1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

42 Commits

Author SHA1 Message Date
Volker Lendecke
d5cdfa0f82 backupkey: Fix CID 1338078 (RESOURCE_LEAK)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-11-03 21:43:18 +01:00
Rajesh Joseph
b57c77849a rpc_server: Coverity fix for CID 1273079
leaked_storage: Variable pk going out of scope leaks the storage it points to.

On failure get_pk_from_raw_keypair_params function should free up
the private key (pk) it allocates internally.

Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr  2 19:38:22 CEST 2015 on sn-devel-104
2015-04-02 19:38:22 +02:00
Andrew Bartlett
e617e3e74b backupkey: Use ndr_pull_struct_blob_all()
This avoids bad decrypts from falling down to later code and getting
the error code wrong, by strictly requiring the NDR parse to use all the
data.  A bad decyrpt is very unlikely to get the length correct, and
so fall down to the other checks.

This should fix:
UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_ntvfs)
REASON: Exception: Exception: ../source4/torture/rpc/backupkey.c:1926: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAM: decrypt should fail with WERR_INVALID_PARAM

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11174
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
2015-03-20 13:49:26 +01:00
Andrew Bartlett
61d962bdfd lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
versions use libnettle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2015-03-12 22:24:07 +01:00
Volker Lendecke
4891a98e20 backupkey: Remove an unused variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
969519b3b5 backupkey: Fix CID 1273293 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
7e4daaacb6 backupkey: Fix a memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
00e751d2be backupkey: Simplify get_lsa_secret
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
5ea5d876bf backupkey: Slightly simplify bkrp_do_retrieve_server_wrap_key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
569c8700d6 Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2015-03-04 14:46:07 +01:00
Volker Lendecke
a99a5a34a5 Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
2015-02-25 16:32:29 +01:00
Andrew Bartlett
927ea9791e backupkey: Explain more why we use GnuTLS here
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:12 +01:00
Garming Sam
43d3e90418 backupkey: replace heimdal rsa key generation with GnuTLS
We use GnuTLS because it can reliably generate 2048 bit keys every time.

Windows clients strictly require 2048, no more since it won't fit and no
less either. Heimdal would almost always generate a smaller key.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
2015-02-25 01:08:12 +01:00
Andrew Bartlett
3254f9bc00 backupkey: Better handling for different wrap version headers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
93510eb513 backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2
This is done in both smbtoture and in our server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
c3c54b9bf3 backupkey: Implement ServerWrap Decrypt
We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt
both ServerWrap and ClientWrap data, and we implement
BACKUPKEY_RESTORE_GUID_WIN2K.

BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
cdecd8540a backupkey: Handle more clearly the case where we find the secret, but it has no value
This happen on the RODC, a case that we try not to permit at all.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
51086f30dd backupkey: Improve variable names to make clear this is client-provided data
The values we return here are client-provided passwords or other keys, that we decrypt for them.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
0ff9733479 backupkey: Use the name lsa_secret rather than just secret
This makes it clear that this is the data stored on the LSA secrets store
and not the client-provided data to be encrypted.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
33c6164067 backupkey: Implement ServerWrap Encrypt protocol
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
c55f393649 backupkey: Improve function names and comments for clarity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Andrew Bartlett
f69b180cf8 backupkey: Move SID comparison to inside get_and_verify_access_check()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Garming Sam
a4e6873c43 backupkey: begin by factoring out the server wrap functions
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-25 01:08:11 +01:00
Arvid Requate
e6e9e490ae s4-backupkey: consistent naming of werr variable
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
e25c61c5f1 s4-backupkey: improve variable name
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
8473f6da69 s4-backupkey: typo fix
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
879b65710b s4-backupkey: IDL for ServerWrap subprotocol
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
007c3978a4 s4-backupkey: Comply with [MS-BKRP] 2.2.1
[MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name
field SHOULD contain the name of the DNS domain assigned to the server."

In fact Windows 7 clients don't seem to care. Also in certificates
generated by native AD the domain name (after CN=) is encoded as
UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently
we just leave the encoding as it is for now.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
577fa69b52 s4-backupkey: Set defined cert serialnumber
[MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate
should be set identical to the subjectUniqueID. In fact certificates
generated by native AD have this field encoded in little-endian format.
See also
https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
525c93caa6 s4-backupkey: de-duplicate error handling
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:11 +01:00
Arvid Requate
d633fcb566 s4-backupkey: check for talloc failure
Check for talloc_memdup failure for uniqueid.data.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:10 +01:00
Arvid Requate
89803009b9 s4-backupkey: Cert lifetime of 365 days, not secs
hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Two other TODOs in this implementation:

* Since notBefore is not set explicietely to "now", the heimdal code
  default of now-(24 hours) is applied.

* Server side validity checks and cert renewal are missing.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-25 01:08:10 +01:00
Arvid Requate
9b2ff26c89 s4-backupkey: Ensure RSA modulus is 2048 bits
RSA_generate_key_ex doesn't always generate a modulus of requested
bit length. Tests with Windows 7 clients showed that they decline
x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length
is smaller than the specified 2048 bits. For the user this resulted
in DPAPI failing to retrieve stored credentials after the user password
has been changed at least two times. On the server side log.samba showed
that the client also called the as yet unlimplemented ServerWrap sub-
protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the
ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After
enabling DPAPI auditing on the Windows Clients the Event Viewer showed
Event-ID 4692 failing with a FailureReason value of 0x7a in these cases.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
2015-02-25 01:08:10 +01:00
Jelmer Vernooij
a0eac12d5a Use heim_octet_string typedef.
The struct version is not provided by newer versions of heimdal.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-11-28 02:25:55 +01:00
Volker Lendecke
144428058a backupkey: Fix CID 1034885 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:09 +01:00
Andrew Bartlett
b8815dc23d lib/param: Create a seperate server role for "active directory domain controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.

To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.

Andrew Bartlett
2012-06-15 09:18:33 +02:00
Jelmer Vernooij
5cb8f6b9f1 Fix compilation without external heimdal.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Apr  3 17:18:56 CEST 2011 on sn-devel-104
2011-04-03 17:18:56 +02:00
Jelmer Vernooij
09289c073c use system heimdal headers if possible, fix missing dependencies on hx509 and krb5 libraries. 2011-04-03 16:33:04 +02:00
Jelmer Vernooij
431853c846 Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
2011-03-14 23:53:46 +01:00
Matthias Dieter Wallnöfer
c66780332b s4:remove many invocations of "samdb_msg_add_string"
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-03-01 06:29:03 +01:00
Andrew Tridgell
12a1e02002 s4-dsdb: cleanups to the backupkey RPC server
- fixed some warnings
- change the debug levels to something more reasonable

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-14 17:55:09 +11:00
Matthieu Patou
ac82dbd897 s4: Add server side implementation of backup key remote protocol
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-14 10:57:32 +11:00