret with DSDB_MODIFY_RELAX
155 * otherwise dsdb/samdb/ldb_modules/objectclass.c forbid
156 * the create of LSA secret object
157 */
158 ret = dsdb_add(ldb, msg, DSDB_MODIFY_RELAX);
159 if (ret != LDB_SUCCESS) {
160 DEBUG(2,("Failed to create secret record %s: %s\n",
161 ldb_dn_get_linearized(msg->dn),
162 ldb_errstring(ldb)));
163 talloc_free(msg);
164 return NT_STATUS_ACCESS_DENIED;
165 }
166
167 talloc_free(msg);
168 return NT_STATUS_OK;
169 }
170
171 /* This function is pretty much like dcesrv_lsa_QuerySecret */
172 static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
173 struct ldb_context *ldb,
174 const char *name,
175 DATA_BLOB *secret)
176 {
177 TALLOC_CTX *tmp_mem;
178 struct ldb_result *res;
179 struct ldb_dn *domain_dn;
180 struct ldb_dn *system_dn;
181 const struct ldb_val *val;
182 uint8_t *data;
183 const char *attrs[] = {
184 "currentValue",
185 NULL
186 };
187 int ret;
188
189 secret->data = NULL;
190 secret->length = 0;
191
192 domain_dn = ldb_get_default_basedn(ldb);
193 if (!domain_dn) {
194 return NT_STATUS_INTERNAL_ERROR;
195 }
196
197 tmp_mem = talloc_new(mem_ctx);
198 if (tmp_mem == NULL) {
199 return NT_STATUS_NO_MEMORY;
200 }
201
202 system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))");
203 if (system_dn == NULL) {
204 talloc_free(tmp_mem);
205 return NT_STATUS_NO_MEMORY;
206 }
207
208 ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
209 "(&(cn=%s Secret)(objectclass=secret))",
210 ldb_binary_encode_string(tmp_mem, name));
211
212 if (ret != LDB_SUCCESS || res->count == 0) {
213 talloc_free(tmp_mem);
214 /*
215 * Important NOT to use NT_STATUS_OBJECT_NAME_NOT_FOUND
216 * as this return value is used to detect the case
217 * when we have the secret but without the currentValue
218 * (case RODC)
219 */
220 return NT_STATUS_RESOURCE_NAME_NOT_FOUND;
221 }
222
223 if (res->count > 1) {
224 DEBUG(2, ("Secret %s collision\n", name));
225 talloc_free(tmp_mem);
226 return NT_STATUS_INTERNAL_DB_CORRUPTION;
227 }
228
229 val = ldb_msg_find_ldb_val(res->msgs[0], "currentValue");
230 if (val == NULL) {
231 /*
232 * The secret object is here but we don't have the secret value
233 * The most common case is a RODC
234 */
235 talloc_free(tmp_mem);
236 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
237 }
238
239 data = val->data;
240 secret->data = talloc_move(mem_ctx, &data);
241 secret->length = val->length;
242
243 talloc_free(tmp_mem);
244 return NT_STATUS_OK;
245 }
246
247 static DATA_BLOB *reverse_and_get_blob(TALLOC_CTX *mem_ctx, BIGNUM *bn)
248 {
249 DATA_BLOB blob;
250 DATA_BLOB *rev = talloc(mem_ctx, DATA_BLOB);
251 uint32_t i;
252
253 blob.length = BN_num_bytes(bn);
254 blob.data = talloc_array(mem_ctx, uint8_t, blob.length);
255
256 if (blob.data == NULL) {
257 return NULL;
258 }
259
260 BN_bn2bin(bn, blob.data);
261
262 rev->data = talloc_array(mem_ctx, uint8_t, blob.length);
263 if (rev->data == NULL) {
264 return NULL;
265 }
266
267 for(i=0; i < blob.length; i++) {
268 rev->data[i] = blob.data[blob.length - i -1];
269 }
270 rev->length = blob.length;
271 talloc_free(blob.data);
272 return rev;
273 }
274
275 static BIGNUM *reverse_and_get_bignum(TALLOC_CTX *mem_ctx, DATA_BLOB *blob)
276 {
277 BIGNUM *ret;
278 DATA_BLOB rev;
279 uint32_t i;
280
281 rev.data = talloc_array(mem_ctx, uint8_t, blob->length);
282 if (rev.data == NULL) {
283 return NULL;
284 }
285
286 for(i=0; i < blob->length; i++) {
287 rev.data[i] = blob->data[blob->length - i -1];
288 }
289 rev.length = blob->length;
290
291 ret = BN_bin2bn(rev.data, rev.length, NULL);
292 talloc_free(rev.data);
293
294 return ret;
295 }
296
297 static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
298 struct bkrp_exported_RSA_key_pair *keypair,
299 hx509_private_key *pk)
300 {
301 hx509_context hctx;
302 RSA *rsa;
303 struct hx509_private_key_ops *ops;
304
305 hx509_context_init(&hctx);
306 ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
307 if (ops == NULL) {
308 DEBUG(2, ("Not supported algorithm\n"));
309 return NT_STATUS_INTERNAL_ERROR;
310 }
311
312 if (hx509_private_key_init(pk, ops, NULL) != 0) {
313 hx509_context_free(&hctx);
314 return NT_STATUS_NO_MEMORY;
315 }
316
317 rsa = RSA_new();
318 if (rsa ==NULL) {
319 hx509_context_free(&hctx);
320 return NT_STATUS_INVALID_PARAMETER;
321 }
322
323 rsa->n = reverse_and_get_bignum(ctx, &(keypair->modulus));
324 if (rsa->n == NULL) {
325 RSA_free(rsa);
326 hx509_context_free(&hctx);
327 return NT_STATUS_INVALID_PARAMETER;
