/* Unix SMB/CIFS implementation. Group Key Distribution Protocol functions Copyright (C) Catalyst.Net Ltd 2024 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include #include #include #include "lib/crypto/gkdi.h" #include "lib/util/data_blob.h" #include "lib/util/samba_util.h" #include "lib/util/util_str_hex.h" #include "librpc/ndr/libndr.h" #include "dsdb/gmsa/gkdi.h" #include "dsdb/samdb/ldb_modules/util.h" #include "dsdb/samdb/samdb.h" #include "dsdb/common/proto.h" #include "librpc/gen_ndr/gkdi.h" #include "librpc/gen_ndr/ndr_gkdi.h" NTSTATUS gkdi_root_key_from_msg(TALLOC_CTX *mem_ctx, const struct GUID root_key_id, const struct ldb_message *const msg, const struct ProvRootKey **const root_key_out) { NTSTATUS status = NT_STATUS_OK; struct ldb_val root_key_data = {}; struct KdfAlgorithm kdf_algorithm = {}; const int version = ldb_msg_find_attr_as_int(msg, "msKds-Version", 0); const NTTIME create_time = samdb_result_nttime(msg, "msKds-CreateTime", 0); const NTTIME use_start_time = samdb_result_nttime(msg, "msKds-UseStartTime", 0); const char *domain_id = ldb_msg_find_attr_as_string(msg, "msKds-DomainID", NULL); { const struct ldb_val *root_key_val = ldb_msg_find_ldb_val( msg, "msKds-RootKeyData"); if (root_key_val != NULL) { root_key_data = *root_key_val; } } { const char *algorithm_id = ldb_msg_find_attr_as_string( msg, "msKds-KDFAlgorithmID", NULL); const struct ldb_val *kdf_param_val = ldb_msg_find_ldb_val( msg, "msKds-KDFParam"); status = kdf_algorithm_from_params(algorithm_id, kdf_param_val, &kdf_algorithm); if (!NT_STATUS_IS_OK(status)) { goto out; } } status = ProvRootKey(mem_ctx, root_key_id, version, root_key_data, create_time, use_start_time, domain_id, kdf_algorithm, root_key_out); if (!NT_STATUS_IS_OK(status)) { goto out; } out: return status; } /* * Calculate an appropriate useStartTime for a root key created at * ‘current_time’. * * This function goes unused. */ NTTIME gkdi_root_key_use_start_time(const NTTIME current_time) { const NTTIME start_time = gkdi_get_interval_start_time(current_time); return start_time + gkdi_key_cycle_duration + gkdi_max_clock_skew; } static int gkdi_create_root_key(TALLOC_CTX *mem_ctx, struct ldb_context *const ldb, const NTTIME current_time, const NTTIME use_start_time, struct GUID *const root_key_id_out, struct ldb_dn **const root_key_dn_out) { TALLOC_CTX *tmp_ctx = NULL; struct GUID root_key_id; struct ldb_dn *server_config_dn = NULL; struct ldb_result *server_config_res = NULL; struct ldb_message *server_config_msg = NULL; uint64_t server_config_version; const struct ldb_val *server_config_version_val = NULL; const char *server_config_KDFAlgorithmID = NULL; const struct ldb_val *server_config_KDFParam = NULL; const char *server_config_SecretAgreementAlgorithmID = NULL; const struct ldb_val *server_config_SecretAgreementParam = NULL; uint64_t server_config_PublicKeyLength; uint64_t server_config_PrivateKeyLength; struct KdfAlgorithm kdf_algorithm; DATA_BLOB kdf_parameters_blob = data_blob_null; struct ldb_message *add_msg = NULL; uint8_t root_key_data[GKDI_KEY_LEN]; NTSTATUS status = NT_STATUS_OK; int ret = LDB_SUCCESS; static const char *server_config_attrs[] = { "msKds-Version", "msKds-KDFAlgorithmID", "msKds-SecretAgreementAlgorithmID", "msKds-SecretAgreementParam", "msKds-PublicKeyLength", "msKds-PrivateKeyLength", "msKds-KDFParam", NULL }; *root_key_dn_out = NULL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ldb_oom(ldb); goto out; } server_config_dn = samdb_configuration_dn(ldb, mem_ctx, "CN=Group Key Distribution Service Server Configuration," "CN=Server Configuration," "CN=Group Key Distribution Service," "CN=Services"); if (server_config_dn == NULL) { ret = ldb_oom(ldb); goto out; } ret = dsdb_search_dn(ldb, tmp_ctx, &server_config_res, server_config_dn, server_config_attrs, 0); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_asprintf_errstring(ldb, "Unable to create new GKDI root key as we do not have a GKDI server configuration at %s", ldb_dn_get_linearized(server_config_dn)); goto out; } if (ret != LDB_SUCCESS) { goto out; } server_config_msg = server_config_res->msgs[0]; server_config_version_val = ldb_msg_find_ldb_val(server_config_msg, "msKds-Version"); server_config_version = ldb_msg_find_attr_as_uint64(server_config_msg, "msKds-Version", 0); /* These values we assert on, so we don't create keys we can't use */ if (server_config_version_val == NULL) { /* * The systemMustContain msKds-Version attribute * cannot be read, so if absent we just fail with * permission denied, as that is all that this can * mean */ ldb_asprintf_errstring(ldb, "Unwilling to create new GKDI root key as " "msKds-Version is not readable on %s\n", ldb_dn_get_linearized(server_config_dn)); ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; goto out; } else if (server_config_version != 1) { ldb_asprintf_errstring(ldb, "Unwilling to create new GKDI root key as " "%s has msKds-Version = %s " "and we only support version 1\n", ldb_dn_get_linearized(server_config_dn), ldb_msg_find_attr_as_string(server_config_msg, "msKds-Version", "(missing)")); ret = LDB_ERR_CONSTRAINT_VIOLATION; goto out; } server_config_KDFAlgorithmID = ldb_msg_find_attr_as_string(server_config_msg, "msKds-KDFAlgorithmID", SP800_108_CTR_HMAC ); server_config_KDFParam = ldb_msg_find_ldb_val(server_config_msg, "msKds-KDFParam"); if (server_config_KDFParam == NULL) { struct KdfParameters kdf_parameters = { .hash_algorithm = "SHA512" }; enum ndr_err_code err; err = ndr_push_struct_blob(&kdf_parameters_blob, tmp_ctx, &kdf_parameters, (ndr_push_flags_fn_t) ndr_push_KdfParameters); if (!NDR_ERR_CODE_IS_SUCCESS(err)) { status = ndr_map_error2ntstatus(err); ldb_asprintf_errstring(ldb, "KdfParameters pull failed: %s\n", nt_errstr(status)); ret = LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE; goto out; } server_config_KDFParam = &kdf_parameters_blob; } status = kdf_algorithm_from_params(server_config_KDFAlgorithmID, server_config_KDFParam, &kdf_algorithm); if (!NT_STATUS_IS_OK(status)) { ldb_asprintf_errstring(ldb, "Unwilling to create new GKDI root key as " "%s has an unsupported msKds-KDFAlgorithmID / msKds-KDFParam combination set: %s\n", ldb_dn_get_linearized(server_config_dn), nt_errstr(status)); ret = LDB_ERR_CONSTRAINT_VIOLATION; goto out; } server_config_SecretAgreementAlgorithmID = ldb_msg_find_attr_as_string(server_config_msg, "msKds-SecretAgreementAlgorithmID", "DH"); /* Optional in msKds-ProvRootKey */ server_config_SecretAgreementParam = ldb_msg_find_ldb_val(server_config_msg, "msKds-SecretAgreementParam"); if (server_config_SecretAgreementParam == NULL) { static const uint8_t ffc_dh_parameters[] = { 12, 2, 0, 0, 68, 72, 80, 77, 0, 1, 0, 0, 135, 168, 230, 29, 180, 182, 102, 60, 255, 187, 209, 156, 101, 25, 89, 153, 140, 238, 246, 8, 102, 