2 Unix SMB/CIFS implementation.
3 test suite for backupkey remote protocol rpc operations
5 Copyright (C) Matthieu Patou 2010
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "auth/auth.h"
24 #include "lib/cmdline/popt_common.h"
25 #include "auth/gensec/gensec.h"
26 #include "libcli/auth/libcli_auth.h"
27 #include "librpc/gen_ndr/ndr_backupkey_c.h"
28 #include "librpc/gen_ndr/backupkey.h"
29 #include "librpc/gen_ndr/ndr_backupkey.h"
30 #include "librpc/gen_ndr/ndr_security.h"
31 #include "libcli/security/security.h"
32 #include "torture/rpc/torture_rpc.h"
33 #include "param/param.h"
34 #include "librpc/gen_ndr/ndr_lsa_c.h"
36 /* Our very special and valued secret */
37 static char secret[] = "tata yoyo mais qu'est ce qu'il y a sous ton grand chapeau ?";
40 static void print_hex(uint8_t *tab, uint32_t size) {
42 for (i=0; i<size; i++) {
43 if( i%16 == 0 && i != 0) {
46 printf("%02X ", tab[i]);
52 static bool test_RetreiveBackupKeyGUID(struct torture_context *tctx,
53 struct dcerpc_pipe *p) {
54 struct dcerpc_binding_handle *b = p->binding_handle;
55 struct dcerpc_binding *binding = p->binding;
56 struct bkrp_BackupKey r;
57 struct bkrp_client_side_wrapped data;
59 enum ndr_err_code ret;
63 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
66 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
67 r.in.guidActionAgent = &g;
68 ret = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
69 r.in.data_in = blob.data;
70 r.in.data_in_len = blob.length;
72 data.encrypted_secret_len = 0;
73 data.access_check_len = 0;
74 r.out.data_out = &out_blob.data;
75 r.out.data_out_len = &out_blob.length;
77 //torture_comment(tctx, "No seal or sign ? %d\n", p->conn->security_state.auth_info == NULL);
78 if( p->conn->security_state.auth_info != NULL &&
79 p->conn->security_state.auth_info->auth_level == 6) {
80 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
82 torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Wrong dce/rpc error code");
84 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
85 NT_STATUS_ACCESS_DENIED, "Get GUID");
90 static struct dom_sid *get_user_sid(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user) {
91 struct lsa_ObjectAttribute attr;
92 struct lsa_QosInfo qos;
93 struct lsa_OpenPolicy2 r;
96 struct policy_handle handle;
97 struct lsa_LookupNames l;
98 struct lsa_TransSidArray sids;
99 struct lsa_RefDomainList *domains = NULL;
100 struct lsa_String lsa_name;
102 struct dom_sid *result;
104 struct dcerpc_pipe *p2;
105 struct dcerpc_binding_handle *b;
107 const char* domain = cli_credentials_get_domain(cmdline_credentials);
109 torture_assert_ntstatus_ok(tctx,
110 torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
111 "could not open lsarpc pipe");
112 b = p2->binding_handle;
114 if (!(tmp_ctx = talloc_new(mem_ctx))) {
118 qos.impersonation_level = 2;
119 qos.context_mode = 1;
120 qos.effective_only = 0;
123 attr.root_dir = NULL;
124 attr.object_name = NULL;
126 attr.sec_desc = NULL;
129 r.in.system_name = "\\";
131 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
132 r.out.handle = &handle;
134 status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
135 if (!NT_STATUS_IS_OK(status)) {
136 torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status));
137 talloc_free(tmp_ctx);
140 if (!NT_STATUS_IS_OK(r.out.result)) {
141 torture_comment(tctx, "OpenPolicy2_ failed - %s\n", nt_errstr(r.out.result));
142 talloc_free(tmp_ctx);
149 lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user);
151 l.in.handle = &handle;
153 l.in.names = &lsa_name;
157 l.out.count = &count;
159 l.out.domains = &domains;
161 status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
162 if (!NT_STATUS_IS_OK(status)) {
163 torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
165 talloc_free(tmp_ctx);
169 if (domains->count == 0) {
173 result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
174 l.out.sids->sids[0].rid);
175 c.in.handle = &handle;
176 c.out.handle = &handle;
178 status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
179 if (!NT_STATUS_IS_OK(status)) {
180 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
181 talloc_free(tmp_ctx);
184 if (!NT_STATUS_IS_OK(c.out.result)) {
185 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result));
186 talloc_free(tmp_ctx);
190 talloc_free(tmp_ctx);
193 torture_comment(tctx, "GET user finished\n");