328 }
329 rsa->d = reverse_and_get_bignum(ctx, &(keypair->private_exponent));
330 if (rsa->d == NULL) {
331 RSA_free(rsa);
332 hx509_context_free(&hctx);
333 return NT_STATUS_INVALID_PARAMETER;
334 }
335 rsa->p = reverse_and_get_bignum(ctx, &(keypair->prime1));
336 if (rsa->p == NULL) {
337 RSA_free(rsa);
338 hx509_context_free(&hctx);
339 return NT_STATUS_INVALID_PARAMETER;
340 }
341 rsa->q = reverse_and_get_bignum(ctx, &(keypair->prime2));
342 if (rsa->q == NULL) {
343 RSA_free(rsa);
344 hx509_context_free(&hctx);
345 return NT_STATUS_INVALID_PARAMETER;
346 }
347 rsa->dmp1 = reverse_and_get_bignum(ctx, &(keypair->exponent1));
348 if (rsa->dmp1 == NULL) {
349 RSA_free(rsa);
350 hx509_context_free(&hctx);
351 return NT_STATUS_INVALID_PARAMETER;
352 }
353 rsa->dmq1 = reverse_and_get_bignum(ctx, &(keypair->exponent2));
354 if (rsa->dmq1 == NULL) {
355 RSA_free(rsa);
356 hx509_context_free(&hctx);
357 return NT_STATUS_INVALID_PARAMETER;
358 }
359 rsa->iqmp = reverse_and_get_bignum(ctx, &(keypair->coefficient));
360 if (rsa->iqmp == NULL) {
361 RSA_free(rsa);
362 hx509_context_free(&hctx);
363 return NT_STATUS_INVALID_PARAMETER;
364 }
365 rsa->e = reverse_and_get_bignum(ctx, &(keypair->public_exponent));
366 if (rsa->e == NULL) {
367 RSA_free(rsa);
368 hx509_context_free(&hctx);
369 return NT_STATUS_INVALID_PARAMETER;
370 }
371
372 hx509_private_key_assign_rsa(*pk, rsa);
373
374 hx509_context_free(&hctx);
375 return NT_STATUS_OK;
376 }
377
378 static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
379 uint32_t version,
380 uint8_t *key_and_iv,
381 uint8_t *access_check,
382 uint32_t access_check_len,
383 struct dom_sid **access_sid)
384 {
385 heim_octet_string iv;
386 heim_octet_string access_check_os;
387 hx509_crypto crypto;
388
389 DATA_BLOB blob_us;
390 uint32_t key_len;
391 uint32_t iv_len;
392 int res;
393 enum ndr_err_code ndr_err;
394 hx509_context hctx;
395
396 /* This one should not be freed */
397 const AlgorithmIdentifier *alg;
398
399 *access_sid = NULL;
400 switch (version) {
401 case 2:
402 key_len = 24;
403 iv_len = 8;
404 alg = hx509_crypto_des_rsdi_ede3_cbc();
405 break;
406
407 case 3:
408 key_len = 32;
409 iv_len = 16;
410 alg =hx509_crypto_aes256_cbc();
411 break;
412
413 default:
414 return WERR_INVALID_DATA;
415 }
416
417 hx509_context_init(&hctx);
418 res = hx509_crypto_init(hctx, NULL,
419 &(alg->algorithm),
420 &crypto);
421 hx509_context_free(&hctx);
422
423 if (res != 0) {
424 return WERR_INVALID_DATA;
425 }
426
427 res = hx509_crypto_set_key_data(crypto, key_and_iv, key_len);
428
429 iv.data = talloc_memdup(sub_ctx, key_len + key_and_iv, iv_len);
430 iv.length = iv_len;
431
432 if (res != 0) {
433 hx509_crypto_destroy(crypto);
434 return WERR_INVALID_DATA;
435 }
436
437 hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
438 res = hx509_crypto_decrypt(crypto,
439 access_check,
440 access_check_len,
441 &iv,
442 &access_check_os);
443
444 if (res != 0) {
445 hx509_crypto_destroy(crypto);
446 return WERR_INVALID_DATA;
447 }
448
449 blob_us.data = access_check_os.data;
450 blob_us.length = access_check_os.length;
451
452 hx509_crypto_destroy(crypto);
453
454 if (version == 2) {
455 uint32_t hash_size = 20;
456 uint8_t hash[hash_size];
457 struct sha sctx;
458 struct bkrp_access_check_v2 uncrypted_accesscheckv2;
459
460 ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv2,
461 (ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v2);
462 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
463 /* Unable to unmarshall */
464 der_free_octet_string(&access_check_os);
465 return WERR_INVALID_DATA;
466 }
467 if (uncrypted_accesscheckv2.magic != 0x1) {
468 /* wrong magic */
469 der_free_octet_string(&access_check_os);
470 return WERR_INVALID_DATA;
471 }
472
473 SHA1_Init(&sctx);
474 SHA1_Update(&sctx, blob_us.data, blob_us.length - hash_size);
475 SHA1_Final(hash, &sctx);
476 der_free_octet_string(&access_check_os);
477 /*
478 * We free it after the sha1 calculation because blob.data
479 * point to the same area
480 */
481
482 if (memcmp(hash, uncrypted_accesscheckv2.hash, hash_size) != 0) {
483 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
484 return WERR_INVALID_DATA;
485 }
486 *access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv2.sid));
487 if (*access_sid == NULL) {
488 return WERR_NOMEM;
489 }
490 return WERR_OK;
491 }
492
493 if (version == 3) {
494 uint32_t hash_size = 64;
495 uint8_t hash[hash_size];
