The branch, master has been updated via f6b929e s3-pam_smbpass: Add a deprecation warning. via e5f8b49 s4/scripting/devel: Add tool to roll over the krbtgt password via fb250d1 testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice via e189e9e selftest: Improve renamedc tests to confirm more than just the exit code via a49ee57 s4/scripting/bin/renamedc: Fix up rename DC script via dab8eca lib/crypto: Document nettle supported crypto via 927ea97 backupkey: Explain more why we use GnuTLS here via 63609eb build: amend typo for address sanitizer help via 5ca9a4e torture-backupkey: Check the dcerpc call return code before calling ndr pull via 43d3e90 backupkey: replace heimdal rsa key generation with GnuTLS via a1f1db2 build: Require GnuTLS if building with Active Directory via f7b6e69 torture-backupkey: Add tests that read the secret from the server, and validate via 3254f9b backupkey: Better handling for different wrap version headers via d8cc370 backupkey: Add tests for ServerWrap protocol via 93510eb backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2 via c3c54b9 backupkey: Implement ServerWrap Decrypt via cdecd85 backupkey: Handle more clearly the case where we find the secret, but it has no value via 51086f3 backupkey: Improve variable names to make clear this is client-provided data via 0ff9733 backupkey: Use the name lsa_secret rather than just secret via 33c6164 backupkey: Implement ServerWrap Encrypt protocol via c55f393 backupkey: Improve function names and comments for clarity via f69b180 backupkey: Move SID comparison to inside get_and_verify_access_check() via bc0b90a backupkey: Improve IDL via a4e6873 backupkey: begin by factoring out the server wrap functions via 286223f torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful via d9529db torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds via 16ad6de s4:torture/rpc/backupkey: Require 2048 bit RSA key via e6e9e49 s4-backupkey: consistent naming of werr variable via e25c61c s4-backupkey: improve variable name via 8473f6d s4-backupkey: typo fix via 879b657 s4-backupkey: IDL for ServerWrap subprotocol via 3bc3bec s4-backupkey: fix ndr_pull error on empty input via 6af3cf6 s4-backupkey: Initialize ndr->switchlist for print via 007c397 s4-backupkey: Comply with [MS-BKRP] 2.2.1 via 577fa69 s4-backupkey: Set defined cert serialnumber via 525c93c s4-backupkey: de-duplicate error handling via d633fcb s4-backupkey: check for talloc failure via 8980300 s4-backupkey: Cert lifetime of 365 days, not secs via 9b2ff26 s4-backupkey: Ensure RSA modulus is 2048 bits from a00d72b wafsamba: make sure build fails when uninitialized variable is detected
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f6b929e72197014601fd4c45b61f49793f6d6149 Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 23 10:38:31 2015 +0100 s3-pam_smbpass: Add a deprecation warning. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Feb 25 03:37:34 CET 2015 on sn-devel-104 commit e5f8b49e21079713a9c704e24494ea562ae5bc1d Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 23 16:50:43 2015 +1300 s4/scripting/devel: Add tool to roll over the krbtgt password This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies of production domains in such a way that they cannot mix. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Jelmer Vernooij <jel...@samba.org> commit fb250d1328033888a33037a2d0ca9d36614cf6bc Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 23 16:22:29 2015 +1300 testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Jelmer Vernooij <jel...@samba.org> commit e189e9ed4b0d3396aecad16c805a941714acdb6d Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 23 15:45:53 2015 +1300 selftest: Improve renamedc tests to confirm more than just the exit code This now confirms that the DC has been renamed Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Jelmer Vernooij <jel...@samba.org> commit a49ee57ec3780d0f4e7d64493fd4ab9b5befff60 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 23 16:10:31 2015 +1300 s4/scripting/bin/renamedc: Fix up rename DC script We now have a reliable handler for backlinks so this we can now rename both objects Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Jelmer Vernooij <jel...