idl: Add IDL for remote key backup protocol (rkbp)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Matthieu Patou <mat@matws.net> 2010-11-20 18:19:06 +0300
committer: Stefan Metzmacher <metze@samba.org> 2011-01-12 09:08:06 +0100
commit: 25ae380fabfd2d7e5141dadb48b8e30b5b723c1f (patch)
tree: ef26e319e298cfab3d5db45b9b9700c99e6ff478
parent: 9d9c2128585a1d5fdb9090215750427df6a883ff (diff)
download: samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.gz
samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.bz2
samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.zip
6 files changed, 349 insertions, 2 deletions
diff --git a/librpc/idl/backupkey.idl b/librpc/idl/backupkey.idl
new file mode 100644
index 0000000000..e21030bb69
--- /dev/null
+++ b/librpc/idl/backupkey.idl
@@ -0,0 +1,120 @@
+#include "idl_types.h"
+
+import "misc.idl", "security.idl";
+[
+  uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
+  version(1.0),
+  endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
+  helpstring("Remote Backup Key Storage"),
+  helper("../librpc/ndr/ndr_backupkey.h"),
+  pointer_default(unique)
+]
+interface backupkey
+{
+	const string BACKUPKEY_RESTORE_GUID		= "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
+	const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID	= "018FF48A-EABA-40C6-8F6D-72370240E967";
+
+	const string BACKUPKEY_RESTORE_GUID_WIN2K	= "7FE94D50-178E-11D1-AB8F-00805F14DB40";
+	const string BACKUPKEY_BACKUP_GUID		= "7F752B10-178E-11D1-AB8F-00805F14DB40";
+
+	/*
+	 * The magic values are really what they are there is no name it's just remarkable values
+	 * that are here to check that what is transmited or decoded is really what the client or
+	 * the server expect.
+	 */
+	[public] typedef struct {
+		[value(0x00000002)] uint32 header1;
+		[value(0x00000494)] uint32 header2;
+		uint32 certificate_len;
+		[value(0x00000207)] uint32 magic1;
+		[value(0x0000A400)] uint32 magic2;
+		[value(0x32415352)] uint32 magic3;
+		[value(0x00000800)] uint32 magic4;
+		[subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent;
+
+		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient;
+		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent;
+		[subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert;
+	} bkrp_exported_RSA_key_pair;
+
+	[public] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint8 key[256];
+	} bkrp_dc_serverwrap_key;
+
+	[public,gensize] typedef struct {
+		uint32 version;
+		uint32 encrypted_secret_len;
+		uint32 access_check_len;
+		GUID guid;
+		uint8  encrypted_secret[encrypted_secret_len];
+		uint8  access_check[access_check_len];
+	} bkrp_client_side_wrapped;
+
+	[public] typedef struct {
+		[value(0x00000000)] uint32 magic;
+		[subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
+	} bkrp_client_side_unwrapped;
+
+	[public] typedef struct {
+		uint32 secret_len;
+		[value(0x00000020)] uint32 magic;
+		uint8 secret[secret_len];
+		uint8 payload_key[32];
+	} bkrp_encrypted_secret_v2;
+
+	[public] typedef struct {
+		uint32 secret_len;
+		[value(0x00000030)] uint32 magic1;
+		[value(0x00006610)] uint32 magic2;
+		[value(0x0000800e)] uint32 magic3;
+		uint8 secret[secret_len];
+		uint8 payload_key[48];
+	} bkrp_encrypted_secret_v3;
+
+	/* Due to alignement constraint we can generate the structure only via pidl*/
+	[public, nopush, nopull] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint32 nonce_len;
+		uint8 nonce[nonce_len];
+		dom_sid sid;
+		uint8 hash[20];
+	} bkrp_access_check_v2;
+
+	/* Due to alignement constraint we can generate the structure only via pidl*/
+	[public,nopush,nopull] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint32 nonce_len;
+		uint8 nonce[nonce_len];
+		dom_sid sid;
+		uint8 hash[64];
+	} bkrp_access_check_v3;
+
+	typedef enum {
+		BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
+		BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
+		BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
+	} bkrp_guid_to_integer;
+
+	[public] typedef [nodiscriminant] union {
+		[case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
+		[case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req;
+	} bkrp_data_in_blob;
+
+	/******************/
+	/* Function: 0x00 */
+
+	[public, noprint] WERROR bkrp_BackupKey (
+		[in,ref]  GUID *guidActionAgent,
+		[in,ref]  [size_is(data_in_len)] uint8 *data_in,
+		[in]      uint32 data_in_len,
+		[out,ref] [size_is(,*data_out_len)] uint8 **data_out,
+		[out,ref] uint32 *data_out_len,
+		[in]      uint32 param