496 struct hc_sha512state sctx;
497 struct bkrp_access_check_v3 uncrypted_accesscheckv3;
498
499 ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv3,
500 (ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v3);
501 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
502 /* Unable to unmarshall */
503 der_free_octet_string(&access_check_os);
504 return WERR_INVALID_DATA;
505 }
506 if (uncrypted_accesscheckv3.magic != 0x1) {
507 /* wrong magic */
508 der_free_octet_string(&access_check_os);
509 return WERR_INVALID_DATA;
510 }
511
512 SHA512_Init(&sctx);
513 SHA512_Update(&sctx, blob_us.data, blob_us.length - hash_size);
514 SHA512_Final(hash, &sctx);
515 der_free_octet_string(&access_check_os);
516 /*
517 * We free it after the sha1 calculation because blob.data
518 * point to the same area
519 */
520
521 if (memcmp(hash, uncrypted_accesscheckv3.hash, hash_size) != 0) {
522 DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
523 return WERR_INVALID_DATA;
524 }
525 *access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv3.sid));
526 if (*access_sid == NULL) {
527 return WERR_NOMEM;
528 }
529 return WERR_OK;
530 }
531
532 /* Never reached normally as we filtered at the switch / case level */
533 return WERR_INVALID_DATA;
534 }
535
536 static WERROR bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state *dce_call,
537 TALLOC_CTX *mem_ctx,
538 struct bkrp_BackupKey *r,
539 struct ldb_context *ldb_ctx)
540 {
541 struct bkrp_client_side_wrapped uncrypt_request;
542 DATA_BLOB blob;
543 enum ndr_err_code ndr_err;
544 char *guid_string;
545 char *cert_secret_name;
546 DATA_BLOB secret;
547 DATA_BLOB *uncrypted;
548 NTSTATUS status;
549
550 blob.data = r->in.data_in;
551 blob.length = r->in.data_in_len;
552
553 if (r->in.data_in_len == 0 || r->in.data_in == NULL) {
554 return WERR_INVALID_PARAM;
555 }
556
557 ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &uncrypt_request,
558 (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_wrapped);
559 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
560 return WERR_INVALID_PARAM;
561 }
562
563 if (uncrypt_request.version < BACKUPKEY_MIN_VERSION) {
564 return WERR_INVALID_PARAMETER;
565 }
566
567 if (uncrypt_request.version > BACKUPKEY_MAX_VERSION) {
568 return WERR_INVALID_PARAMETER;
569 }
570
571 guid_string = GUID_string(mem_ctx, &uncrypt_request.guid);
572 if (guid_string == NULL) {
573 return WERR_NOMEM;
574 }
575
576 cert_secret_name = talloc_asprintf(mem_ctx,
577 "BCKUPKEY_%s",
578 guid_string);
579 if (cert_secret_name == NULL) {
580 return WERR_NOMEM;
581 }
582
583 status = get_lsa_secret(mem_ctx,
584 ldb_ctx,
585 cert_secret_name,
586 &secret);
587 if (!NT_STATUS_IS_OK(status)) {
588 DEBUG(10, ("Error while fetching secret %s\n", cert_secret_name));
589 if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
590 /* we do not have the real secret attribute */
591 return WERR_INVALID_PARAMETER;
592 } else {
593 return WERR_FILE_NOT_FOUND;
594 }
595 }
596
597 if (secret.length != 0) {
598 hx509_context hctx;
599 struct bkrp_exported_RSA_key_pair keypair;
600 hx509_private_key pk;
601 uint32_t i, res;
602 struct dom_sid *access_sid = NULL;
603 heim_octet_string reversed_secret;
604 heim_octet_string uncrypted_secret;
605 AlgorithmIdentifier alg;
606 struct dom_sid *caller_sid;
607 DATA_BLOB blob_us;
608 WERROR werr;
609
610 ndr_err = ndr_pull_struct_blob(&secret, mem_ctx, &keypair, (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
611 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
612 DEBUG(2, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name));
613 return WERR_FILE_NOT_FOUND;
614 }
615
616 status = get_pk_from_raw_keypair_params(mem_ctx, &keypair, &pk);
617 if (!NT_STATUS_IS_OK(status)) {
618 return WERR_INTERNAL_ERROR;
619 }
620
621 reversed_secret.data = talloc_array(mem_ctx, uint8_t,
622 uncrypt_request.encrypted_secret_len);
623 if (reversed_secret.data == NULL) {
624 hx509_private_key_free(&pk);
625 return WERR_NOMEM;
626 }
627
628 /* The secret has to be reversed ... */
629 for(i=0; i< uncrypt_request.encrypted_secret_len; i++) {
630 uint8_t *reversed = (uint8_t *)reversed_secret.data;
631 uint8_t *uncrypt = uncrypt_request.encrypted_secret;
632 reversed[i] = uncrypt[uncrypt_request.encrypted_secret_len - 1 - i];
633 }
634 reversed_secret.length = uncrypt_request.encrypted_secret_len;
635
636 /*
637 * Let's try to decrypt the secret now that
638 * we have the private key ...