@samba.org> commit dab8eca590972b291c4082042d2dd214be64305a Author: Michael Ledford <mich...@ledford.cc> Date: Mon Feb 23 20:46:31 2015 -0500 lib/crypto: Document nettle supported crypto Signed-off-by: Michael Ledford <mich...@ledford.cc> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 927ea9791e3d1a91516b1cec6918772da83a7fbb Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 16 11:26:37 2015 +1300 backupkey: Explain more why we use GnuTLS here Pair-programmed-with: Garming Sam <garm...@catalyst.net.nz> Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 63609eba997d027e7545fe355aa5b26bfc307190 Author: Garming Sam <garm...@catalyst.net.nz> Date: Thu Feb 12 12:13:39 2015 +1300 build: amend typo for address sanitizer help Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5ca9a4ebe53fd225e2491a4da4635468fef60829 Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Feb 13 16:55:07 2015 +1300 torture-backupkey: Check the dcerpc call return code before calling ndr pull Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 43d3e90418b5e0ac5986e08f9483146f4f5d2357 Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Feb 13 09:54:50 2015 +1300 backupkey: replace heimdal rsa key generation with GnuTLS We use GnuTLS because it can reliably generate 2048 bit keys every time. Windows clients strictly require 2048, no more since it won't fit and no less either. Heimdal would almost always generate a smaller key. Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980 commit a1f1db277a2c452b63b9fe2d67cabfe0df60223d Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Feb 13 16:49:58 2015 +1300 build: Require GnuTLS if building with Active Directory Without GnuTLS, we don't have ldaps:// support and we are unable to readily create RSA keys of the correct length for the BackupKey protocol. Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f7b6e696ed552f02195c87a7eede5a0090f8df1f Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 13 12:59:45 2015 +1300 torture-backupkey: Add tests that read the secret from the server, and validate These show that MS-BKRP 3.1.4.1.1 BACKUPKEY_BACKUP_GUID is incorrect when it states that the key must be the leading 64 bytes, it must be the whole 256 byte buffer. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 3254f9bc009bae3d8463035d63eb1625f23606e6 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 12 16:15:41 2015 +1300 backupkey: Better handling for different wrap version headers Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit d8cc370d01445b5120678dde02955f13f3773bb2 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 11 17:46:42 2015 +1300 backupkey: Add tests for ServerWrap protocol Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 93510eb513598431c260cd0b85a02d0e49cc821b Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 11 13:37:16 2015 +1300 backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2 This is done in both smbtoture and in our server Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit c3c54b9bf36ef5075fdca9042296f033db8673ce Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 11 09:53:58 2015 +1300 backupkey: Implement ServerWrap Decrypt We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt both ServerWrap and ClientWrap data, and we implement BACKUPKEY_RESTORE_GUID_WIN2K. BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit cdecd8540a8e5ef1266684fda0dd10d72466d4d8 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 16:26:23 2015 +1300 backupkey: Handle more clearly the case where we find the secret, but it has no value This happen on the RODC, a case that we try not to permit at all. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 51086f30dd1f0ca656b5391e1500cc65480564e3 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 16:23:17 2015 +1300 backupkey: Improve variable names to make clear this is client-provided data The values we return here are client-provided passwords or other keys, that we decrypt for them. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 0ff9733479f27cf40a9cc0f749de088d33591272 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 16:16:20 2015 +1300 backupkey: Use the name lsa_secret rather than just secret This makes it clear that this is the data stored on the LSA secrets store and not the client-provided data to be encrypted. