summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2010-11-20 18:19:06 +0300
committerStefan Metzmacher <metze@samba.org>2011-01-12 09:08:06 +0100
commit25ae380fabfd2d7e5141dadb48b8e30b5b723c1f (patch)
treeef26e319e298cfab3d5db45b9b9700c99e6ff478
parent9d9c2128585a1d5fdb9090215750427df6a883ff (diff)
downloadsamba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.gz
samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.bz2
samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.zip
idl: Add IDL for remote key backup protocol (rkbp)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--librpc/idl/backupkey.idl120
-rw-r--r--librpc/idl/wscript_build2
-rw-r--r--librpc/ndr/ndr_backupkey.c215
-rw-r--r--librpc/ndr/ndr_backupkey.h2
-rw-r--r--librpc/wscript_build10
-rwxr-xr-xsource4/librpc/wscript_build2
6 files changed, 349 insertions, 2 deletions
diff --git a/librpc/idl/backupkey.idl b/librpc/idl/backupkey.idl
new file mode 100644
index 0000000000..e21030bb69
--- /dev/null
+++ b/librpc/idl/backupkey.idl
@@ -0,0 +1,120 @@
+#include "idl_types.h"
+
+import "misc.idl", "security.idl";
+[
+ uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
+ version(1.0),
+ endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
+ helpstring("Remote Backup Key Storage"),
+ helper("../librpc/ndr/ndr_backupkey.h"),
+ pointer_default(unique)
+]
+interface backupkey
+{
+ const string BACKUPKEY_RESTORE_GUID = "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
+ const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID = "018FF48A-EABA-40C6-8F6D-72370240E967";
+
+ const string BACKUPKEY_RESTORE_GUID_WIN2K = "7FE94D50-178E-11D1-AB8F-00805F14DB40";
+ const string BACKUPKEY_BACKUP_GUID = "7F752B10-178E-11D1-AB8F-00805F14DB40";
+
+ /*
+ * The magic values are really what they are there is no name it's just remarkable values
+ * that are here to check that what is transmited or decoded is really what the client or
+ * the server expect.
+ */
+ [public] typedef struct {
+ [value(0x00000002)] uint32 header1;
+ [value(0x00000494)] uint32 header2;
+ uint32 certificate_len;
+ [value(0x00000207)] uint32 magic1;
+ [value(0x0000A400)] uint32 magic2;
+ [value(0x32415352)] uint32 magic3;
+ [value(0x00000800)] uint32 magic4;
+ [subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent;
+
+ [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus;
+ [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1;
+ [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2;
+ [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1;
+ [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2;
+ [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient;
+ [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent;
+ [subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert;
+ } bkrp_exported_RSA_key_pair;
+
+ [public] typedef struct {
+ [value(0x00000001)] uint32 magic;
+ uint8 key[256];
+ } bkrp_dc_serverwrap_key;
+
+ [public,gensize] typedef struct {
+ uint32 version;
+ uint32 encrypted_secret_len;
+ uint32 access_check_len;
+ GUID guid;
+ uint8 encrypted_secret[encrypted_secret_len];
+ uint8 access_check[access_check_len];
+ } bkrp_client_side_wrapped;
+
+ [public] typedef struct {
+ [value(0x00000000)] uint32 magic;
+ [subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
+ } bkrp_client_side_unwrapped;
+
+ [public] typedef struct {
+ uint32 secret_len;
+ [value(0x00000020)] uint32 magic;
+ uint8 secret[secret_len];
+ uint8 payload_key[32];
+ } bkrp_encrypted_secret_v2;
+
+ [public] typedef struct {
+ uint32 secret_len;
+ [value(0x00000030)] uint32 magic1;
+ [value(0x00006610)] uint32 magic2;
+ [value(0x0000800e)] uint32 magic3;
+ uint8 secret[secret_len];
+ uint8 payload_key[48];
+ } bkrp_encrypted_secret_v3;
+
+ /* Due to alignement constraint we can generate the structure only via pidl*/
+ [public, nopush, nopull] typedef struct {
+ [value(0x00000001)] uint32 magic;
+ uint32 nonce_len;
+ uint8 nonce[nonce_len];
+ dom_sid sid;
+ uint8 hash[20];
+ } bkrp_access_check_v2;
+
+ /* Due to alignement constraint we can generate the structure only via pidl*/
+ [public,nopush,nopull] typedef struct {
+ [value(0x00000001)] uint32 magic;
+ uint32 nonce_len;
+ uint8 nonce[nonce_len];
+ dom_sid sid;
+ uint8 hash[64];
+ } bkrp_access_check_v3;
+
+ typedef enum {
+ BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
+ BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
+ BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