639 */
640 hx509_context_init(&hctx);
641 res = hx509_private_key_private_decrypt(hctx, &reversed_secret,
642 &alg.algorithm, pk,
643 &uncrypted_secret);
644 hx509_context_free(&hctx);
645 hx509_private_key_free(&pk);
646 if (res != 0) {
647 /* We are not able to decrypt the secret, looks like something is wrong */
648 return WERR_INVALID_DATA;
649 }
650 blob_us.data = uncrypted_secret.data;
651 blob_us.length = uncrypted_secret.length;
652
653 if (uncrypt_request.version == 2) {
654 struct bkrp_encrypted_secret_v2 uncrypted_secretv2;
655
656 ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv2,
657 (ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v2);
658 der_free_octet_string(&uncrypted_secret);
659 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
660 /* Unable to unmarshall */
661 return WERR_INVALID_DATA;
662 }
663 if (uncrypted_secretv2.magic != 0x20) {
664 /* wrong magic */
665 return WERR_INVALID_DATA;
666 }
667
668 werr = get_and_verify_access_check(mem_ctx, 2,
669 uncrypted_secretv2.payload_key,
670 uncrypt_request.access_check,
671 uncrypt_request.access_check_len,
672 &access_sid);
673 if (!W_ERROR_IS_OK(werr)) {
674 return werr;
675 }
676 uncrypted = talloc(mem_ctx, DATA_BLOB);
677 if (uncrypted == NULL) {
678 return WERR_INVALID_DATA;
679 }
680
681 uncrypted->data = uncrypted_secretv2.secret;
682 uncrypted->length = uncrypted_secretv2.secret_len;
683 }
684 if (uncrypt_request.version == 3) {
685 struct bkrp_encrypted_secret_v3 uncrypted_secretv3;
686
687 ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv3,
688 (ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v3);
689
690 der_free_octet_string(&uncrypted_secret);
691 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
692 /* Unable to unmarshall */
693 return WERR_INVALID_DATA;
694 }
695
696 if (uncrypted_secretv3.magic1 != 0x30 ||
697 uncrypted_secretv3.magic2 != 0x6610 ||
698 uncrypted_secretv3.magic3 != 0x800e) {
699 /* wrong magic */
700 return WERR_INVALID_DATA;
701 }
702
703 werr = get_and_verify_access_check(mem_ctx, 3,
704 uncrypted_secretv3.payload_key,
705 uncrypt_request.access_check,
706 uncrypt_request.access_check_len,
707 &access_sid);
708 if (!W_ERROR_IS_OK(werr)) {
709 return werr;
710 }
711
712 uncrypted = talloc(mem_ctx, DATA_BLOB);
713 if (uncrypted == NULL) {
714 return WERR_INVALID_DATA;
715 }
716
717 uncrypted->data = uncrypted_secretv3.secret;
718 uncrypted->length = uncrypted_secretv3.secret_len;
719 }
720
721 caller_sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
722
723 if (!dom_sid_equal(caller_sid, access_sid)) {
724 talloc_free(uncrypted);
725 return WERR_INVALID_ACCESS;
726 }
727
728 /*
729 * Yeah if we are here all looks pretty good:
730 * - hash is ok
731 * - user sid is the same as the one in access check
732 * - we were able to decrypt the whole stuff
733 */
734 }
735
736 if (uncrypted->data == NULL) {
737 return WERR_INVALID_DATA;
738 }
739
740 /* There is a magic value a the beginning of the data
741 * we can use an adhoc structure but as the
742 * parent structure is just an array of bytes it a lot of work
743 * work just prepending 4 bytes
744 */
745 *(r->out.data_out) = talloc_zero_array(mem_ctx, uint8_t, uncrypted->length + 4);
746 W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
747 memcpy(4+*(r->out.data_out), uncrypted->data, uncrypted->length);
748 *(r->out.data_out_len) = uncrypted->length + 4;
749
750 return WERR_OK;
751 }
752
753 static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
754 hx509_private_key *pk, RSA **_rsa)
755 {
756 BIGNUM *pub_expo;
757 RSA *rsa;
758 int ret;
759 uint8_t *p0, *p;
760 size_t len;
761 int bits = 2048;
762 int RSA_returned_bits;
763
764 *_rsa = NULL;
765
766 pub_expo = BN_new();
767 if(pub_expo == NULL) {
768 return WERR_INTERNAL_ERROR;
769 }
770