197 static DATA_BLOB* create_unencryptedsecret(TALLOC_CTX *mem_ctx, bool broken, int version) {
198 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
199 DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
201 struct bkrp_encrypted_secret_v2 unenc_sec;
202 uint32_t key_size = 32;
203 uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size);
205 unenc_sec.secret_len = strlen(secret)+1;
206 unenc_sec.secret = (uint8_t*)secret;
207 unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret));
209 memcpy(unenc_sec.secret, secret, sizeof(secret));
211 generate_random_buffer(tab, key_size);
212 memcpy(unenc_sec.payload_key, tab, key_size);
214 ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v2);
216 /* We broke the magic value to check server behavior */
218 ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */
222 struct bkrp_encrypted_secret_v3 unenc_sec;
223 uint32_t key_size = 48;
224 uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size);
226 unenc_sec.secret_len = strlen(secret)+1;
227 unenc_sec.secret = (uint8_t*)secret;
228 unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret));
230 memcpy(unenc_sec.secret, secret, sizeof(secret));
232 generate_random_buffer(tab, key_size);
233 memcpy(unenc_sec.payload_key, tab, key_size);
235 ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v3);
237 /* We broke the magic value to check server behavior */
239 ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */
242 talloc_free(tmp_ctx);
246 static DATA_BLOB* create_access_check(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user, bool broken, uint32_t version) {
247 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
248 DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
250 struct bkrp_access_check_v2 access_struct;
252 uint32_t hash_size = 20;
255 struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user);
261 buf.data = talloc_array(tmp_ctx, uint8_t, len);
264 generate_random_buffer(buf.data, len);
265 access_struct.nonce_len = buf.length;
266 access_struct.nonce = buf.data;
267 access_struct.sid = *sid;
268 ZERO_STRUCT(access_struct.hash);
269 ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v2);
270 /*We pushed the whole structure including a null hash
271 * but the hash need to be calculated only up to the hash field
272 * so we reduce the size of what has to be calculated
275 SHA1_Update(&sctx, blob->data, blob->length - hash_size);
276 SHA1_Final(blob->data+blob->length - hash_size, &sctx);
277 /* Altering the SHA */
279 blob->data[blob->length -1]++;
283 struct bkrp_access_check_v3 access_struct;
285 uint32_t hash_size = 64;
286 struct hc_sha512state sctx;
288 struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user);
294 buf.data = talloc_array(tmp_ctx, uint8_t, len);
297 generate_random_buffer(buf.data, len);
298 access_struct.nonce_len = buf.length;
299 access_struct.nonce = buf.data;
300 access_struct.sid = *sid;
301 ZERO_STRUCT(access_struct.hash);
302 ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v3);
303 /*We pushed the whole structure including a null hash
304 * but the hash need to be calculated only up to the hash field
305 * so we reduce the size of what has to be calculated
309 SHA1_Update(&sctx, blob->data, blob->length - hash_size);
310 SHA1_Final(blob->data+blob->length - hash_size, &sctx);
314 SHA512_Update(&sctx, blob->data, blob->length - hash_size);
315 SHA512_Final(blob->data+blob->length - hash_size, &sctx);
317 /* Altering the SHA */
319 blob->data[blob->length -1]++;
322 talloc_free(tmp_ctx);
326 static DATA_BLOB* encrypt_blob_aes(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *aes_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) {
329 heim_octet_string ivos;
330 heim_octet_string *encrypted;
331 DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
333 const AlgorithmIdentifier *alg = hx509_crypto_aes256_cbc();
335 ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
336 ivos.length = iv->length;
337 memcpy(ivos.data, iv->data, iv->length);
339 hx509_context_init(&hctx);
340 res = hx509_crypto_init(hctx, NULL, &(alg->algorithm), &crypto);
342 torture_comment(tctx, "error while doing the init of the crypto obj\n");
345 res = hx509_crypto_set_key_data(crypto, aes_key->data, aes_key->length);
347 torture_comment(tctx, "error while setting the key of the crypto object\n");