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 33c616406726a3e144b5b4bbc2c8d3166e0c4be5 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 16:02:00 2015 +1300 backupkey: Implement ServerWrap Encrypt protocol BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit c55f3936490a89004364a203361d201bee5fce08 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 15:50:15 2015 +1300 backupkey: Improve function names and comments for clarity Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit f69b180cf86ad2c43dbbd89c7e906e7ab2350ee2 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 10 15:48:06 2015 +1300 backupkey: Move SID comparison to inside get_and_verify_access_check() Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit bc0b90a300654a248a08e4796133bb6b880e9789 Author: Garming Sam <garm...@catalyst.net.nz> Date: Thu Feb 5 18:17:58 2015 +1300 backupkey: Improve IDL Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a4e6873c4356fa221a0833336413f70e7c9411ca Author: Garming Sam <garm...@catalyst.net.nz> Date: Thu Feb 5 11:07:30 2015 +1300 backupkey: begin by factoring out the server wrap functions Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 286223f150dbb84022d48ef845119cd47afc30d3 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 11 11:45:45 2015 +1300 torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit d9529dbab6f0482d408bf9c4ea9bd911da8897e5 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 11 09:51:27 2015 +1300 torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 16ad6de6b8d4481b1e00630c9a23895d1371d971 Author: Arvid Requate <requ...@univention.de> Date: Tue Dec 23 18:56:20 2014 +0100 s4:torture/rpc/backupkey: Require 2048 bit RSA key Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> (fixed cleanup of memory) Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit e6e9e490ae1352b0d572dbd3d546c14d367cbedb Author: Arvid Requate <requ...@univention.de> Date: Tue Jul 8 17:25:53 2014 +0200 s4-backupkey: consistent naming of werr variable Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit e25c61c5f17230a6932f704ed849f140b00a45aa Author: Arvid Requate <requ...@univention.de> Date: Tue Jul 8 16:12:13 2014 +0200 s4-backupkey: improve variable name Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 8473f6da6902d753ed46073e453a496aa90cb94b Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:56:39 2014 +0200 s4-backupkey: typo fix Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 879b65710b266fecaca01b9dd40474b2cc35d417 Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:48:41 2014 +0200 s4-backupkey: IDL for ServerWrap subprotocol This adds some IDL structs for the ServerWrap subprotocol, allowing parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED instead of WERR_INVALID_PARAM. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 3bc3bec6d702ef62bf026ff64855edc8fb900088 Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:43:05 2014 +0200 s4-backupkey: fix ndr_pull error on empty input [MS-BKRP] 3.1.4.1 specifies for BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID that the server must ignore the input data. This patch fixes ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:148) Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 6af3cf60e31fdaa0873f45fd821165e265335c55 Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:36:49 2014 +0200 s4-backupkey: Initialize ndr->switchlist for print ndr_print_bkrp_data_in_blob requires the level to be set in the proper ndr->switch_list context. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 007c3978a46d5f50051605752a76d12f30c5a0de Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:25:29 2014 +0200 s4-backupkey: Comply with [MS-BKRP] 2.2.1 [MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server." In fact Windows 7 clients don't seem to care. Also in certificates generated by native AD the domain name (after CN=) is encoded as UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently we just leave the encoding as it is for now. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 577fa69b5287b047ee2564786e19c9941a25734c Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:18:30 2014 +0200 s4-backupkey: Set defined cert serialnumber [MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate should be set identical to the subjectUniqueID. In fact certificates generated by native AD have this field encoded in little-endian format. See also https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 525c93caa6c264de7c0cb463d005d3dcda7e45af Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:15:37 2014 +0200 s4-backupkey: de-duplicate error handling Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit d633fcb5666085fef290adbe05161a2f36329abf Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 18:12:47 2014 +0200 s4-backupkey: check for talloc failure Check for talloc_memdup failure for uniqueid.data. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 89803009b957b980818aa971a0f5dd14f75cbbe1 Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 17:59:29 2014 +0200 s4-backupkey: Cert lifetime of 365 days, not secs hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in in seconds. The Windows 7 client didn't seem to care that the lifetime was only 6'03''. Two other TODOs in this implementation: * Since notBefore is not set explicietely to "now", the heimdal code default of now-(24 hours) is applied. * Server side validity checks and cert renewal are missing. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 9b2ff26c893e5748d12d7a37a93eef7b1f4b1a1b Author: Arvid Requate <requ...@univention.de> Date: Mon Jul 7 17:39:51 2014 +0200 s4-backupkey: Ensure RSA modulus is 2048 bits RSA_generate_key_ex doesn't always generate a modulus of requested bit length. Tests with Windows 7 clients showed that they decline x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length is smaller than the specified 2048 bits. For the user this resulted in DPAPI failing to retrieve stored credentials after the user password has been changed at least two times. On the server side log.samba showed that the client also called the as yet unlimplemented ServerWrap sub- protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After enabling DPAPI auditing on the Windows Clients the Event Viewer showed Event-ID 4692 failing with a FailureReason value of 0x7a in these cases. Signed-off-by: Arvid Requate <requ...@univention.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980 ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/wscript | 2 +- lib/crypto/REQUIREMENTS | 21 + librpc/idl/backupkey.idl | 37 +- librpc/ndr/ndr_backupkey.c | 5 + python/samba/upgradehelpers.py | 19 + source3/pam_smbpass/README | 8 + source4/lib/tls/wscript | 3 + source4/rpc_server/backupkey/dcesrv_backupkey.c | 984 +++++++++++++----- source4/scripting/bin/renamedc | 60 +- .../scripting/devel/{chgtdcpass => chgkrbtgtpass} | 22 +- source4/torture/rpc/backupkey.c | 1073 +++++++++++++++++++- testprogs/blackbox/renamedc.sh | 41 +- testprogs/blackbox/test_chgdcpass.sh | 3 +- 13 files changed, 1986 insertions(+), 292 deletions(-) copy source4/scripting/devel/{chgtdcpass => chgkrbtgtpass} (74%) mode change 100755 => 100644 Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 86224d4..8027c00 100755 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -118,7 +118,7 @@ def set_options(opt): help=("mark version with + if local git changes"), action='store_true', dest='GIT_LOCAL_CHANGES', default=False) gr.add_option('--address-sanitizer', - help=("Enable address sanitizer compile and liker flags"), + help=("Enable address sanitizer compile and linker flags"), action="store_true", dest='address_sanitizer', default=False) gr.add_option('--abi-check', diff --git a/lib/crypto/REQUIREMENTS b/lib/crypto/REQUIREMENTS index d0b175f..4b1e21a 100644 --- a/lib/crypto/REQUIREMENTS +++ b/lib/crypto/REQUIREMENTS @@ -2,6 +2,7 @@ A list of the crypto operations that we require, and what uses them. This list is to allow research into using external crypto libraries. Those possibly supported in the git version of GnuTLS are indicated as '# GNUTLS' +Those possibly supported in the git version of nettle are indicated as '# NETTLE' ARCFOUR (RC4) - the old SamOEMHash @@ -11,6 +12,7 @@ ARCFOUR (RC4) - genrate_random_data() # GNUTLS + # NETTLE DES - NTLM challenge-response @@ -19,9 +21,13 @@ DES - ServerGetTrustInfo returned passwords - RID encryption of passwords + # NETTLE + 3DES - NETLOGON Credentials + # NETTLE + CRC32 - DRSUAPI replication replicated secrets @@ -32,13 +38,19 @@ AES CFB8 AES 128 - SMB VFS traffic analyzer + # NETTLE (AES-NI available) + AES128 CCM - SMB2 2.24 SMB encryption + # GNUTLS + # NETTLE (AES-NI available) AES128 GCM - SMB2 3.10 SMB encryption + # GNUTLS + # NETTLE (AES-NI available) AES128 CMAC - SMB2 0x224 SMB Signing @@ -47,6 +59,8 @@ MD4 - NTLM password hash - genrate_random_number() + # NETTLE + MD5 - NTLM2 - SCHANNEL @@ -62,36 +76,43 @@ MD5 - NTP ntp_signd # GNUTLS + # NETTLE HMAC-MD5 - NTLMv2 # GNUTLS + # NETTLE HMACSHA256 - SMB2 < 2.24 SMB signing - SMB2 Key derivation # GNUTLS + # NETTLE HMACSHA1 - BackupKey ServerWrap # GNUTLS + # NETTLE SHA256 - Security Descriptor hash for vfs_acl_xattr - oLschema2ldif # GNUTLS + # NETTLE SHA512 - SMB2 Pre-auth integrity verification - BackupKey ClientWrap # GNUTLS + # NETTLE RSA - BackupKey ClientWrap # GNUTLS + # NETTLE diff --git a/librpc/idl/backupkey.idl b/librpc/idl/backupkey.idl index e21030b..81e0db6 100644 --- a/librpc/idl/backupkey.idl +++ b/librpc/idl/backupkey.idl @@ -47,6 +47,9 @@ interface backupkey uint8 key[256]; } bkrp_dc_serverwrap_key; + [public] typedef struct { + } bkrp_empty; + [public,gensize] typedef struct { uint32 version; uint32 encrypted_secret_len; @@ -95,15 +98,45 @@ interface backupkey uint8 hash[64]; } bkrp_access_check_v3; + [public] typedef struct { + uint8 r3[32]; + uint8 mac[20]; + dom_sid sid; + [subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret_data; + } bkrp_rc4encryptedpayload; + + [public] typedef struct { + [value(0x00000001)] uint32 magic; + uint32 payload_length; + uint32 ciphertext_length; + GUID guid; + uint8 r2[68]; + uint8 rc4encryptedpayload[ciphertext_length]; + } bkrp_server_side_wrapped; + + [public] typedef struct { + [flag(NDR_REMAINING)] DATA_BLOB opaque; + } bkrp_opaque_blob; + + typedef enum { + BACKUPKEY_SERVER_WRAP_VERSION = 1, + BACKUPKEY_CLIENT_WRAP_VERSION2 = 2, + BACKUPKEY_CLIENT_WRAP_VERSION3 = 3 + } bkrp_versions; + typedef enum { BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF, BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000, - BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001 + BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001, + BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER = 0x0002, + BACKUPKEY_BACKUP_GUID_INTEGER = 0x0003 } bkrp_guid_to_integer; [public] typedef [nodiscriminant] union { [case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req; - [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req; + [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_empty empty; + [case(BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER)] bkrp_server_side_wrapped unsign_req; + [case(BACKUPKEY_BACKUP_GUID_INTEGER)] bkrp_opaque_blob sign_req; } bkrp_data_in_blob; /******************/ diff --git a/librpc/ndr/ndr_backupkey.c b/librpc/ndr/ndr_backupkey.c index ddbaeea..827bc69 100644 --- a/librpc/ndr/ndr_backupkey.c +++ b/librpc/ndr/ndr_backupkey.c @@ -71,6 +71,11 @@ _PUBLIC_ void ndr_print_bkrp_BackupKey(struct ndr_print *ndr, const char *name, ndr->depth--; level = backupkeyguid_to_uint(r->in.guidActionAgent); + ndr_err = ndr_print_set_switch_value(ndr, &inblob, level); + if (unlikely(!NDR_ERR_CODE_IS_SUCCESS(ndr_err))) { \ + DEBUG(0,("ERROR: ndr_print_bkrp_BackupKey ndr_print_set_switch_value failed: %d\n", ndr_err)); + return; + } blob.data = r->in.data_in; blob.length = r->in.data_in_len; ndr_err = ndr_pull_union_blob(&blob, ndr, &inblob, level, diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py index ed63c25..3b664fe 100644 --- a/python/samba/upgradehelpers.py +++ b/python/samba/upgradehelpers.py @@ -637,6 +637,25 @@ def update_dns_account_password(samdb, secrets_ldb, names): secrets_ldb.modify(msg) +def update_krbtgt_account_password(samdb, names): + """Update (change) the password of the krbtgt account + + :param samdb: An LDB object related to the sam.ldb file of a given provision + :param names: List of key provision