771 /* set the public expo to 65537 like everyone */
772 BN_set_word(pub_expo, 0x10001);
773
774 rsa = RSA_new();
775 if(rsa == NULL) {
776 BN_free(pub_expo);
777 return WERR_INTERNAL_ERROR;
778 }
779
780 while (RSA_returned_bits != bits) {
781 ret = RSA_generate_key_ex(rsa, bits, pub_expo, NULL);
782 if(ret != 1) {
783 RSA_free(rsa);
784 BN_free(pub_expo);
785 return WERR_INTERNAL_ERROR;
786 }
787 RSA_returned_bits = BN_num_bits(rsa->n);
788 DEBUG(6, ("RSA_generate_key_ex returned %d Bits\n", RSA_returned_bits));
789 }
790 BN_free(pub_expo);
791
792 len = i2d_RSAPrivateKey(rsa, NULL);
793 if (len < 1) {
794 RSA_free(rsa);
795 return WERR_INTERNAL_ERROR;
796 }
797
798 p0 = p = talloc_array(ctx, uint8_t, len);
799 if (p == NULL) {
800 RSA_free(rsa);
801 return WERR_INTERNAL_ERROR;
802 }
803
804 len = i2d_RSAPrivateKey(rsa, &p);
805 if (len < 1) {
806 RSA_free(rsa);
807 talloc_free(p0);
808 return WERR_INTERNAL_ERROR;
809 }
810
811 /*
812 * To dump the key we can use :
813 * rk_dumpdata("h5lkey", p0, len);
814 */
815 ret = hx509_parse_private_key(*hctx, &_hx509_signature_rsa_with_var_num ,
816 p0, len, HX509_KEY_FORMAT_DER, pk);
817 memset(p0, 0, len);
818 talloc_free(p0);
819 if (ret !=0) {
820 RSA_free(rsa);
821 return WERR_INTERNAL_ERROR;
822 }
823
824 *_rsa = rsa;
825 return WERR_OK;
826 }
827
828 static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *req,
829 time_t lifetime, hx509_private_key *private_key,
830 hx509_cert *cert, DATA_BLOB *guidblob)
831 {
832 SubjectPublicKeyInfo spki;
833 hx509_name subject = NULL;
834 hx509_ca_tbs tbs;
835 struct heim_bit_string uniqueid;
836 struct heim_integer serialnumber;
837 int ret, i;
838
839 uniqueid.data = talloc_memdup(ctx, guidblob->data, guidblob->length);
840 if (uniqueid.data == NULL) {
841 return WERR_NOMEM;
842 }
843 /* uniqueid is a bit string in which each byte represent 1 bit (1 or 0)
844 * so as 1 byte is 8 bits we need to provision 8 times more space as in the
845 * blob
846 */
847 uniqueid.length = 8 * guidblob->length;
848
849 serialnumber.data = talloc_array(ctx, uint8_t,
850 guidblob->length);
851 if (serialnumber.data == NULL) {
852 talloc_free(uniqueid.data);
853 return WERR_NOMEM;
854 }
855
856 /* Native AD generates certificates with serialnumber in reversed notation */
857 for (i = 0; i < guidblob->length; i++) {
858 uint8_t *reversed = (uint8_t *)serialnumber.data;
859 uint8_t *uncrypt = guidblob->data;
860 reversed[i] = uncrypt[guidblob->length - 1 - i];
861 }
862 serialnumber.length = guidblob->length;
863 serialnumber.negative = 0;
864
865 memset(&spki, 0, sizeof(spki));
866
867 ret = hx509_request_get_name(*hctx, *req, &subject);
868 if (ret !=0) {
869 goto fail_subject;
870 }
871 ret = hx509_request_get_SubjectPublicKeyInfo(*hctx, *req, &spki);
872 if (ret !=0) {
873 goto fail_spki;
874 }
875
876 ret = hx509_ca_tbs_init(*hctx, &tbs);
877 if (ret !=0) {
878 goto fail_tbs;
879 }
880
881 ret = hx509_ca_tbs_set_spki(*hctx, tbs, &spki);
882 if (ret !=0) {
883 goto fail;
884 }
885 ret = hx509_ca_tbs_set_subject(*hctx, tbs, subject);
886 if (ret !=0) {
887 goto fail;
888 }
889 ret = hx509_ca_tbs_set_ca(*hctx, tbs, 1);
890 if (ret !=0) {
891 goto fail;
892 }
893 ret = hx509_ca_tbs_set_notAfter_lifetime(*hctx, tbs, lifetime);
894 if (ret !=0) {
895 goto fail;
896 }
897 ret = hx509_ca_tbs_set_unique(*hctx, tbs, &uniqueid, &uniqueid);
898 if (ret !=0) {
899 goto fail;
900 }
901 ret = hx509_ca_tbs_set_serialnumber(*hctx, tbs, &serialnumber);
902 if (ret !=0) {
903 goto fail;
904 }
905 ret = hx509_ca_sign_self(*hctx, tbs, *private_key, cert);
906 if (ret !=0) {
907 goto fail;
908 }
909 hx509_name_free(&subject);
910 free_SubjectPublicKeyInfo(&spki);
911 hx509_ca_tbs_free(&tbs);
912
913 return WERR_OK;
914
915 fail:
916 hx509_ca_tbs_free(&tbs);
917 fail_tbs:
918 free_SubjectPublicKeyInfo(&spki);