350 hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
351 res = hx509_crypto_encrypt(crypto,
357 torture_comment(tctx, "error while encrypting\n");
361 blob->data = talloc_memdup(blob, encrypted->data, encrypted->length);
362 blob->length = encrypted->length;
363 hx509_crypto_destroy(crypto);
364 hx509_context_free(&hctx);
369 static DATA_BLOB* encrypt_blob_3des(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *des3_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) {
372 heim_octet_string ivos;
373 heim_octet_string *encrypted;
374 DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
376 const AlgorithmIdentifier *alg2 = hx509_crypto_des_rsdi_ede3_cbc();
378 ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
379 ivos.length = iv->length;
380 memcpy(ivos.data, iv->data, iv->length);
382 hx509_context_init(&hctx);
383 res = hx509_crypto_init(hctx, NULL, &(alg2->algorithm), &crypto);
385 torture_comment(tctx, "error while doing the init of the crypto obj\n");
388 res = hx509_crypto_set_key_data(crypto, des3_key->data, des3_key->length);
390 torture_comment(tctx, "error while setting the key of the crypto object\n");
393 hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
394 res = hx509_crypto_encrypt(crypto,
400 torture_comment(tctx, "error while encrypting\n");
404 blob->data = talloc_memdup(blob, encrypted->data, encrypted->length);
405 blob->length = encrypted->length;
406 hx509_crypto_destroy(crypto);
407 hx509_context_free(&hctx);
411 static struct GUID* get_cert_guid(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len) {
414 heim_bit_string subjectuniqid;
418 struct GUID *guid = talloc(mem_ctx, struct GUID);
420 hx509_context_init(&hctx);
422 hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
424 torture_comment(tctx, "error while loading the cert\n");
427 hret = hx509_cert_get_issuer_unique_id(hctx, cert, &subjectuniqid);
429 torture_comment(tctx, "error while getting the certificate\n");
432 /* in bit string the real size has to be divided by 8*/
433 size = subjectuniqid.length / 8;
434 data.data = talloc_memdup(mem_ctx,subjectuniqid.data, size);
436 GUID_from_data_blob(&data, guid);
437 talloc_free(data.data);
441 static DATA_BLOB* encrypt_blob_pk(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len, DATA_BLOB *to_encrypt) {
444 heim_octet_string secretdata;
445 heim_octet_string encrypted;
446 heim_oid encryption_oid;
450 hx509_context_init(&hctx);
452 hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
454 torture_comment(tctx, "error while loading the cert\n");
458 secretdata.data = to_encrypt->data;
459 secretdata.length = to_encrypt->length;
460 hret = _hx509_cert_public_encrypt(hctx, &secretdata, cert, &encryption_oid, &encrypted);
462 torture_comment(tctx, "error while encrypting\n");
466 blob = talloc(mem_ctx, DATA_BLOB);
467 blob->data = talloc_memdup(blob, encrypted.data, encrypted.length);
468 blob->length = encrypted.length;
470 hx509_cert_free(cert);
471 hx509_context_free(&hctx);
475 static bool test_RestoreGUID_ko(struct torture_context *tctx,
476 struct dcerpc_pipe *p) {
477 struct dcerpc_binding_handle *b = p->binding_handle;
478 struct dcerpc_binding *binding = p->binding;
479 struct bkrp_BackupKey r;
480 struct bkrp_client_side_wrapped data;
482 enum ndr_err_code ndr_err;
486 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
489 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
490 r.in.guidActionAgent = &g;
492 data.encrypted_secret_len = 0;
493 data.access_check_len = 0;
494 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
496 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
500 r.in.data_in = blob.data;
501 r.in.data_in_len = blob.length;
503 r.out.data_out = &out_blob.data;
504 r.out.data_out_len = &out_blob.length;
505 if( p->conn->security_state.auth_info != NULL &&
506 p->conn->security_state.auth_info->auth_level == 6) {
511 DATA_BLOB enc_sec_reverted;
516 struct bkrp_client_side_unwrapped resp;
520 const char* user = cli_credentials_get_username(cmdline_credentials);
522 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
525 sec = create_unencryptedsecret(tctx, false, 2);
526 xs = create_access_check(tctx, p, tctx, user, false, 2);
531 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
536 printf("Encrypted secret not encrypted\n");
537 print_hex(sec->data, sec->length);
