The branch, master has been updated via 8479401 lib: Add support to parse MS Catalog files from 4abf348 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 8479401b028fe61f514c42aa9d238c0c630f0d94 Author: Andreas Schneider <a...@samba.org> Date: Tue Dec 20 08:52:14 2016 +0100 lib: Add support to parse MS Catalog files Signed-off-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Aug 9 19:57:02 CEST 2018 on sn-devel-144 ----------------------------------------------------------------------- Summary of changes: lib/mscat/dumpmscat.c | 188 +++ lib/mscat/mscat.asn | 136 +++ lib/mscat/mscat.h | 105 ++ lib/mscat/mscat_ctl.c | 1194 ++++++++++++++++++++ lib/mscat/mscat_pkcs7.c | 284 +++++ .../pwrap_compat.h => lib/mscat/mscat_private.h | 21 +- lib/mscat/wscript | 44 + wscript | 1 + wscript_build | 1 + 9 files changed, 1962 insertions(+), 12 deletions(-) create mode 100644 lib/mscat/dumpmscat.c create mode 100644 lib/mscat/mscat.asn create mode 100644 lib/mscat/mscat.h create mode 100644 lib/mscat/mscat_ctl.c create mode 100644 lib/mscat/mscat_pkcs7.c copy third_party/pam_wrapper/pwrap_compat.h => lib/mscat/mscat_private.h (65%) create mode 100644 lib/mscat/wscript Changeset truncated at 500 lines: diff --git a/lib/mscat/dumpmscat.c b/lib/mscat/dumpmscat.c new file mode 100644 index 0000000..eac2184 --- /dev/null +++ b/lib/mscat/dumpmscat.c @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2016 Andreas Schneider <a...@samba.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <errno.h> +#include <stdbool.h> +#include <stdarg.h> +#include <stdint.h> +#include <stdio.h> + +#include <talloc.h> + +#include <libtasn1.h> +#include <gnutls/pkcs7.h> + +#include "mscat.h" + +static const char *mac_to_string(enum mscat_mac_algorithm algo) { + switch(algo) { + case MSCAT_MAC_NULL: + return "NULL"; + case MSCAT_MAC_MD5: + return "MD5"; + case MSCAT_MAC_SHA1: + return "SHA1"; + case MSCAT_MAC_SHA256: + return "SHA256"; + case MSCAT_MAC_SHA512: + return "SHA512"; + case MSCAT_MAC_UNKNOWN: + return "UNKNOWN"; + } + + return "UNKNOWN"; +} + +int main(int argc, char *argv[]) { + TALLOC_CTX *mem_ctx; + const char *filename = NULL; + const char *ca_file = NULL; + struct mscat_pkcs7 *cat_pkcs7; + struct mscat_ctl *msctl; + unsigned int member_count = 0; + unsigned int attribute_count = 0; + unsigned int i; + int rc; + + if (argc < 1) { + return -1; + } + filename = argv[1]; + + if (filename == NULL || filename[0] == '\0') { + return -1; + } + + mem_ctx = talloc_init("dumpmscat"); + if (mem_ctx == NULL) { + fprintf(stderr, "Failed to initialize talloc\n"); + exit(1); + } + + /* READ MS ROOT CERTIFICATE */ + + cat_pkcs7 = mscat_pkcs7_init(mem_ctx); + if (cat_pkcs7 == NULL) { + exit(1); + } + + rc = mscat_pkcs7_import_catfile(cat_pkcs7, + filename); + if (rc != 0) { + exit(1); + } + + if (argc >= 2) { + ca_file = argv[2]; + } + + rc = mscat_pkcs7_verify(cat_pkcs7, ca_file); + if (rc != 0) { + printf("FAILED TO VERIFY CATALOG FILE!\n"); + exit(1); + } + printf("CATALOG FILE VERIFIED!\n\n"); + + msctl = mscat_ctl_init(mem_ctx); + if (msctl == NULL) { + exit(1); + } + + rc = mscat_ctl_import(msctl, cat_pkcs7); + if (rc != 0) { + exit(1); + } + + member_count = mscat_ctl_get_member_count(msctl); + printf("CATALOG MEMBER COUNT=%d\n", member_count); + + for (i = 0; i < member_count; i++) { + struct mscat_ctl_member *m; + size_t j; + + rc = mscat_ctl_get_member(msctl, + mem_ctx, + i + 1, + &m); + if (rc != 0) { + exit(1); + } + + printf("CATALOG MEMBER\n"); + if (m->checksum.type == MSCAT_CHECKSUM_STRING) { + printf(" CHECKSUM: %s\n", m->checksum.string); + } else if (m->checksum.type == MSCAT_CHECKSUM_BLOB) { + printf(" CHECKSUM: "); + for (j = 0; j < m->checksum.size; j++) { + printf("%X", m->checksum.blob[j]); + } + printf("\n"); + } + printf("\n"); + + if (m->file.name != NULL) { + printf(" FILE: %s, FLAGS=0x%08x\n", + m->file.name, + m->file.flags); + } + + if (m->info.guid != NULL) { + printf(" GUID: %s, ID=0x%08x\n", + m->info.guid, + m->info.id); + } + + if (m->osattr.value != NULL) { + printf(" OSATTR: %s, FLAGS=0x%08x\n", + m->osattr.value, + m->osattr.flags); + } + + if (m->mac.type != MSCAT_MAC_UNKNOWN) { + printf(" MAC: %s, DIGEST: ", + mac_to_string(m->mac.type)); + for (j = 0; j < m->mac.digest_size; j++) { + printf("%X", m->mac.digest[j]); + } + printf("\n"); + } + printf("\n"); + } + printf("\n"); + + attribute_count = mscat_ctl_get_attribute_count(msctl); + printf("CATALOG ATTRIBUTE COUNT=%d\n", attribute_count); + + for (i = 0; i < attribute_count; i++) { + struct mscat_ctl_attribute *a; + + rc = mscat_ctl_get_attribute(msctl, + mem_ctx, + i + 1, + &a); + if (rc != 0) { + exit(1); + } + + printf(" NAME=%s, FLAGS=0x%08x, VALUE=%s\n", + a->name, + a->flags, + a->value); + } + talloc_free(mem_ctx); + return 0; +} diff --git a/lib/mscat/mscat.asn b/lib/mscat/mscat.asn new file mode 100644 index 0000000..a4bdd05 --- /dev/null +++ b/lib/mscat/mscat.asn @@ -0,0 +1,136 @@ +-- +-- ASN.1 Description for Microsoft Catalog Files +-- +-- Copyright 2016 Andreas Schneider <a...@samba.org> +-- Copyright 2016 Nikos Mavrogiannopoulos <n...@redhat.com> +-- +-- This program is free software: you can redistribute it and/or modify +-- it under the terms of the GNU Lesser General Public License as published +-- by the Free Software Foundation, either version 3 of the License, or +-- (at your option) any later version. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU Lesser General Public License for more details. +-- +-- You should have received a copy of the GNU Lesser General Public License +-- along with this program. If not, see <http://www.gnu.org/licenses/>. +-- +CATALOG {} +DEFINITIONS IMPLICIT TAGS ::= -- assuming implicit tags, should try explicit too + +BEGIN + +-- CATALOG_NAME_VALUE +CatalogNameValue ::= SEQUENCE { -- 180 + name BMPString, + flags INTEGER, -- 10010001 + value OCTET STRING -- UTF-16-LE +} + +-- CATALOG_MEMBER_INFO +CatalogMemberInfo ::= SEQUENCE { + name BMPString, + id INTEGER -- 0200 +} + +CatalogMemberInfo2 ::= SEQUENCE { + memId OBJECT IDENTIFIER, + unknown SET OF SpcLink +} + +-- SPC_INDIRECT_DATA +SpcIndirectData ::= SEQUENCE { + data SpcAttributeTypeAndOptionalValue, + messageDigest DigestInfo +} + +SpcAttributeTypeAndOptionalValue ::= SEQUENCE { + type OBJECT IDENTIFIER, + value ANY DEFINED BY type OPTIONAL +} + +DigestInfo ::= SEQUENCE { + digestAlgorithm AlgorithmIdentifier, + digest OCTET STRING +} + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL + -- contains a value of the type +} + +-- SPC_PE_IMAGE_DATA +SpcPEImageData ::= SEQUENCE { + flags SpcPeImageFlags DEFAULT includeResources, + link [0] EXPLICIT SpcLink OPTIONAL +} + +SpcPeImageFlags ::= BIT STRING { + includeResources (0), + includeDebugInfo (1), + includeImportAddressTable (2) +} + +SpcLink ::= CHOICE { + url [0] IMPLICIT IA5String, + moniker [1] IMPLICIT SpcSerializedObject, + file [2] EXPLICIT SpcString +} + +SpcSerializedObject ::= SEQUENCE { + classId OCTET STRING, -- GUID + data OCTET STRING -- Binary structure +} + +SpcString ::= CHOICE { + unicode [0] IMPLICIT BMPString, + ascii [1] IMPLICIT IA5String +} + +-- SPC_IMAGE_DATA_FILE +SpcImageDataFile ::= SEQUENCE { + flags BIT STRING, + file SpcLink +} + +----------------------------------------------------------- +-- CERT_TRUST_LIST STRUCTURE +----------------------------------------------------------- + +CatalogListId ::= SEQUENCE { + oid OBJECT IDENTIFIER +} + +CatalogListMemberId ::= SEQUENCE { + oid OBJECT IDENTIFIER, + optional NULL +} + +MemberAttribute ::= SEQUENCE { + contentType OBJECT IDENTIFIER, + content