13, 208, 242, 93, 44, 238, 212, 67, 94, 59, 0, 224, 13, 248, 241, 214, 25, 87, 212, 250, 247, 223, 69, 97, 178, 170, 48, 22, 195, 217, 17, 52, 9, 111, 170, 59, 244, 41, 109, 131, 14, 154, 124, 32, 158, 12, 100, 151, 81, 122, 189, 90, 138, 157, 48, 107, 207, 103, 237, 145, 249, 230, 114, 91, 71, 88, 192, 34, 224, 177, 239, 66, 117, 191, 123, 108, 91, 252, 17, 212, 95, 144, 136, 185, 65, 245, 78, 177, 229, 155, 184, 188, 57, 160, 191, 18, 48, 127, 92, 79, 219, 112, 197, 129, 178, 63, 118, 182, 58, 202, 225, 202, 166, 183, 144, 45, 82, 82, 103, 53, 72, 138, 14, 241, 60, 109, 154, 81, 191, 164, 171, 58, 216, 52, 119, 150, 82, 77, 142, 246, 161, 103, 181, 164, 24, 37, 217, 103, 225, 68, 229, 20, 5, 100, 37, 28, 202, 203, 131, 230, 180, 134, 246, 179, 202, 63, 121, 113, 80, 96, 38, 192, 184, 87, 246, 137, 150, 40, 86, 222, 212, 1, 10, 189, 11, 230, 33, 195, 163, 150, 10, 84, 231, 16, 195, 117, 242, 99, 117, 215, 1, 65, 3, 164, 181, 67, 48, 193, 152, 175, 18, 97, 22, 210, 39, 110, 17, 113, 95, 105, 56, 119, 250, 215, 239, 9, 202, 219, 9, 74, 233, 30, 26, 21, 151, 63, 179, 44, 155, 115, 19, 77, 11, 46, 119, 80, 102, 96, 237, 189, 72, 76, 167, 177, 143, 33, 239, 32, 84, 7, 244, 121, 58, 26, 11, 161, 37, 16, 219, 193, 80, 119, 190, 70, 63, 255, 79, 237, 74, 172, 11, 181, 85, 190, 58, 108, 27, 12, 107, 71, 177, 188, 55, 115, 191, 126, 140, 111, 98, 144, 18, 40, 248, 194, 140, 187, 24, 165, 90, 227, 19, 65, 0, 10, 101, 1, 150, 249, 49, 199, 122, 87, 242, 221, 244, 99, 229, 233, 236, 20, 75, 119, 125, 230, 42, 170, 184, 168, 98, 138, 195, 118, 210, 130, 214, 237, 56, 100, 230, 121, 130, 66, 142, 188, 131, 29, 20, 52, 143, 111, 47, 145, 147, 181, 4, 90, 242, 118, 113, 100, 225, 223, 201, 103, 193, 251, 63, 46, 85, 164, 189, 27, 255, 232, 59, 156, 128, 208, 82, 185, 133, 209, 130, 234, 10, 219, 42, 59, 115, 19, 211, 254, 20, 200, 72, 75, 30, 5, 37, 136, 185, 183, 210, 187, 210, 223, 1, 97, 153, 236, 208, 110, 21, 87, 205, 9, 21, 179, 53, 59, 187, 100, 224, 236, 55, 127, 208, 40, 55, 13, 249, 43, 82, 199, 137, 20, 40, 205, 198, 126, 182, 24, 75, 82, 61, 29, 178, 70, 195, 47, 99, 7, 132, 144, 240, 14, 248, 214, 71, 209, 72, 212, 121, 84, 81, 94, 35, 39, 207, 239, 152, 197, 130, 102, 75, 76, 15, 108, 196, 22, 89}; static const DATA_BLOB ffc_dh_parameters_blob = { discard_const_p(uint8_t, ffc_dh_parameters), sizeof ffc_dh_parameters}; server_config_SecretAgreementParam = &ffc_dh_parameters_blob; } server_config_PublicKeyLength = ldb_msg_find_attr_as_uint64(server_config_msg, "msKds-PublicKeyLength", 2048); server_config_PrivateKeyLength = ldb_msg_find_attr_as_uint64(server_config_msg, "msKds-PrivateKeyLength", 256); add_msg = ldb_msg_new(tmp_ctx); if (add_msg == NULL) { ret = ldb_oom(ldb); goto out; } ret = ldb_msg_append_string(add_msg, "objectClass", "msKds-ProvRootKey", LDB_FLAG_MOD_ADD); if (ret) { goto out; } { const DATA_BLOB root_key_data_blob = { .data = root_key_data, .length = sizeof root_key_data}; generate_secret_buffer(root_key_data, sizeof root_key_data); ret = ldb_msg_append_value(add_msg, "msKds-RootKeyData", &root_key_data_blob, LDB_FLAG_MOD_ADD); if (ret) { goto out; } } ret = samdb_msg_append_uint64(ldb, tmp_ctx, add_msg, "msKds-CreateTime", current_time, LDB_FLAG_MOD_ADD); if (ret) { goto out; } ret = samdb_msg_append_uint64(ldb, tmp_ctx, add_msg, "msKds-UseStartTime", use_start_time, LDB_FLAG_MOD_ADD); if (ret) { goto out; } { struct