538 printf("Access check not encrypted\n");
539 print_hex(xs->data, xs->length);
541 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
542 enc_sec_reverted.length = enc_sec->length;
544 /* We DO NOT revert the array on purpose it's in order to check that
545 * when the server is not able to decrypt then it answer the correct error
547 for(t=0; t< enc_sec->length; t++) {
548 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
549 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
553 iv.data = sec->data+(size-8);
556 des3_key.data = sec->data+(size-32);
557 des3_key.length = 24;
559 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
563 /* To cope with the fact that heimdal do padding at the end for the moment */
564 enc_xs->length = xs->length;
567 data.encrypted_secret_len = enc_sec->length;
568 data.access_check_len = enc_xs->length;
569 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
574 data.encrypted_secret = enc_sec_reverted.data;
575 data.access_check = enc_xs->data;
576 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
578 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
579 r.in.guidActionAgent = &g;
580 r.in.data_in = blob2.data;
581 r.in.data_in_len = blob2.length;
583 r.out.data_out = &out_blob.data;
584 r.out.data_out_len = &out_blob.length;
586 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
587 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
588 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
589 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code");
591 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
592 NT_STATUS_ACCESS_DENIED, "Get GUID");
597 static bool test_RestoreGUID_wrongversion(struct torture_context *tctx,
598 struct dcerpc_pipe *p) {
599 struct dcerpc_binding_handle *b = p->binding_handle;
600 struct dcerpc_binding *binding = p->binding;
601 struct bkrp_BackupKey r;
602 struct bkrp_client_side_wrapped data;
604 enum ndr_err_code ndr_err;
608 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
611 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
612 r.in.guidActionAgent = &g;
614 data.encrypted_secret_len = 0;
615 data.access_check_len = 0;
616 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
618 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
622 r.in.data_in = blob.data;
623 r.in.data_in_len = blob.length;
625 r.out.data_out = &out_blob.data;
626 r.out.data_out_len = &out_blob.length;
627 if( p->conn->security_state.auth_info != NULL &&
628 p->conn->security_state.auth_info->auth_level == 6) {
633 DATA_BLOB enc_sec_reverted;
638 struct bkrp_client_side_unwrapped resp;
643 const char* user = cli_credentials_get_username(cmdline_credentials);
644 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
647 sec = create_unencryptedsecret(tctx, false, 2);
648 xs = create_access_check(tctx, p, tctx, user, false, 2);
653 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
658 printf("Encrypted secret not encrypted\n");
659 print_hex(sec->data, sec->length);
660 printf("Access check not encrypted\n");
661 print_hex(xs->data, xs->length);
663 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
664 enc_sec_reverted.length = enc_sec->length;
666 for(t=0; t< enc_sec->length; t++) {
667 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
668 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
672 iv.data = sec->data+(size-8);
675 des3_key.data = sec->data+(size-32);
676 des3_key.length = 24;
679 printf("Triple des key\n");
680 print_hex(des3_key.data, 24);
682 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
686 /* To cope with the fact that heimdal do padding at the end for the moment */
687 enc_xs->length = xs->length;
689 printf("Access check redecrypted: %d\n", tmp.length);
690 print_hex(tmp.data, tmp.length);
694 data.encrypted_secret_len = enc_sec->length;
695 data.access_check_len = enc_xs->length;
696 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
701 data.encrypted_secret = enc_sec_reverted.data;
702 data.access_check = enc_xs->data;
703 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
705 printf("Encrypted secret encrypted\n");
706 print_hex(enc_sec->data, enc_sec->length);
707 printf("Access check encrypted\n");
708 print_hex(enc_xs->data, enc_xs->length);
711 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
712 r.in.guidActionAgent = &g;
713 r.in.data_in = blob2.data;