+ } bkrp_guid_to_integer;
+
+ [public] typedef [nodiscriminant] union {
+ [case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
+ [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req;
+ } bkrp_data_in_blob;
+
+ /******************/
+ /* Function: 0x00 */
+
+ [public, noprint] WERROR bkrp_BackupKey (
+ [in,ref] GUID *guidActionAgent,
+ [in,ref] [size_is(data_in_len)] uint8 *data_in,
+ [in] uint32 data_in_len,
+ [out,ref] [size_is(,*data_out_len)] uint8 **data_out,
+ [out,ref] uint32 *data_out_len,
+ [in] uint32 param
+ );
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 78f174f6d1..2d65d748ee 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -10,7 +10,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl
oxidresolver.idl samr.idl srvsvc.idl winreg.idl dcerpc.idl
drsblobs.idl efs.idl frstrans.idl mgmt.idl netlogon.idl
- policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl''',
+ policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl backupkey.idl''',
options='--header --ndr-parser --samba3-ndr-server --samba3-ndr-client --server --client --python',
output_dir='../gen_ndr')
diff --git a/librpc/ndr/ndr_backupkey.c b/librpc/ndr/ndr_backupkey.c
new file mode 100644
index 0000000000..ddbaeea000
--- /dev/null
+++ b/librpc/ndr/ndr_backupkey.c
@@ -0,0 +1,215 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ routines for top backup key protocol marshalling/unmarshalling
+
+ Copyright (C) Matthieu Patou 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+static uint32_t backupkeyguid_to_uint(const struct GUID *guid)
+{
+ struct GUID tmp;
+ NTSTATUS status;
+ bool match;
+
+ status = GUID_from_string(BACKUPKEY_RESTORE_GUID, &tmp);
+ if (NT_STATUS_IS_OK(status)) {
+ match = GUID_equal(guid, &tmp);
+ if (match) {
+ return BACKUPKEY_RESTORE_GUID_INTEGER;
+ }
+ }
+
+ status = GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &tmp);
+ if (NT_STATUS_IS_OK(status)) {
+ match = GUID_equal(guid, &tmp);
+ if (match) {
+ return BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER;
+ }
+ }
+
+ return BACKUPKEY_INVALID_GUID_INTEGER;
+}
+
+_PUBLIC_ void ndr_print_bkrp_BackupKey(struct ndr_print *ndr, const char *name, int flags, const struct bkrp_BackupKey *r)
+{
+ ndr_print_struct(ndr, name, "bkrp_BackupKey");
+ if (r == NULL) { ndr_print_null(ndr); return; }
+ ndr->depth++;
+ if (flags & NDR_SET_VALUES) {
+ ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+ }
+ if (flags & NDR_IN) {
+ union bkrp_data_in_blob inblob;
+ DATA_BLOB blob;
+ uint32_t level;
+ enum ndr_err_code ndr_err;
+
+ ndr_print_struct(ndr, "in", "bkrp_BackupKey");
+ ndr->depth++;
+ ndr_print_ptr(ndr, "guidActionAgent", r->in.guidActionAgent);
+ ndr->depth++;
+ ndr_print_GUID(ndr, "guidActionAgent", r->in.guidActionAgent);
+ ndr->depth--;
+
+ level = backupkeyguid_to_uint(r->in.guidActionAgent);
+ blob.data = r->in.data_in;
+ blob.length = r->in.data_in_len;
+ ndr_err = ndr_pull_union_blob(&blob, ndr, &inblob, level,
+ (ndr_pull_flags_fn_t)ndr_pull_bkrp_data_in_blob);
+
+ ndr_print_ptr(ndr, "data_in", r->in.data_in);
+ ndr->depth++;
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ ndr_print_bkrp_data_in_blob(ndr, "data_in", &inblob);
+ } else {
+ ndr_print_array_uint8(ndr, "data_in", r->in.data_in, r->in.data_in_len);
+ }
+ ndr->depth--;
+
+ ndr_print_uint32(ndr, "data_in_len", r->in.data_in_len);
+ ndr_print_uint32(ndr, "param", r->in.param);
+ ndr->depth--;
+ }
+ if (flags & NDR_OUT) {
+ ndr_print_struct(ndr, "out", "bkrp_BackupKey");
+ ndr->depth++;
+ ndr_print_ptr(ndr, "data_out", r->out.data_out);
+ ndr->depth++;
+ ndr_print_ptr(ndr, "data_out", *r->out.data_out);
+ ndr->depth++;
+
+ if (*r->out.data_out) {
+ ndr_print_array_uint8(ndr, "data_out", *r->out.data_out, *r->out.data_out_len);
+ }
+ ndr->depth--;
+ ndr->depth--;
+ ndr_print_ptr(ndr, "data_out_len", r->out.data_out_len);
+ ndr->depth++;
+ ndr_print_uint32(ndr, "data_out_len", *r->out.data_out_len);
+ ndr->depth--;
+ ndr_print_WERROR(ndr, "result", r->out.result);
+ ndr->depth--;
+ }
+ ndr->depth--;
+}
+
+/* We have manual push/pull because we didn't manage to do the alignment
+ * purely in PIDL as the padding is sized so that the whole access_check_v3
+ * struct size is a multiple of 8 (as specified in 2.2.2.3 of ms-bkrp.pdf)
+ */
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v2(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v2 *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ size_t ofs;