parameters""" + + expression = "samAccountName=krbtgt" + res = samdb.search(expression=expression, attrs=[]) + assert(len(res) == 1) + + msg = ldb.Message(res[0].dn) + machinepass = samba.generate_random_password(128, 255) + mputf16 = machinepass.encode('utf-16-le') + msg["clearTextPassword"] = ldb.MessageElement(mputf16, + ldb.FLAG_MOD_REPLACE, + "clearTextPassword") + + samdb.modify(msg) + def search_constructed_attrs_stored(samdb, rootdn, attrs): """Search a given sam DB for calculated attributes that are still stored in the db. diff --git a/source3/pam_smbpass/README b/source3/pam_smbpass/README index 6cdb76f..a5bde25 100644 --- a/source3/pam_smbpass/README +++ b/source3/pam_smbpass/README @@ -1,3 +1,11 @@ +23 Jan 2015 + +=== WARNING === + +This PAM module is deprecated and will be removed from the Samba source code +with the release of Samba 4.3. If you are still using this module please +migrate to pam_winbind or another suiteable solution. + 25 Mar 2001 pam_smbpass is a PAM module which can be used on conforming systems to diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript index 57cd894..ae96395 100644 --- a/source4/lib/tls/wscript +++ b/source4/lib/tls/wscript @@ -25,6 +25,9 @@ def configure(conf): if 'HAVE_GNUTLS' in conf.env: conf.DEFINE('ENABLE_GNUTLS', 1) + else: + if 'AD_DC_BUILD_IS_ENABLED' in conf.env: + conf.fatal("Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol") conf.CHECK_FUNCS_IN('gnutls_global_init', 'gnutls', headers='gnutls/gnutls.h') diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 9020da7..bef4c93 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -34,12 +34,19 @@ #include <hcrypto/rsa.h> #include <hcrypto/bn.h> #include <hcrypto/sha.h> +#include <hcrypto/evp.h> +#include <hcrypto/hmac.h> #include <der.h> #include "../lib/tsocket/tsocket.h" #include "../libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "lib/crypto/arcfour.h" +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> +#if HAVE_GCRYPT_H +#include <gcrypt.h> +#endif -#define BACKUPKEY_MIN_VERSION 2 -#define BACKUPKEY_MAX_VERSION 3 static const unsigned rsa_with_var_num[] = { 1, 2, 840, 113549, 1, 1, 1 }; /* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/ @@ -50,7 +57,7 @@ static const AlgorithmIdentifier _hx509_signature_rsa_with_var_num = { static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *name, - const DATA_BLOB *secret) + const DATA_BLOB *lsa_secret) { struct ldb_message *msg; struct ldb_result *res; @@ -137,8 +144,8 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, talloc_free(msg); return NT_STATUS_NO_MEMORY; } - val.data = secret->data; - val.length = secret->length; + val.data = lsa_secret->data; + val.length = lsa_secret->length; ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); if (ret != LDB_SUCCESS) { talloc_free(msg); @@ -172,7 +179,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *name, - DATA_BLOB *secret) + DATA_BLOB *lsa_secret) { TALLOC_CTX *tmp_mem; struct ldb_result *res; @@ -186,8 +193,8 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, }; int ret; - secret->data = NULL; - secret->length = 0; + lsa_secret->data = NULL; + lsa_secret->length = 0; domain_dn = ldb_get_default_basedn(ldb); if (!domain_dn) { @@ -209,18 +216,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, "(&(cn=%s Secret)(objectclass=secret))", ldb_binary_encode_string(tmp_mem, name)); - if (ret != LDB_SUCCESS || res->count == 0) { + if (ret != LDB_SUCCESS) { talloc_free(tmp_mem); - /* - * Important NOT to use NT_STATUS_OBJECT_NAME_NOT_FOUND - * as this return value is used to detect the case - * when we have the secret but without the currentValue - * (case RODC) - */ + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } else if (res->count == 0) { return NT_STATUS_RESOURCE_NAME_NOT_FOUND; - } - - if (res->count > 1) { + } else if (res->count > 1) { DEBUG(2, ("Secret %s collision\n", name)); talloc_free(tmp_mem); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -232,13 +233,14 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, * The secret object is here but we don't have the secret value * The most common case is a RODC */ + *lsa_secret = data_blob_null; talloc_free(tmp_mem); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + return NT_STATUS_OK; } data = val->data; - secret->data = talloc_move(mem_ctx, &data); - secret->length = val->length; + lsa_secret->data = talloc_move(mem_ctx, &data); + lsa_secret->length = val->length; talloc_free(tmp_mem); return NT_STATUS_OK; @@ -380,7 +382,7 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx, uint8_t *key_and_iv, uint8_t *access_check, uint32_t access_check_len, - struct dom_sid **access_sid) + struct auth_session_info *session_info) { heim_octet_string iv; heim_octet_string access_check_os; @@ -393,10 +395,12 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx, enum ndr_err_code ndr_err; hx509_context hctx; + struct dom_sid *access_sid = NULL; + struct dom_sid *caller_sid = NULL; + /* This one should not be freed */ const AlgorithmIdentifier *alg; - *access_sid = NULL; switch (version) { case 2: key_len = 24; @@ -451,7 +455,9 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx, hx509_crypto_destroy(crypto); - if (version == 2) { + switch (version) { + case 2: + { uint32_t hash_size = 20; uint8_t hash[hash_size]; struct sha sctx; @@ -483,14 +489,11 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx, DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n")); return WERR_INVALID_DATA; } - *access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv2.sid)); - if (*access_sid == NULL) { - return WERR_NOMEM; - } - return WERR_OK; + access_sid = &(uncrypted_accesscheckv2.sid); + break; } - - if (version == 3) { + case 3: + { uint32_t hash_size = 64; uint8_t hash[hash_size]; struct hc_sha512state sctx; @@ -522,49 +525,81 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx, DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n")); return WERR_INVALID_DATA; } - *access_sid = dom_sid_dup(sub_ctx, &(uncrypted_accesscheckv3.sid)); - if (*access_sid == NULL) { - return WERR_NOMEM; - } - return WERR_OK; + access_sid = &(uncrypted_accesscheckv3.sid); + break; } - - /* Never reached normally as we filtered at the switch / case level */ - return WERR_INVALID_DATA; + default: + /* Never reached normally as we filtered at the switch / case level */ + return WERR_INVALID_DATA; + } + + caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]; + + if (!dom_sid_equal(caller_sid, access_sid)) { + return WERR_INVALID_ACCESS; + } + return WERR_OK; } -static WERROR bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct bkrp_BackupKey *r, - struct ldb_context *ldb_ctx) +/* + * We have some data, such as saved website or IMAP passwords that the + * client has in profile on-disk. This needs to be decrypted. This + * version gives the server the data over the network (protected by + * the X.509 certificate and public key encryption, and asks that it + * be decrypted returned for short-term use, protected only by the + * negotiated transport encryption. + * + * The data is NOT stored in the LSA, but a X.509 certificate, public + * and private keys used to encrypt the data will be stored. There is + * only one active encryption key pair and certificate per domain, it + * is pointed at with G$BCKUPKEY_PREFERRED in the LSA secrets store. + * + * The potentially multiple valid decrypting key pairs are in turn + * stored in the LSA secrets store as G$BCKUPKEY_keyGuidString. + * + */ +static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct bkrp_BackupKey *r, + struct ldb_context *ldb_ctx) { struct bkrp_client_side_wrapped uncrypt_request; DATA_BLOB blob; enum ndr_err_code ndr_err; char *guid_string; char *cert_secret_name; - DATA_BLOB secret; - DATA_BLOB *uncrypted; + DATA_BLOB lsa_secret; + DATA_BLOB *uncrypted_data; NTSTATUS status; - + uint32_t requested_version; + blob.data = r->in.data_in; blob.length = r->in.data_in_len; - if (r->in.data_in_len == 0 || r->in.data_in == NULL) { + if (r->in.data_in_len < 4 || r->in.data_in == NULL) { return WERR_INVALID_PARAM; } + /* + * We check for the version here, so we can actually print the + * message as we are unlikely to parse it with NDR. + */ + requested_version = IVAL(r->in.data_in, 0); + if ((requested_version != BACKUPKEY_CLIENT_WRAP_VERSION2) + && (requested_version != BACKUPKEY_CLIENT_WRAP_VERSION3)) { -- Samba Shared Repository