714 r.in.data_in_len = blob2.length;
716 r.out.data_out = &out_blob.data;
717 r.out.data_out_len = &out_blob.length;
719 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
720 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
721 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
722 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Wrong error code on wrong version");
724 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
725 NT_STATUS_ACCESS_DENIED, "Get GUID");
730 static bool test_RestoreGUID_wronguser(struct torture_context *tctx,
731 struct dcerpc_pipe *p) {
732 struct dcerpc_binding_handle *b = p->binding_handle;
733 struct dcerpc_binding *binding = p->binding;
734 struct bkrp_BackupKey r;
735 struct bkrp_client_side_wrapped data;
737 enum ndr_err_code ndr_err;
741 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
744 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
745 r.in.guidActionAgent = &g;
747 data.encrypted_secret_len = 0;
748 data.access_check_len = 0;
749 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
751 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
755 r.in.data_in = blob.data;
756 r.in.data_in_len = blob.length;
758 r.out.data_out = &out_blob.data;
759 r.out.data_out_len = &out_blob.length;
760 //DEBUG(0, ("Is the stuff not encrypted ? %s \n", p->conn->security_state.auth_info == NULL?"yes":"no"));
761 if( p->conn->security_state.auth_info != NULL &&
762 p->conn->security_state.auth_info->auth_level == 6) {
767 DATA_BLOB enc_sec_reverted;
772 struct bkrp_client_side_unwrapped resp;
777 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
780 sec = create_unencryptedsecret(tctx, false, 2);
781 xs = create_access_check(tctx, p, tctx, "guest", false, 2);
786 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
791 printf("Encrypted secret not encrypted\n");
792 print_hex(sec->data, sec->length);
793 printf("Access check not encrypted\n");
794 print_hex(xs->data, xs->length);
796 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
797 enc_sec_reverted.length = enc_sec->length;
799 for(t=0; t< enc_sec->length; t++) {
800 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
801 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
805 iv.data = sec->data+(size-8);
808 des3_key.data = sec->data+(size-32);
809 des3_key.length = 24;
812 printf("Triple des key\n");
813 print_hex(des3_key.data, 24);
815 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
819 /* To cope with the fact that heimdal do padding at the end for the moment */
820 enc_xs->length = xs->length;
822 printf("Access check redecrypted: %d\n", tmp.length);
823 print_hex(tmp.data, tmp.length);
827 data.encrypted_secret_len = enc_sec->length;
828 data.access_check_len = enc_xs->length;
829 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
834 data.encrypted_secret = enc_sec_reverted.data;
835 data.access_check = enc_xs->data;
836 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
838 printf("Encrypted secret encrypted\n");
839 print_hex(enc_sec->data, enc_sec->length);
840 printf("Access check encrypted\n");
841 print_hex(enc_xs->data, enc_xs->length);
844 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
845 r.in.guidActionAgent = &g;
846 r.in.data_in = blob2.data;
847 r.in.data_in_len = blob2.length;
849 r.out.data_out = &out_blob.data;
850 r.out.data_out_len = &out_blob.length;
852 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
853 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
854 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
855 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_ACCESS, "Restore GUID");
857 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
858 NT_STATUS_ACCESS_DENIED, "Get GUID");
863 static bool test_RestoreGUID_v3(struct torture_context *tctx,
864 struct dcerpc_pipe *p) {
865 struct dcerpc_binding_handle *b = p->binding_handle;
866 struct dcerpc_binding *binding = p->binding;
867 struct bkrp_BackupKey r;
868 struct bkrp_client_side_wrapped data;
870 enum ndr_err_code ndr_err;
874 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
877 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
878 r.in.guidActionAgent = &g;
880 data.encrypted_secret_len = 0;
881 data.access_check_len = 0;
882 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
884 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