ldb_dn *domain_dn = NULL; ret = samdb_server_reference_dn(ldb, tmp_ctx, &domain_dn); if (ret) { goto out; } ret = ldb_msg_append_linearized_dn(add_msg, "msKds-DomainID", domain_dn, LDB_FLAG_MOD_ADD); if (ret) { goto out; } } ret = samdb_msg_append_uint64(ldb, tmp_ctx, add_msg, "msKds-Version", server_config_version, LDB_FLAG_MOD_ADD); if (ret) { goto out; } ret = ldb_msg_append_string(add_msg, "msKds-KDFAlgorithmID", server_config_KDFAlgorithmID, LDB_FLAG_MOD_ADD); if (ret) { goto out; } ret = ldb_msg_append_string(add_msg, "msKds-SecretAgreementAlgorithmID", server_config_SecretAgreementAlgorithmID, LDB_FLAG_MOD_ADD); if (ret) { goto out; } if (server_config_SecretAgreementParam != NULL) { ret = ldb_msg_append_value(add_msg, "msKds-SecretAgreementParam", server_config_SecretAgreementParam, LDB_FLAG_MOD_ADD); if (ret) { goto out; } } ret = samdb_msg_append_uint64(ldb, tmp_ctx, add_msg, "msKds-PublicKeyLength", server_config_PublicKeyLength, LDB_FLAG_MOD_ADD); if (ret) { goto out; } ret = samdb_msg_append_uint64(ldb, tmp_ctx, add_msg, "msKds-PrivateKeyLength", server_config_PrivateKeyLength, LDB_FLAG_MOD_ADD); ret = ldb_msg_append_value(add_msg, "msKds-KDFParam", server_config_KDFParam, LDB_FLAG_MOD_ADD); if (ret) { goto out; } { uint8_t guid_buf[sizeof((struct GUID_ndr_buf){}.buf)]; const DATA_BLOB guid_blob = {.data = guid_buf, .length = sizeof guid_buf}; generate_secret_buffer(guid_buf, sizeof guid_buf); status = GUID_from_ndr_blob(&guid_blob, &root_key_id); if (!NT_STATUS_IS_OK(status)) { ret = ldb_operr(ldb); goto out; } } { struct ldb_dn *root_key_dn = NULL; root_key_dn = samdb_gkdi_root_key_dn(ldb, tmp_ctx, &root_key_id); if (root_key_dn == NULL) { ret = ldb_operr(ldb); goto out; } add_msg->dn = root_key_dn; } ret = dsdb_add(ldb, add_msg, 0); if (ret) { goto out; } *root_key_id_out = root_key_id; *root_key_dn_out = talloc_steal(mem_ctx, add_msg->dn); out: talloc_free(tmp_ctx); return ret; } /* * The PrivateKey, PublicKey, and SecretAgreement attributes are related to the * public‐key functionality in GKDI. Samba doesn’t try to implement any of that, * so we don’t bother looking at these attributes. */ static const char *const root_key_attrs[] = { "msKds-CreateTime", "msKds-DomainID", "msKds-KDFAlgorithmID", "msKds-KDFParam", /* "msKds-PrivateKeyLength", */ /* "msKds-PublicKeyLength", */ "msKds-RootKeyData", /* "msKds-SecretAgreementAlgorithmID", */ /* "msKds-SecretAgreementParam", */ "msKds-UseStartTime", "msKds-Version", NULL, }; /* * Create and return a new GKDI root key. * * This function goes unused. */ int gkdi_new_root_key(TALLOC_CTX *mem_ctx, struct ldb_context *const ldb, const NTTIME current_time, const NTTIME use_start_time, struct GUID *const root_key_id_out, const struct ldb_message **const root_key_out) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_dn *root_key_dn = NULL; struct ldb_result *res = NULL; int ret = LDB_SUCCESS; *root_key_out = NULL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ldb_oom(ldb); goto out; } ret = gkdi_create_root_key(tmp_ctx, ldb, current_time, use_start_time, root_key_id_out, &root_key_dn); if (ret) { goto out; } ret = dsdb_search_dn( ldb, tmp_ctx, &res, root_key_dn, root_key_attrs, 0); if (ret) { goto out; } if (res->count != 1) { ret = LDB_ERR_NO_SUCH_OBJECT; goto out; } *root_key_out = talloc_steal(mem_ctx, res->msgs[0]); out: talloc_free(tmp_ctx); return ret; } int