SET OF ANY DEFINED BY contentType +} + +CatalogListMember ::= SEQUENCE { + checksum OCTET STRING, -- The member checksum (e.g. SHA1) + attributes SET OF MemberAttribute OPTIONAL +} + +CatalogAttribute ::= SEQUENCE { + dataId OBJECT IDENTIFIER, + encapsulated_data OCTET STRING -- encapsulates CatNameValue or SpcPeImageData +} + +CertTrustList ::= SEQUENCE { + catalogListId CatalogListId, + unknownString OCTET STRING, -- 16 bytes MD5 hash? + trustUtcTime UTCTime, + catalogListMemberId CatalogListMemberId, + members SEQUENCE OF CatalogListMember, + attributes [0] EXPLICIT SEQUENCE OF CatalogAttribute OPTIONAL +} + +END diff --git a/lib/mscat/mscat.h b/lib/mscat/mscat.h new file mode 100644 index 0000000..fbf60ff --- /dev/null +++ b/lib/mscat/mscat.h @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2016 Andreas Schneider <a...@samba.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _MSCAT_H +#define _MSCAT_H + +#include <stdbool.h> +#include <talloc.h> +#include <gnutls/pkcs7.h> +#include <libtasn1.h> + +enum mscat_mac_algorithm { + MSCAT_MAC_UNKNOWN, + MSCAT_MAC_NULL, + MSCAT_MAC_MD5, + MSCAT_MAC_SHA1, + MSCAT_MAC_SHA256, + MSCAT_MAC_SHA512 +}; + +struct mscat_pkcs7; + +struct mscat_pkcs7 *mscat_pkcs7_init(TALLOC_CTX *mem_ctx); + +int mscat_pkcs7_import_catfile(struct mscat_pkcs7 *mp7, + const char *catfile); + +int mscat_pkcs7_verify(struct mscat_pkcs7 *mp7, + const char *ca_file); + +struct mscat_ctl; + +struct mscat_ctl *mscat_ctl_init(TALLOC_CTX *mem_ctx); + +int mscat_ctl_import(struct mscat_ctl *ctl, + struct mscat_pkcs7 *pkcs7); + +int mscat_ctl_get_member_count(struct mscat_ctl *ctl); + +enum mscat_checksum_type { + MSCAT_CHECKSUM_STRING = 1, + MSCAT_CHECKSUM_BLOB +}; + +struct mscat_ctl_member { + struct { + enum mscat_checksum_type type; + union { + const char *string; + uint8_t *blob; + }; + size_t size; + } checksum; + struct { + const char *name; + uint32_t flags; + } file; + struct { + const char *value; + uint32_t flags; + } osattr; + struct { + const char *guid; + uint32_t id; + } info; + struct { + enum mscat_mac_algorithm type; + uint8_t *digest; + size_t digest_size; + } mac; +}; + +int mscat_ctl_get_member(struct mscat_ctl *ctl, + TALLOC_CTX *mem_ctx, + unsigned int idx, + struct mscat_ctl_member **member); + +int mscat_ctl_get_attribute_count(struct mscat_ctl *ctl); + +struct mscat_ctl_attribute { + const char *name; + uint32_t flags; + const char *value; +}; + +int mscat_ctl_get_attribute(struct mscat_ctl *ctl, + TALLOC_CTX *mem_ctx, + unsigned int idx, + struct mscat_ctl_attribute **pattribute); + +#endif /* _MSCAT_H */ diff --git a/lib/mscat/mscat_ctl.c b/lib/mscat/mscat_ctl.c new file mode 100644 index 0000000..972922c --- /dev/null +++ b/lib/mscat/mscat_ctl.c @@ -0,0 +1,1194 @@ +/* + * Copyright (c) 2016 Andreas Schneider <a...@samba.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <errno.h> +#include <string.h> +#include <stdint.h> + +#include <util/debug.h> +#include <util/byteorder.h> +#include <util/data_blob.h> +#include <charset.h> + +#include "mscat.h" +#include "mscat_private.h" + +#define ASN1_NULL_DATA "\x05\x00" +#define ASN1_NULL_DATA_SIZE 2 + +#define HASH_SHA1_OBJID "1.3.14.3.2.26" +#define HASH_SHA256_OBJID "2.16.840.1.101.3.4.2.1" +#define HASH_SHA512_OBJID "2.16.840.1.101.3.4.2.3" + +#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" +#define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15" + +#define CATALOG_LIST_OBJOID "1.3.6.1.4.1.311.12.1.1" +#define CATALOG_LIST_MEMBER_OBJOID "1.3.6.1.4.1.311.12.1.2" +#define CATALOG_LIST_MEMBER_V2_OBJOID "1.3.6.1.4.1.311.12.1.3" + +#define CAT_NAME_VALUE_OBJID "1.3.6.1.4.1.311.12.2.1" +#define CAT_MEMBERINFO_OBJID "1.3.6.1.4.1.311.12.2.2" + +extern const asn1_static_node mscat_asn1_tab[]; -- Samba Shared Repository