888 r.in.data_in = blob.data;
889 r.in.data_in_len = blob.length;
891 r.out.data_out = &out_blob.data;
892 r.out.data_out_len = &out_blob.length;
893 if( p->conn->security_state.auth_info != NULL &&
894 p->conn->security_state.auth_info->auth_level == 6) {
899 DATA_BLOB enc_sec_reverted;
904 struct bkrp_client_side_unwrapped resp;
908 const char* user = cli_credentials_get_username(cmdline_credentials);
910 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
913 sec = create_unencryptedsecret(tctx, false, 3);
914 xs = create_access_check(tctx, p, tctx, user, false, 3);
919 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
924 printf("Encrypted secret not encrypted\n");
925 print_hex(sec->data, sec->length);
926 printf("Access check not encrypted\n");
927 print_hex(xs->data, xs->length);
929 for(t=0; t<xs->length-64; t++) {
930 fprintf(stderr, "%c", xs->data[t]);
932 print_hex(xs->data, xs->length-64);
935 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
936 enc_sec_reverted.length = enc_sec->length;
938 for(t=0; t< enc_sec->length; t++) {
939 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
940 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
944 iv.data = sec->data+(size-16);
947 aes_key.data = sec->data+(size-48);
951 printf("Triple des key\n");
952 print_hex(des3_key.data, 24);
954 enc_xs = encrypt_blob_aes(tctx, tctx, &aes_key, &iv, xs);
958 /* To cope with the fact that heimdal do padding at the end for the moment */
959 enc_xs->length = xs->length;
961 printf("Access check redecrypted: %d\n", tmp.length);
962 print_hex(tmp.data, tmp.length);
966 data.encrypted_secret_len = enc_sec->length;
967 data.access_check_len = enc_xs->length;
968 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
973 data.encrypted_secret = enc_sec_reverted.data;
974 data.access_check = enc_xs->data;
975 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
977 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
978 r.in.guidActionAgent = &g;
979 r.in.data_in = blob2.data;
980 r.in.data_in_len = blob2.length;
982 r.out.data_out = &out_blob.data;
983 r.out.data_out_len = &out_blob.length;
985 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
986 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
987 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
988 torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID");
989 torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
991 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
992 NT_STATUS_ACCESS_DENIED, "Get GUID");
997 static bool test_RestoreGUID(struct torture_context *tctx,
998 struct dcerpc_pipe *p) {
999 struct dcerpc_binding_handle *b = p->binding_handle;
1000 struct dcerpc_binding *binding = p->binding;
1001 struct bkrp_BackupKey r;
1002 struct bkrp_client_side_wrapped data;
1004 enum ndr_err_code ndr_err;
1008 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1011 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1012 r.in.guidActionAgent = &g;
1014 data.encrypted_secret_len = 0;
1015 data.access_check_len = 0;
1016 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1018 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1022 r.in.data_in = blob.data;
1023 r.in.data_in_len = blob.length;
1025 r.out.data_out = &out_blob.data;
1026 r.out.data_out_len = &out_blob.length;
1027 if( p->conn->security_state.auth_info != NULL &&
1028 p->conn->security_state.auth_info->auth_level == 6) {
1033 DATA_BLOB enc_sec_reverted;
1038 struct bkrp_client_side_unwrapped resp;
1042 const char* user = cli_credentials_get_username(cmdline_credentials);
1044 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1047 sec = create_unencryptedsecret(tctx, false, 2);
1048 xs = create_access_check(tctx, p, tctx, user, false, 2);
1053 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
1058 printf("Encrypted secret not encrypted\n");
1059 print_hex(sec->data, sec->length);
1060 printf("Access check not encrypted\n");
1061 print_hex(xs->data, xs->length);
1063 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
1064 enc_sec_reverted.length = enc_sec->length;
1066 for(t=0; t< enc_sec->length; t++) {
1067 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
1068 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
1072 iv.data = sec->data+(size-8);
1075 des3_key.data = sec->data+(size-32);