gkdi_root_key_from_id(TALLOC_CTX *mem_ctx, struct ldb_context *const ldb, const struct GUID *const root_key_id, const struct ldb_message **const root_key_out) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_dn *root_key_dn = NULL; struct ldb_result *res = NULL; int ret = LDB_SUCCESS; *root_key_out = NULL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ldb_oom(ldb); goto out; } root_key_dn = samdb_gkdi_root_key_dn(ldb, tmp_ctx, root_key_id); if (root_key_dn == NULL) { ret = ldb_operr(ldb); goto out; } ret = dsdb_search_dn( ldb, tmp_ctx, &res, root_key_dn, root_key_attrs, 0); if (ret) { goto out; } if (res->count != 1) { ret = dsdb_werror(ldb, LDB_ERR_NO_SUCH_OBJECT, W_ERROR(HRES_ERROR_V(HRES_NTE_NO_KEY)), "failed to find root key"); goto out; } *root_key_out = talloc_steal(mem_ctx, res->msgs[0]); out: talloc_free(tmp_ctx); return ret; } int gkdi_most_recently_created_root_key( TALLOC_CTX *mem_ctx, struct ldb_context *const ldb, _UNUSED_ const NTTIME current_time, const NTTIME not_after, struct GUID *const root_key_id_out, const struct ldb_message **const root_key_out) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_result *res = NULL; int ret = LDB_SUCCESS; *root_key_out = NULL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ldb_oom(ldb); goto out; } { struct ldb_dn *root_key_container_dn = NULL; root_key_container_dn = samdb_gkdi_root_key_container_dn( ldb, tmp_ctx); if (root_key_container_dn == NULL) { ret = ldb_operr(ldb); goto out; } ret = dsdb_search(ldb, tmp_ctx, &res, root_key_container_dn, LDB_SCOPE_ONELEVEL, root_key_attrs, 0, "(msKds-UseStartTime<=%" PRIu64 ")", not_after); if (ret) { goto out; } } /* * Windows just gives up if there are more than 1000 root keys in the * container. */ { struct root_key_candidate { struct GUID id; const struct ldb_message *key; NTTIME create_time; } most_recent_key = { .key = NULL, }; unsigned i; for (i = 0; i < res->count; ++i) { struct root_key_candidate key = { .key = res->msgs[i], }; const struct ldb_val *rdn_val = NULL; bool ok; key.create_time = samdb_result_nttime( key.key, "msKds-CreateTime", 0); if (key.create_time < most_recent_key.create_time) { /* We already have a more recent key. */ continue; } rdn_val = ldb_dn_get_rdn_val(key.key->dn); if (rdn_val == NULL) { continue; } if (rdn_val->length != 36) { /* * Check the RDN is the right length — 36 is the * length of a UUID. */ continue; } ok = parse_guid_string((const char *)rdn_val->data, &key.id); if (!ok) { /* The RDN is not a correctly formatted GUID. */ continue; } /* * We’ve found a new candidate for the most recent root * key. */ most_recent_key = key; } if (most_recent_key.key == NULL) { /* * We were not able to find a suitable root key, but * there is a possibility that a key we create now will * do: if gkdi_root_key_use_start_time(current_time) ≤ * not_after, then a newly‐created key will satisfy our * caller’s requirements. * * Unfortunately, with gMSAs this (I believe) will never * be the case. It’s too late to call * gkdi_new_root_key() — the new key will be a bit *too* * new to be usable for a gMSA. */ ret = dsdb_werror(ldb, LDB_ERR_NO_SUCH_OBJECT, W_ERROR(HRES_ERROR_V( HRES_NTE_NO_KEY)), "failed to find a suitable root key"); goto out; } /* Return the root key that we found. */ *root_key_id_out = most_recent_key.id; *root_key_out = talloc_steal(mem_ctx, most_recent_key.key); } out: talloc_free(tmp_ctx); return ret; }