The branch, master has been updated
via 8479401 lib: Add support to parse MS Catalog files
from 4abf348 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8479401b028fe61f514c42aa9d238c0c630f0d94
Author: Andreas Schneider <a...@samba.org>
Date: Tue Dec 20 08:52:14 2016 +0100
lib: Add support to parse MS Catalog files
Signed-off-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Thu Aug 9 19:57:02 CEST 2018 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
lib/mscat/dumpmscat.c | 188 +++
lib/mscat/mscat.asn | 136 +++
lib/mscat/mscat.h | 105 ++
lib/mscat/mscat_ctl.c | 1194 ++++++++++++++++++++
lib/mscat/mscat_pkcs7.c | 284 +++++
.../pwrap_compat.h => lib/mscat/mscat_private.h | 21 +-
lib/mscat/wscript | 44 +
wscript | 1 +
wscript_build | 1 +
9 files changed, 1962 insertions(+), 12 deletions(-)
create mode 100644 lib/mscat/dumpmscat.c
create mode 100644 lib/mscat/mscat.asn
create mode 100644 lib/mscat/mscat.h
create mode 100644 lib/mscat/mscat_ctl.c
create mode 100644 lib/mscat/mscat_pkcs7.c
copy third_party/pam_wrapper/pwrap_compat.h => lib/mscat/mscat_private.h (65%)
create mode 100644 lib/mscat/wscript
Changeset truncated at 500 lines:
diff --git a/lib/mscat/dumpmscat.c b/lib/mscat/dumpmscat.c
new file mode 100644
index 0000000..eac2184
--- /dev/null
+++ b/lib/mscat/dumpmscat.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2016 Andreas Schneider <a...@samba.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+
+#include <talloc.h>
+
+#include <libtasn1.h>
+#include <gnutls/pkcs7.h>
+
+#include "mscat.h"
+
+static const char *mac_to_string(enum mscat_mac_algorithm algo) {
+ switch(algo) {
+ case MSCAT_MAC_NULL:
+ return "NULL";
+ case MSCAT_MAC_MD5:
+ return "MD5";
+ case MSCAT_MAC_SHA1:
+ return "SHA1";
+ case MSCAT_MAC_SHA256:
+ return "SHA256";
+ case MSCAT_MAC_SHA512:
+ return "SHA512";
+ case MSCAT_MAC_UNKNOWN:
+ return "UNKNOWN";
+ }
+
+ return "UNKNOWN";
+}
+
+int main(int argc, char *argv[]) {
+ TALLOC_CTX *mem_ctx;
+ const char *filename = NULL;
+ const char *ca_file = NULL;
+ struct mscat_pkcs7 *cat_pkcs7;
+ struct mscat_ctl *msctl;
+ unsigned int member_count = 0;
+ unsigned int attribute_count = 0;
+ unsigned int i;
+ int rc;
+
+ if (argc < 1) {
+ return -1;
+ }
+ filename = argv[1];
+
+ if (filename == NULL || filename[0] == '\0') {
+ return -1;
+ }
+
+ mem_ctx = talloc_init("dumpmscat");
+ if (mem_ctx == NULL) {
+ fprintf(stderr, "Failed to initialize talloc\n");
+ exit(1);
+ }
+
+ /* READ MS ROOT CERTIFICATE */
+
+ cat_pkcs7 = mscat_pkcs7_init(mem_ctx);
+ if (cat_pkcs7 == NULL) {
+ exit(1);
+ }
+
+ rc = mscat_pkcs7_import_catfile(cat_pkcs7,
+ filename);
+ if (rc != 0) {
