Skip to content

Commit

Permalink
s4-backupkey: IDL for ServerWrap subprotocol
Browse files Browse the repository at this point in the history
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.

Signed-off-by: Arvid Requate <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
  • Loading branch information
reqa authored and abartlet committed Feb 25, 2015
1 parent 3bc3bec commit 879b657
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 1 deletion.
26 changes: 25 additions & 1 deletion librpc/idl/backupkey.idl
Original file line number Diff line number Diff line change
Expand Up @@ -98,15 +98,39 @@ interface backupkey
uint8 hash[64];
} bkrp_access_check_v3;

[public] typedef struct {
[subcontext(0),subcontext_size(32),flag(NDR_REMAINING)] DATA_BLOB r3;
[subcontext(0),subcontext_size(20),flag(NDR_REMAINING)] DATA_BLOB mac;
dom_sid sid;
[subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
} bkrp_rc4encryptedpayload;

[public] typedef struct {
[value(0x00000001)] uint32 magic;
uint32 payload_length;
uint32 cyphertext_length;
[subcontext(0),subcontext_size(16),flag(NDR_REMAINING)] DATA_BLOB guid_of_wrapping_key;
[subcontext(0),subcontext_size(68),flag(NDR_REMAINING)] DATA_BLOB r2;
[subcontext(0),flag(NDR_REMAINING)] DATA_BLOB rc4encryptedpayload;
} bkrp_server_side_wrapped;

[public] typedef struct {
[flag(NDR_REMAINING)] DATA_BLOB opaque;
} bkrp_opaque_blob;

typedef enum {
BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001,
BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER = 0x0002,
BACKUPKEY_BACKUP_GUID_INTEGER = 0x0003
} bkrp_guid_to_integer;

[public] typedef [nodiscriminant] union {
[case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
[case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_empty empty;
[case(BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER)] bkrp_server_side_wrapped unsign_req;
[case(BACKUPKEY_BACKUP_GUID_INTEGER)] bkrp_opaque_blob sign_req;
} bkrp_data_in_blob;

/******************/
Expand Down
12 changes: 12 additions & 0 deletions source4/rpc_server/backupkey/dcesrv_backupkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -1308,6 +1308,18 @@ static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call,
DEBUG(debuglevel, ("Client %s requested certificate for client wrapped secret\n", addr));
error = bkrp_do_retreive_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx);
}

if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
BACKUPKEY_RESTORE_GUID_WIN2K, strlen(BACKUPKEY_RESTORE_GUID_WIN2K)) == 0) {
DEBUG(debuglevel, ("Client %s requested to decrypt a server side wrapped secret, not implemented yet\n", addr));
return WERR_NOT_SUPPORTED; /* is this appropriate? */
}

if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
BACKUPKEY_BACKUP_GUID, strlen(BACKUPKEY_BACKUP_GUID)) == 0) {
DEBUG(debuglevel, ("Client %s requested a server wrapped secret, not implemented yet\n", addr));
return WERR_NOT_SUPPORTED; /* is this appropriate? */
}
}
/*else: I am a RODC so I don't handle backup key protocol */

Expand Down

0 comments on commit 879b657

Please sign in to comment.