919 fail_spki:
920 hx509_name_free(&subject);
921 fail_subject:
922 talloc_free(uniqueid.data);
923 talloc_free(serialnumber.data);
924 return WERR_INTERNAL_ERROR;
925 }
926
927 static WERROR create_req(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *req,
928 hx509_private_key *signer,RSA **rsa, const char *dn)
929 {
930 int ret;
931 SubjectPublicKeyInfo key;
932
933 hx509_name name;
934 WERROR w_err;
935
936 w_err = create_heimdal_rsa_key(ctx, hctx, signer, rsa);
937 if (!W_ERROR_IS_OK(w_err)) {
938 return w_err;
939 }
940
941 hx509_request_init(*hctx, req);
942 ret = hx509_parse_name(*hctx, dn, &name);
943 if (ret != 0) {
944 RSA_free(*rsa);
945 hx509_private_key_free(signer);
946 hx509_request_free(req);
947 hx509_name_free(&name);
948 return WERR_INTERNAL_ERROR;
949 }
950
951 ret = hx509_request_set_name(*hctx, *req, name);
952 if (ret != 0) {
953 RSA_free(*rsa);
954 hx509_private_key_free(signer);
955 hx509_request_free(req);
956 hx509_name_free(&name);
957 return WERR_INTERNAL_ERROR;
958 }
959 hx509_name_free(&name);
960
961 ret = hx509_private_key2SPKI(*hctx, *signer, &key);
962 if (ret != 0) {
963 RSA_free(*rsa);
964 hx509_private_key_free(signer);
965 hx509_request_free(req);
966 return WERR_INTERNAL_ERROR;
967 }
968 ret = hx509_request_set_SubjectPublicKeyInfo(*hctx, *req, &key);
969 if (ret != 0) {
970 RSA_free(*rsa);
971 hx509_private_key_free(signer);
972 free_SubjectPublicKeyInfo(&key);
973 hx509_request_free(req);
974 return WERR_INTERNAL_ERROR;
975 }
976
977 free_SubjectPublicKeyInfo(&key);
978
979 return WERR_OK;
980 }
981
982 /* Return an error when we fail to generate a certificate */
983 static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_call, struct ldb_context *ldb_ctx, const char *dn)
984 {
985 heim_octet_string data;
986 WERROR w_err;
987 RSA *rsa;
988 hx509_context hctx;
989 hx509_private_key pk;
990 hx509_request req;
991 hx509_cert cert;
992 DATA_BLOB blob;
993 DATA_BLOB blobkeypair;
994 DATA_BLOB *tmp;
995 int ret;
996 bool ok = true;
997 struct GUID guid = GUID_random();
998 NTSTATUS status;
999 char *secret_name;
1000 struct bkrp_exported_RSA_key_pair keypair;
1001 enum ndr_err_code ndr_err;
1002 uint32_t nb_days_validity = 3600 * 24 * 365;
1003
1004 DEBUG(6, ("Trying to generate a certificate\n"));
1005 hx509_context_init(&hctx);
1006 w_err = create_req(ctx, &hctx, &req, &pk, &rsa, dn);
1007 if (!W_ERROR_IS_OK(w_err)) {
1008 hx509_context_free(&hctx);
1009 return w_err;
1010 }
1011
1012 status = GUID_to_ndr_blob(&guid, ctx, &blob);
1013 if (!NT_STATUS_IS_OK(status)) {
1014 hx509_context_free(&hctx);
1015 hx509_private_key_free(&pk);
1016 RSA_free(rsa);
1017 return WERR_INVALID_DATA;
1018 }
1019
1020 w_err = self_sign_cert(ctx, &hctx, &req, nb_days_validity, &pk, &cert, &blob);
1021 if (!W_ERROR_IS_OK(w_err)) {
1022 hx509_private_key_free(&pk);
1023 hx509_context_free(&hctx);
1024 return WERR_INVALID_DATA;
1025 }
1026
1027 ret = hx509_cert_binary(hctx, cert, &data);
1028 if (ret !=0) {
1029 hx509_cert_free(cert);
1030 hx509_private_key_free(&pk);
1031 hx509_context_free(&hctx);
1032 return WERR_INVALID_DATA;
1033 }
1034
1035 keypair.cert.data = talloc_memdup(ctx, data.data, data.length);
1036 keypair.cert.length = data.length;
1037
1038 /*
1039 * Heimdal's bignum are big endian and the
1040 * structure expect it to be in little endian
1041 * so we reverse the buffer to make it work
1042 */
1043 tmp = reverse_and_get_blob(ctx, rsa->e);
1044 if (tmp == NULL) {
1045 ok = false;
1046 } else {
1047 keypair.public_exponent = *tmp;
1048 SMB_ASSERT(tmp->length <= 4);
1049 /*
1050 * The value is now in little endian but if can happen that the length is
1051 * less than 4 bytes.
1052 * So if we have less than 4 bytes we pad with zeros so that it correctly
1053 * fit into the structure.