+ exit(1);
+ }
+
+ if (argc >= 2) {
+ ca_file = argv[2];
+ }
+
+ rc = mscat_pkcs7_verify(cat_pkcs7, ca_file);
+ if (rc != 0) {
+ printf("FAILED TO VERIFY CATALOG FILE!\n");
+ exit(1);
+ }
+ printf("CATALOG FILE VERIFIED!\n\n");
+
+ msctl = mscat_ctl_init(mem_ctx);
+ if (msctl == NULL) {
+ exit(1);
+ }
+
+ rc = mscat_ctl_import(msctl, cat_pkcs7);
+ if (rc != 0) {
+ exit(1);
+ }
+
+ member_count = mscat_ctl_get_member_count(msctl);
+ printf("CATALOG MEMBER COUNT=%d\n", member_count);
+
+ for (i = 0; i < member_count; i++) {
+ struct mscat_ctl_member *m;
+ size_t j;
+
+ rc = mscat_ctl_get_member(msctl,
+ mem_ctx,
+ i + 1,
+ &m);
+ if (rc != 0) {
+ exit(1);
+ }
+
+ printf("CATALOG MEMBER\n");
+ if (m->checksum.type == MSCAT_CHECKSUM_STRING) {
+ printf(" CHECKSUM: %s\n", m->checksum.string);
+ } else if (m->checksum.type == MSCAT_CHECKSUM_BLOB) {
+ printf(" CHECKSUM: ");
+ for (j = 0; j < m->checksum.size; j++) {
+ printf("%X", m->checksum.blob[j]);
+ }
+ printf("\n");
+ }
+ printf("\n");
+
+ if (m->file.name != NULL) {
+ printf(" FILE: %s, FLAGS=0x%08x\n",
+ m->file.name,
+ m->file.flags);
+ }
+
+ if (m->info.guid != NULL) {
+ printf(" GUID: %s, ID=0x%08x\n",
+ m->info.guid,
+ m->info.id);
+ }
+
+ if (m->osattr.value != NULL) {
+ printf(" OSATTR: %s, FLAGS=0x%08x\n",
+ m->osattr.value,
+ m->osattr.flags);
+ }
+
+ if (m->mac.type != MSCAT_MAC_UNKNOWN) {
+ printf(" MAC: %s, DIGEST: ",
+ mac_to_string(m->mac.type));
+ for (j = 0; j < m->mac.digest_size; j++) {
+ printf("%X", m->mac.digest[j]);
+ }
+ printf("\n");
+ }
+ printf("\n");
+ }
+ printf("\n");
+
+ attribute_count = mscat_ctl_get_attribute_count(msctl);
+ printf("CATALOG ATTRIBUTE COUNT=%d\n", attribute_count);
+
+ for (i = 0; i < attribute_count; i++) {
+ struct mscat_ctl_attribute *a;
+
+ rc = mscat_ctl_get_attribute(msctl,
+ mem_ctx,
+ i + 1,
+ &a);
+ if (rc != 0) {
+ exit(1);
+ }
+
+ printf(" NAME=%s, FLAGS=0x%08x, VALUE=%s\n",
+ a->name,
+ a->flags,
+ a->value);
+ }
+ talloc_free(mem_ctx);
+ return 0;
+}
diff --git a/lib/mscat/mscat.asn b/lib/mscat/mscat.asn
new file mode 100644
index 0000000..a4bdd05
--- /dev/null
+++ b/lib/mscat/mscat.asn
@@ -0,0 +1,136 @@
+--
+-- ASN.1 Description for Microsoft Catalog Files
+--
+-- Copyright 2016 Andreas Schneider <a...@samba.org>
+-- Copyright 2016 Nikos Mavrogiannopoulos <n...@redhat.com>
+--
+-- This program is free software: you can redistribute it and/or modify
+-- it under the terms of the GNU Lesser General Public License as published
+-- by the Free Software Foundation, either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-- GNU Lesser General Public License for more details.