+	);
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 78f174f6d1..2d65d748ee 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -10,7 +10,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                        dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl
                        oxidresolver.idl samr.idl srvsvc.idl winreg.idl dcerpc.idl
                        drsblobs.idl efs.idl frstrans.idl mgmt.idl netlogon.idl
-                       policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl''',
+                       policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl backupkey.idl''',
                     options='--header --ndr-parser --samba3-ndr-server --samba3-ndr-client --server --client --python',
                     output_dir='../gen_ndr')
 
diff --git a/librpc/ndr/ndr_backupkey.c b/librpc/ndr/ndr_backupkey.c
new file mode 100644
index 0000000000..ddbaeea000
--- /dev/null
+++ b/librpc/ndr/ndr_backupkey.c
@@ -0,0 +1,215 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   routines for top backup key protocol marshalling/unmarshalling
+
+   Copyright (C) Matthieu Patou 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+static uint32_t backupkeyguid_to_uint(const struct GUID *guid)
+{
+	struct GUID tmp;
+	NTSTATUS status;
+	bool match;
+
+	status = GUID_from_string(BACKUPKEY_RESTORE_GUID, &tmp);
+	if (NT_STATUS_IS_OK(status)) {
+		match = GUID_equal(guid, &tmp);
+		if (match) {
+			return BACKUPKEY_RESTORE_GUID_INTEGER;
+		}
+	}
+
+	status = GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &tmp);
+	if (NT_STATUS_IS_OK(status)) {
+		match = GUID_equal(guid, &tmp);
+		if (match) {
+			return BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER;
+		}
+	}
+
+	return BACKUPKEY_INVALID_GUID_INTEGER;
+}
+
+_PUBLIC_ void ndr_print_bkrp_BackupKey(struct ndr_print *ndr, const char *name, int flags, const struct bkrp_BackupKey *r)
+{
+	ndr_print_struct(ndr, name, "bkrp_BackupKey");
+	if (r == NULL) { ndr_print_null(ndr); return; }
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		union bkrp_data_in_blob inblob;
+		DATA_BLOB blob;
+		uint32_t level;
+		enum ndr_err_code ndr_err;
+
+		ndr_print_struct(ndr, "in", "bkrp_BackupKey");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "guidActionAgent", r->in.guidActionAgent);
+		ndr->depth++;
+		ndr_print_GUID(ndr, "guidActionAgent", r->in.guidActionAgent);
+		ndr->depth--;
+
+		level = backupkeyguid_to_uint(r->in.guidActionAgent);
+		blob.data = r->in.data_in;
+		blob.length = r->in.data_in_len;
+		ndr_err = ndr_pull_union_blob(&blob, ndr, &inblob, level,
+				(ndr_pull_flags_fn_t)ndr_pull_bkrp_data_in_blob);
+
+		ndr_print_ptr(ndr, "data_in", r->in.data_in);
+		ndr->depth++;
+		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			ndr_print_bkrp_data_in_blob(ndr, "data_in", &inblob);
+		} else {
+			ndr_print_array_uint8(ndr, "data_in", r->in.data_in, r->in.data_in_len);
+		}
+		ndr->depth--;
+
+		ndr_print_uint32(ndr, "data_in_len", r->in.data_in_len);
+		ndr_print_uint32(ndr, "param", r->in.param);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "bkrp_BackupKey");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "data_out", r->out.data_out);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "data_out", *r->out.data_out);
+		ndr->depth++;
+
+		if (*r->out.data_out) {
+			ndr_print_array_uint8(ndr, "data_out", *r->out.data_out, *r->out.data_out_len);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "data_out_len", r->out.data_out_len);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "data_out_len", *r->out.data_out_len);
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+/* We have manual push/pull because we didn't manage to do the alignment
+ * purely in PIDL as the padding is sized so that the whole access_check_v3
+ * struct size is a multiple of 8 (as specified in 2.2.2.3 of ms-bkrp.pdf)
+ */
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v2(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		size_t ofs;
+		size_t pad;
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000001));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->nonce_len));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->sid));
+		/* We articially increment the offset of 20 bytes (size of hash
+		 * comming after the pad) so that ndr_align can determine easily
+		 * the correct pad size to make the whole struct 8 bytes aligned
+		 */
+		ofs = ndr->offset + 20;
+		pad = ndr_align_size(ofs, 8);