1076 des3_key.length = 24;
1079 printf("Triple des key\n");
1080 print_hex(des3_key.data, 24);
1082 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
1086 /* To cope with the fact that heimdal do padding at the end for the moment */
1087 enc_xs->length = xs->length;
1089 printf("Access check redecrypted: %d\n", tmp.length);
1090 print_hex(tmp.data, tmp.length);
1094 data.encrypted_secret_len = enc_sec->length;
1095 data.access_check_len = enc_xs->length;
1096 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1101 data.encrypted_secret = enc_sec_reverted.data;
1102 data.access_check = enc_xs->data;
1103 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1105 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1106 r.in.guidActionAgent = &g;
1107 r.in.data_in = blob2.data;
1108 r.in.data_in_len = blob2.length;
1110 r.out.data_out = &out_blob.data;
1111 r.out.data_out_len = &out_blob.length;
1113 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1114 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1115 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
1116 torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID");
1117 torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
1119 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1120 NT_STATUS_ACCESS_DENIED, "Get GUID");
1125 static bool test_RestoreGUID_badmagiconsecret(struct torture_context *tctx,
1126 struct dcerpc_pipe *p) {
1127 struct dcerpc_binding_handle *b = p->binding_handle;
1128 struct dcerpc_binding *binding = p->binding;
1129 struct bkrp_BackupKey r;
1130 struct bkrp_client_side_wrapped data;
1132 enum ndr_err_code ndr_err;
1136 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1139 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1140 r.in.guidActionAgent = &g;
1142 data.encrypted_secret_len = 0;
1143 data.access_check_len = 0;
1144 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1146 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1150 r.in.data_in = blob.data;
1151 r.in.data_in_len = blob.length;
1153 r.out.data_out = &out_blob.data;
1154 r.out.data_out_len = &out_blob.length;
1155 if( p->conn->security_state.auth_info != NULL &&
1156 p->conn->security_state.auth_info->auth_level == 6) {
1161 DATA_BLOB enc_sec_reverted;
1166 struct bkrp_client_side_unwrapped resp;
1170 const char* user = cli_credentials_get_username(cmdline_credentials);
1172 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1175 sec = create_unencryptedsecret(tctx, true, 2);
1176 xs = create_access_check(tctx, p, tctx, user, false, 2);
1181 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
1186 printf("Encrypted secret not encrypted\n");
1187 print_hex(sec->data, sec->length);
1188 printf("Access check not encrypted\n");
1189 print_hex(xs->data, xs->length);
1191 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
1192 enc_sec_reverted.length = enc_sec->length;
1194 for(t=0; t< enc_sec->length; t++) {
1195 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
1196 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
1200 iv.data = sec->data+(size-8);
1203 des3_key.data = sec->data+(size-32);
1204 des3_key.length = 24;
1207 printf("Triple des key\n");
1208 print_hex(des3_key.data, 24);
1210 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
1214 /* To cope with the fact that heimdal do padding at the end for the moment */
1215 enc_xs->length = xs->length;
1217 printf("Access check redecrypted: %d\n", tmp.length);
1218 print_hex(tmp.data, tmp.length);
1222 data.encrypted_secret_len = enc_sec->length;
1223 data.access_check_len = enc_xs->length;
1224 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1229 data.encrypted_secret = enc_sec_reverted.data;
1230 data.access_check = enc_xs->data;
1231 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1233 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1234 r.in.guidActionAgent = &g;
1235 r.in.data_in = blob2.data;
1236 r.in.data_in_len = blob2.length;
1238 r.out.data_out = &out_blob.data;
1239 r.out.data_out_len = &out_blob.length;
1241 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1242 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1243 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1244 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code while providing bad magic in secret");