+--
+-- You should have received a copy of the GNU Lesser General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+CATALOG {}
+DEFINITIONS IMPLICIT TAGS ::= -- assuming implicit tags, should try explicit
too
+
+BEGIN
+
+-- CATALOG_NAME_VALUE
+CatalogNameValue ::= SEQUENCE { -- 180
+ name BMPString,
+ flags INTEGER, -- 10010001
+ value OCTET STRING -- UTF-16-LE
+}
+
+-- CATALOG_MEMBER_INFO
+CatalogMemberInfo ::= SEQUENCE {
+ name BMPString,
+ id INTEGER -- 0200
+}
+
+CatalogMemberInfo2 ::= SEQUENCE {
+ memId OBJECT IDENTIFIER,
+ unknown SET OF SpcLink
+}
+
+-- SPC_INDIRECT_DATA
+SpcIndirectData ::= SEQUENCE {
+ data SpcAttributeTypeAndOptionalValue,
+ messageDigest DigestInfo
+}
+
+SpcAttributeTypeAndOptionalValue ::= SEQUENCE {
+ type OBJECT IDENTIFIER,
+ value ANY DEFINED BY type OPTIONAL
+}
+
+DigestInfo ::= SEQUENCE {
+ digestAlgorithm AlgorithmIdentifier,
+ digest OCTET STRING
+}
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+ -- contains a value of the type
+}
+
+-- SPC_PE_IMAGE_DATA
+SpcPEImageData ::= SEQUENCE {
+ flags SpcPeImageFlags DEFAULT includeResources,
+ link [0] EXPLICIT SpcLink OPTIONAL
+}
+
+SpcPeImageFlags ::= BIT STRING {
+ includeResources (0),
+ includeDebugInfo (1),
+ includeImportAddressTable (2)
+}
+
+SpcLink ::= CHOICE {
+ url [0] IMPLICIT IA5String,
+ moniker [1] IMPLICIT SpcSerializedObject,
+ file [2] EXPLICIT SpcString
+}
+
+SpcSerializedObject ::= SEQUENCE {
+ classId OCTET STRING, -- GUID
+ data OCTET STRING -- Binary structure
+}
+
+SpcString ::= CHOICE {
+ unicode [0] IMPLICIT BMPString,
+ ascii [1] IMPLICIT IA5String
+}
+
+-- SPC_IMAGE_DATA_FILE
+SpcImageDataFile ::= SEQUENCE {
+ flags BIT STRING,
+ file SpcLink
+}
+
+-----------------------------------------------------------
+-- CERT_TRUST_LIST STRUCTURE
+-----------------------------------------------------------
+
+CatalogListId ::= SEQUENCE {
+ oid OBJECT IDENTIFIER
+}
+
+CatalogListMemberId ::= SEQUENCE {
+ oid OBJECT IDENTIFIER,
+ optional NULL
+}
+
+MemberAttribute ::= SEQUENCE {
+ contentType OBJECT IDENTIFIER,
+ content SET OF ANY DEFINED BY contentType
+}
+
+CatalogListMember ::= SEQUENCE {
+ checksum OCTET STRING, -- The member checksum (e.g. SHA1)
+ attributes SET OF MemberAttribute OPTIONAL
+}
+
+CatalogAttribute ::= SEQUENCE {
+ dataId OBJECT IDENTIFIER,
+ encapsulated_data OCTET STRING -- encapsulates CatNameValue or
SpcPeImageData
+}
+
+CertTrustList ::= SEQUENCE {
+ catalogListId CatalogListId,
+ unknownString OCTET STRING, -- 16 bytes MD5 hash?