1054 */
1055 if (tmp->length < 4) {
1056 /*
1057 * We need the expo to fit 4 bytes
1058 */
1059 keypair.public_exponent.data = talloc_zero_array(ctx, uint8_t, 4);
1060 memcpy(keypair.public_exponent.data, tmp->data, tmp->length);
1061 keypair.public_exponent.length = 4;
1062 }
1063 }
1064
1065 tmp = reverse_and_get_blob(ctx,rsa->d);
1066 if (tmp == NULL) {
1067 ok = false;
1068 } else {
1069 keypair.private_exponent = *tmp;
1070 }
1071
1072 tmp = reverse_and_get_blob(ctx,rsa->n);
1073 if (tmp == NULL) {
1074 ok = false;
1075 } else {
1076 keypair.modulus = *tmp;
1077 }
1078
1079 tmp = reverse_and_get_blob(ctx,rsa->p);
1080 if (tmp == NULL) {
1081 ok = false;
1082 } else {
1083 keypair.prime1 = *tmp;
1084 }
1085
1086 tmp = reverse_and_get_blob(ctx,rsa->q);
1087 if (tmp == NULL) {
1088 ok = false;
1089 } else {
1090 keypair.prime2 = *tmp;
1091 }
1092
1093 tmp = reverse_and_get_blob(ctx,rsa->dmp1);
1094 if (tmp == NULL) {
1095 ok = false;
1096 } else {
1097 keypair.exponent1 = *tmp;
1098 }
1099
1100 tmp = reverse_and_get_blob(ctx,rsa->dmq1);
1101 if (tmp == NULL) {
1102 ok = false;
1103 } else {
1104 keypair.exponent2 = *tmp;
1105 }
1106
1107 tmp = reverse_and_get_blob(ctx,rsa->iqmp);
1108 if (tmp == NULL) {
1109 ok = false;
1110 } else {
1111 keypair.coefficient = *tmp;
1112 }
1113
1114 /* One of the keypair allocation was wrong */
1115 if (ok == false) {
1116 der_free_octet_string(&data);
1117 hx509_cert_free(cert);
1118 hx509_private_key_free(&pk);
1119 hx509_context_free(&hctx);
1120 RSA_free(rsa);
1121 return WERR_INVALID_DATA;
1122 }
1123 keypair.certificate_len = keypair.cert.length;
1124 ndr_err = ndr_push_struct_blob(&blobkeypair, ctx, &keypair, (ndr_push_flags_fn_t)ndr_push_bkrp_exported_RSA_key_pair);
1125 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1126 der_free_octet_string(&data);
1127 hx509_cert_free(cert);
1128 hx509_private_key_free(&pk);
1129 hx509_context_free(&hctx);
1130 RSA_free(rsa);
1131 return WERR_INVALID_DATA;
1132 }
1133
1134 secret_name = talloc_asprintf(ctx, "BCKUPKEY_%s", GUID_string(ctx, &guid));
1135 if (secret_name == NULL) {
1136 der_free_octet_string(&data);
1137 hx509_cert_free(cert);
1138 hx509_private_key_free(&pk);
1139 hx509_context_free(&hctx);
1140 RSA_free(rsa);
1141 return WERR_OUTOFMEMORY;
1142 }
1143
1144 status = set_lsa_secret(ctx, ldb_ctx, secret_name, &blobkeypair);
1145 if (!NT_STATUS_IS_OK(status)) {
1146 DEBUG(2, ("Failed to save the secret %s\n", secret_name));
1147 }
1148 talloc_free(secret_name);
1149
1150 GUID_to_ndr_blob(&guid, ctx, &blob);
1151 status = set_lsa_secret(ctx, ldb_ctx, "BCKUPKEY_PREFERRED", &blob);
1152 if (!NT_STATUS_IS_OK(status)) {
1153 DEBUG(2, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
1154 }
1155
1156 der_free_octet_string(&data);
1157 hx509_cert_free(cert);
1158 hx509_private_key_free(&pk);
1159 hx509_context_free(&hctx);
1160 RSA_free(rsa);
1161 return WERR_OK;
1162 }
1163
1164 static WERROR bkrp_do_retrieve_client_wrap_key(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1165 struct bkrp_BackupKey *r ,struct ldb_context *ldb_ctx)
1166 {
1167 struct GUID guid;
1168 char *guid_string;
1169 DATA_BLOB secret;
1170 enum ndr_err_code ndr_err;
1171 NTSTATUS status;
1172
1173 /*
1174 * here we basicaly need to return our certificate
1175 * search for lsa secret BCKUPKEY_PREFERRED first
1176 */
1177
1178 status = get_lsa_secret(mem_ctx,
1179 ldb_ctx,
1180 "BCKUPKEY_PREFERRED",
1181 &secret);
1182 if (!NT_STATUS_IS_OK(status)) {
1183 DEBUG(10, ("Error while fetching secret BCKUPKEY_PREFERRED\n"));
1184 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1185 /* Ok we can be in this case if there was no certs */
1186 struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
1187 char *dn = talloc_asprintf(mem_ctx, "CN=%s",
1188 lpcfg_realm(lp_ctx));
1189
1190 WERROR werr = generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);
1191 if (!W_ERROR_IS_OK(werr)) {
1192 return WERR_INVALID_PARAMETER;
1193 }
1194 status = get_lsa_secret(mem_ctx,
1195 ldb_ctx,
1196 "BCKUPKEY_PREFERRED",
1197 &secret);
1198
1199 if (!NT_STATUS_IS_OK(status)) {
1200 /* Ok we really don't manage to get this certs ...*/
1201 DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
1202 return WERR_FILE_NOT_FOUND;
1203 }
1204 } else {
1205 /* In theory we should NEVER reach this point as it
1206 should only appear in a rodc server */
1207 /* we do not have the real secret attribute */