+ size_t pad;
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000001));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->nonce_len));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->sid));
+ /* We articially increment the offset of 20 bytes (size of hash
+ * comming after the pad) so that ndr_align can determine easily
+ * the correct pad size to make the whole struct 8 bytes aligned
+ */
+ ofs = ndr->offset + 20;
+ pad = ndr_align_size(ofs, 8);
+ NDR_CHECK(ndr_push_zero(ndr, pad));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 20));
+ NDR_CHECK(ndr_push_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v2(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v2 *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ size_t ofs;
+ size_t pad;
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->nonce_len));
+ NDR_PULL_ALLOC_N(ndr, r->nonce, r->nonce_len);
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->sid));
+ ofs = ndr->offset + 20;
+ pad = ndr_align_size(ofs, 8);
+ NDR_CHECK(ndr_pull_advance(ndr, pad));
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 20));
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+/* We have manual push/pull because we didn't manage to do the alignment
+ * purely in PIDL as the padding is sized so that the whole access_check_v3
+ * struct size is a multiple of 16 (as specified in 2.2.2.4 of ms-bkrp.pdf)
+ */
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v3(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v3 *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ size_t ofs;
+ size_t pad;
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000001));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->nonce_len));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->sid));
+ /* We articially increment the offset of 64 bytes (size of hash
+ * comming after the pad) so that ndr_align can determine easily
+ * the correct pad size to make the whole struct 16 bytes aligned
+ */
+ ofs = ndr->offset + 64;
+ pad = ndr_align_size(ofs, 16);
+ NDR_CHECK(ndr_push_zero(ndr, pad));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 64));
+ NDR_CHECK(ndr_push_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v3(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v3 *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ size_t ofs;
+ size_t pad;
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->nonce_len));
+ NDR_PULL_ALLOC_N(ndr, r->nonce, r->nonce_len);
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->sid));
+ ofs = ndr->offset + 64;
+ pad = ndr_align_size(ofs, 16);
+ NDR_CHECK(ndr_pull_advance(ndr, pad));
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 64));
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
diff --git a/librpc/ndr/ndr_backupkey.h b/librpc/ndr/ndr_backupkey.h
new file mode 100644
index 0000000000..c5c7c39995
--- /dev/null
+++ b/librpc/ndr/ndr_backupkey.h
@@ -0,0 +1,2 @@
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v2(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v2 *r);
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v2(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v2 *r);
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 0d90d106ea..236a728d5f 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -281,6 +281,11 @@ bld.SAMBA_SUBSYSTEM('NDR_NBT',
header_path='gen_ndr'
)
+bld.SAMBA_SUBSYSTEM('NDR_BACKUPKEY',
+ source='../librpc/ndr/ndr_backupkey.c ../librpc/gen_ndr/ndr_backupkey.c',
+ public_deps='ndr'
+ )
+
bld.SAMBA_SUBSYSTEM('RPC_NDR_XATTR',
source='../librpc/gen_ndr/ndr_xattr_c.c',
public_deps='NDR_XATTR dcerpc'
@@ -468,6 +473,11 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_KEYSVC',
public_deps='dcerpc NDR_KEYSVC'
)
+bld.SAMBA_SUBSYSTEM('RPC_NDR_BACKUPKEY',
+ source='../librpc/gen_ndr/ndr_backupkey_c.c',
+ public_deps='dcerpc NDR_BACKUPKEY'
+ )
+
# a grouping library for NDR subsystems that may be used by more than one target
bld.SAMBA_LIBRARY('ndr-samba',
source=[],
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index dbef671414..5cff4a9b68 100755
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -135,7 +135,7 @@ bld.SAMBA_SUBSYSTEM('ndr-table',
NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI
NDR_FRSTRANS NDR_NFS4ACL NDR_NTP_SIGND NDR_DCOM NDR_WMI
NDR_NAMED_PIPE_AUTH NDR_NTLMSSP NDR_DFSBLOBS NDR_DNSP
- NDR_NTPRINTING NDR_DNS''',
+ NDR_NTPRINTING NDR_DNS NDR_BACKUPKEY''',
depends_on='GEN_NDR_TABLES'
)