+ trustUtcTime UTCTime,
+ catalogListMemberId CatalogListMemberId,
+ members SEQUENCE OF CatalogListMember,
+ attributes [0] EXPLICIT SEQUENCE OF CatalogAttribute OPTIONAL
+}
+
+END
diff --git a/lib/mscat/mscat.h b/lib/mscat/mscat.h
new file mode 100644
index 0000000..fbf60ff
--- /dev/null
+++ b/lib/mscat/mscat.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2016 Andreas Schneider <a...@samba.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _MSCAT_H
+#define _MSCAT_H
+
+#include <stdbool.h>
+#include <talloc.h>
+#include <gnutls/pkcs7.h>
+#include <libtasn1.h>
+
+enum mscat_mac_algorithm {
+ MSCAT_MAC_UNKNOWN,
+ MSCAT_MAC_NULL,
+ MSCAT_MAC_MD5,
+ MSCAT_MAC_SHA1,
+ MSCAT_MAC_SHA256,
+ MSCAT_MAC_SHA512
+};
+
+struct mscat_pkcs7;
+
+struct mscat_pkcs7 *mscat_pkcs7_init(TALLOC_CTX *mem_ctx);
+
+int mscat_pkcs7_import_catfile(struct mscat_pkcs7 *mp7,
+ const char *catfile);
+
+int mscat_pkcs7_verify(struct mscat_pkcs7 *mp7,
+ const char *ca_file);
+
+struct mscat_ctl;
+
+struct mscat_ctl *mscat_ctl_init(TALLOC_CTX *mem_ctx);
+
+int mscat_ctl_import(struct mscat_ctl *ctl,
+ struct mscat_pkcs7 *pkcs7);
+
+int mscat_ctl_get_member_count(struct mscat_ctl *ctl);
+
+enum mscat_checksum_type {
+ MSCAT_CHECKSUM_STRING = 1,
+ MSCAT_CHECKSUM_BLOB
+};
+
+struct mscat_ctl_member {
+ struct {
+ enum mscat_checksum_type type;
+ union {
+ const char *string;
+ uint8_t *blob;
+ };
+ size_t size;
+ } checksum;
+ struct {
+ const char *name;
+ uint32_t flags;
+ } file;
+ struct {
+ const char *value;
+ uint32_t flags;
+ } osattr;
+ struct {
+ const char *guid;
+ uint32_t id;
+ } info;
+ struct {
+ enum mscat_mac_algorithm type;
+ uint8_t *digest;
+ size_t digest_size;
+ } mac;
+};
+
+int mscat_ctl_get_member(struct mscat_ctl *ctl,
+ TALLOC_CTX *mem_ctx,
+ unsigned int idx,
+ struct mscat_ctl_member **member);
+
+int mscat_ctl_get_attribute_count(struct mscat_ctl *ctl);
+
+struct mscat_ctl_attribute {
+ const char *name;
+ uint32_t flags;
+ const char *value;
+};
+
+int mscat_ctl_get_attribute(struct mscat_ctl *ctl,
+ TALLOC_CTX *mem_ctx,
+ unsigned int idx,
+ struct mscat_ctl_attribute **pattribute);
+
+#endif /* _MSCAT_H */
diff --git a/lib/mscat/mscat_ctl.c b/lib/mscat/mscat_ctl.c
new file mode 100644
index 0000000..972922c
--- /dev/null
+++ b/lib/mscat/mscat_ctl.c
@@ -0,0 +1,1194 @@
+/*
+ * Copyright (c) 2016 Andreas Schneider <a...@samba.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <util/debug.h>
+#include <util/byteorder.h>
+#include <util/data_blob.h>
+#include <charset.h>
+
+#include "mscat.h"
+#include "mscat_private.h"
+
+#define ASN1_NULL_DATA "\x05\x00"
+#define ASN1_NULL_DATA_SIZE 2
+
+#define HASH_SHA1_OBJID "1.3.14.3.2.26"
+#define HASH_SHA256_OBJID "2.16.840.1.101.3.4.2.1"
+#define HASH_SHA512_OBJID "2.16.840.1.101.3.4.2.3"
+
+#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4"
+#define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15"
+
+#define CATALOG_LIST_OBJOID "1.3.6.1.4.1.311.12.1.1"
+#define CATALOG_LIST_MEMBER_OBJOID "1.3.6.1.4.1.311.12.1.2"
+#define CATALOG_LIST_MEMBER_V2_OBJOID "1.3.6.1.4.1.311.12.1.3"
+
+#define CAT_NAME_VALUE_OBJID "1.3.6.1.4.1.311.12.2.1"
+#define CAT_MEMBERINFO_OBJID "1.3.6.1.4.1.311.12.2.2"
+
+extern const asn1_static_node mscat_asn1_tab[];
--
Samba Shared Repository