1208 return WERR_INVALID_PARAMETER;
1209 }
1210 }
1211
1212 if (secret.length != 0) {
1213 char *cert_secret_name;
1214
1215 status = GUID_from_ndr_blob(&secret, &guid);
1216 if (!NT_STATUS_IS_OK(status)) {
1217 return WERR_FILE_NOT_FOUND;
1218 }
1219
1220 guid_string = GUID_string(mem_ctx, &guid);
1221 if (guid_string == NULL) {
1222 /* We return file not found because the client
1223 * expect this error
1224 */
1225 return WERR_FILE_NOT_FOUND;
1226 }
1227
1228 cert_secret_name = talloc_asprintf(mem_ctx,
1229 "BCKUPKEY_%s",
1230 guid_string);
1231 status = get_lsa_secret(mem_ctx,
1232 ldb_ctx,
1233 cert_secret_name,
1234 &secret);
1235 if (!NT_STATUS_IS_OK(status)) {
1236 return WERR_FILE_NOT_FOUND;
1237 }
1238
1239 if (secret.length != 0) {
1240 struct bkrp_exported_RSA_key_pair keypair;
1241 ndr_err = ndr_pull_struct_blob(&secret, mem_ctx, &keypair,
1242 (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
1243 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1244 return WERR_FILE_NOT_FOUND;
1245 }
1246 *(r->out.data_out_len) = keypair.cert.length;
1247 *(r->out.data_out) = talloc_memdup(mem_ctx, keypair.cert.data, keypair.cert.length);
1248 W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
1249 return WERR_OK;
1250 } else {
1251 DEBUG(10, ("No or broken secret called %s\n", cert_secret_name));
1252 return WERR_FILE_NOT_FOUND;
1253 }
1254 } else {
1255 DEBUG(10, ("No secret BCKUPKEY_PREFERRED\n"));
1256 return WERR_FILE_NOT_FOUND;
1257 }
1258
1259 return WERR_NOT_SUPPORTED;
1260 }
1261
1262 static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call,
1263 TALLOC_CTX *mem_ctx, struct bkrp_BackupKey *r)
1264 {
1265 WERROR error = WERR_INVALID_PARAM;
1266 struct ldb_context *ldb_ctx;
1267 bool is_rodc;
1268 const char *addr = "unknown";
1269 /* At which level we start to add more debug of what is done in the protocol */
1270 const int debuglevel = 4;
1271
1272 if (DEBUGLVL(debuglevel)) {
1273 const struct tsocket_address *remote_address;
1274 remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
1275 if (tsocket_address_is_inet(remote_address, "ip")) {
1276 addr = tsocket_address_inet_addr_string(remote_address, mem_ctx);
1277 W_ERROR_HAVE_NO_MEMORY(addr);
1278 }
1279 }
1280
1281 if (lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
1282 return WERR_NOT_SUPPORTED;
1283 }
1284
1285 if (!dce_call->conn->auth_state.auth_info ||
1286 dce_call->conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
1287 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
1288 }
1289
1290 ldb_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
1291 dce_call->conn->dce_ctx->lp_ctx,
1292 system_session(dce_call->conn->dce_ctx->lp_ctx), 0);
1293
1294 if (samdb_rodc(ldb_ctx, &is_rodc) != LDB_SUCCESS) {
1295 talloc_unlink(mem_ctx, ldb_ctx);
1296 return WERR_INVALID_PARAM;
1297 }
1298
1299 if (!is_rodc) {
1300 if(strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1301 BACKUPKEY_RESTORE_GUID, strlen(BACKUPKEY_RESTORE_GUID)) == 0) {
1302 DEBUG(debuglevel, ("Client %s requested to decrypt a client side wrapped secret\n", addr));
1303 error = bkrp_do_uncrypt_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx);
1304 }
1305
1306 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1307 BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, strlen(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID)) == 0) {
1308 DEBUG(debuglevel, ("Client %s requested certificate for client wrapped secret\n", addr));
1309 error = bkrp_do_retrieve_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx);
1310 }
1311
1312 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1313 BACKUPKEY_RESTORE_GUID_WIN2K, strlen(BACKUPKEY_RESTORE_GUID_WIN2K)) == 0) {
1314 DEBUG(debuglevel, ("Client %s requested to decrypt a server side wrapped secret, not implemented yet\n", addr));
1315 return WERR_NOT_SUPPORTED; /* is this appropriate? */
1316 }
1317
1318 if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
1319 BACKUPKEY_BACKUP_GUID, strlen(BACKUPKEY_BACKUP_GUID)) == 0) {
1320 DEBUG(debuglevel, ("Client %s requested a server wrapped secret, not implemented yet\n", addr));
1321 return WERR_NOT_SUPPORTED; /* is this appropriate? */
1322 }
1323 }
1324 /*else: I am a RODC so I don't handle backup key protocol */
1325
1326 talloc_unlink(mem_ctx, ldb_ctx);
1327 return error;
1328 }
1329
1330 /* include the generated boilerplate */
1331 #include "librpc/gen_ndr/ndr_backupkey_s.c"
Samba GIT mirror