+		NDR_CHECK(ndr_push_zero(ndr, pad));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 20));
+		NDR_CHECK(ndr_push_trailer_align(ndr, 4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v2(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		size_t ofs;
+		size_t pad;
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->nonce_len));
+		NDR_PULL_ALLOC_N(ndr, r->nonce, r->nonce_len);
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->sid));
+		ofs = ndr->offset + 20;
+		pad = ndr_align_size(ofs, 8);
+		NDR_CHECK(ndr_pull_advance(ndr, pad));
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 20));
+		NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+/* We have manual push/pull because we didn't manage to do the alignment
+ * purely in PIDL as the padding is sized so that the whole access_check_v3
+ * struct size is a multiple of 16 (as specified in 2.2.2.4 of ms-bkrp.pdf)
+ */
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v3(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		size_t ofs;
+		size_t pad;
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000001));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->nonce_len));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->sid));
+		/* We articially increment the offset of 64 bytes (size of hash
+		 * comming after the pad) so that ndr_align can determine easily
+		 * the correct pad size to make the whole struct 16 bytes aligned
+		 */
+		ofs = ndr->offset + 64;
+		pad = ndr_align_size(ofs, 16);
+		NDR_CHECK(ndr_push_zero(ndr, pad));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 64));
+		NDR_CHECK(ndr_push_trailer_align(ndr, 4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v3(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		size_t ofs;
+		size_t pad;
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->nonce_len));
+		NDR_PULL_ALLOC_N(ndr, r->nonce, r->nonce_len);
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nonce, r->nonce_len));
+		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->sid));
+		ofs = ndr->offset + 64;
+		pad = ndr_align_size(ofs, 16);
+		NDR_CHECK(ndr_pull_advance(ndr, pad));
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 64));
+		NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
diff --git a/librpc/ndr/ndr_backupkey.h b/librpc/ndr/ndr_backupkey.h
new file mode 100644
index 0000000000..c5c7c39995
--- /dev/null
+++ b/librpc/ndr/ndr_backupkey.h
@@ -0,0 +1,2 @@
+_PUBLIC_ enum ndr_err_code ndr_push_bkrp_access_check_v2(struct ndr_push *ndr, int ndr_flags, const struct bkrp_access_check_v2 *r);
+_PUBLIC_ enum ndr_err_code ndr_pull_bkrp_access_check_v2(struct ndr_pull *ndr, int ndr_flags, struct bkrp_access_check_v2 *r);
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 0d90d106ea..236a728d5f 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -281,6 +281,11 @@ bld.SAMBA_SUBSYSTEM('NDR_NBT',
         header_path='gen_ndr'
 	)
 
+bld.SAMBA_SUBSYSTEM('NDR_BACKUPKEY',
+	source='../librpc/ndr/ndr_backupkey.c ../librpc/gen_ndr/ndr_backupkey.c',
+	public_deps='ndr'
+	)
+
 bld.SAMBA_SUBSYSTEM('RPC_NDR_XATTR',
 	source='../librpc/gen_ndr/ndr_xattr_c.c',
 	public_deps='NDR_XATTR dcerpc'
@@ -468,6 +473,11 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_KEYSVC',
 	public_deps='dcerpc NDR_KEYSVC'
 	)
 
+bld.SAMBA_SUBSYSTEM('RPC_NDR_BACKUPKEY',
+	source='../librpc/gen_ndr/ndr_backupkey_c.c',
+	public_deps='dcerpc NDR_BACKUPKEY'
+	)
+
 # a grouping library for NDR subsystems that may be used by more than one target
 bld.SAMBA_LIBRARY('ndr-samba',
 	source=[],
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index dbef671414..5cff4a9b68 100755
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -135,7 +135,7 @@ bld.SAMBA_SUBSYSTEM('ndr-table',
         NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI
         NDR_FRSTRANS NDR_NFS4ACL NDR_NTP_SIGND NDR_DCOM NDR_WMI
         NDR_NAMED_PIPE_AUTH NDR_NTLMSSP NDR_DFSBLOBS NDR_DNSP
-        NDR_NTPRINTING NDR_DNS''',
+        NDR_NTPRINTING NDR_DNS NDR_BACKUPKEY''',
         depends_on='GEN_NDR_TABLES'
         )
author	Matthieu Patou <mat@matws.net>	2010-11-20 18:19:06 +0300
committer	Stefan Metzmacher <metze@samba.org>	2011-01-12 09:08:06 +0100
commit	25ae380fabfd2d7e5141dadb48b8e30b5b723c1f (patch)
tree	ef26e319e298cfab3d5db45b9b9700c99e6ff478
parent	9d9c2128585a1d5fdb9090215750427df6a883ff (diff)
download	samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.gz samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.tar.bz2 samba-25ae380fabfd2d7e5141dadb48b8e30b5b723c1f.zip