1246 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1247 NT_STATUS_ACCESS_DENIED, "Get GUID");
1252 static bool test_RestoreGUID_emptyrequest(struct torture_context *tctx,
1253 struct dcerpc_pipe *p) {
1254 struct dcerpc_binding_handle *b = p->binding_handle;
1255 struct dcerpc_binding *binding = p->binding;
1256 struct bkrp_BackupKey r;
1257 struct bkrp_client_side_wrapped data;
1259 enum ndr_err_code ndr_err;
1263 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1266 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1267 r.in.guidActionAgent = &g;
1269 data.encrypted_secret_len = 0;
1270 data.access_check_len = 0;
1271 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1273 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1277 r.in.data_in = blob.data;
1278 r.in.data_in_len = blob.length;
1280 r.out.data_out = &out_blob.data;
1281 r.out.data_out_len = &out_blob.length;
1282 if( p->conn->security_state.auth_info != NULL &&
1283 p->conn->security_state.auth_info->auth_level == 6) {
1285 struct bkrp_client_side_unwrapped resp;
1288 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1291 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1297 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1298 r.in.guidActionAgent = &g;
1299 r.in.data_in = talloc(tctx, uint8_t);
1300 r.in.data_in_len = 0;
1302 r.out.data_out = &out_blob.data;
1303 r.out.data_out_len = &out_blob.length;
1305 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1306 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1307 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1308 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Bad error code on wrong has in access check");
1310 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1311 NT_STATUS_ACCESS_DENIED, "Get GUID");
1316 static bool test_RestoreGUID_badcertguid(struct torture_context *tctx,
1317 struct dcerpc_pipe *p) {
1318 struct dcerpc_binding_handle *b = p->binding_handle;
1319 struct dcerpc_binding *binding = p->binding;
1320 struct bkrp_BackupKey r;
1321 struct bkrp_client_side_wrapped data;
1323 enum ndr_err_code ndr_err;
1327 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1330 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1331 r.in.guidActionAgent = &g;
1333 data.encrypted_secret_len = 0;
1334 data.access_check_len = 0;
1335 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1337 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1341 r.in.data_in = blob.data;
1342 r.in.data_in_len = blob.length;
1344 r.out.data_out = &out_blob.data;
1345 r.out.data_out_len = &out_blob.length;
1346 if( p->conn->security_state.auth_info != NULL &&
1347 p->conn->security_state.auth_info->auth_level == 6) {
1352 DATA_BLOB enc_sec_reverted;
1357 struct bkrp_client_side_unwrapped resp;
1361 const char* user = cli_credentials_get_username(cmdline_credentials);
1363 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1366 sec = create_unencryptedsecret(tctx, false, 2);
1367 xs = create_access_check(tctx, p, tctx, user, false, 2);
1373 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
1378 printf("Encrypted secret not encrypted\n");
1379 print_hex(sec->data, sec->length);
1380 printf("Access check not encrypted\n");
1381 print_hex(xs->data, xs->length);
1383 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
1384 enc_sec_reverted.length = enc_sec->length;
1386 for(t=0; t< enc_sec->length; t++) {
1387 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
1388 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
1392 iv.data = sec->data+(size-8);
1395 des3_key.data = sec->data+(size-32);
1396 des3_key.length = 24;
1399 printf("Triple des key\n");
1400 print_hex(des3_key.data, 24);
1402 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
1406 /* To cope with the fact that heimdal do padding at the end for the moment */
1407 enc_xs->length = xs->length;
1409 printf("Access check redecrypted: %d\n", tmp.length);
1410 print_hex(tmp.data, tmp.length);
1414 data.encrypted_secret_len = enc_sec->length;
1415 data.access_check_len = enc_xs->length;
1416 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1420 data.guid = GUID_random();
1421 data.encrypted_secret = enc_sec_reverted.data;
1422 data.access_check = enc_xs->data;
1423 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1425 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1426 r.in.guidActionAgent = &g;
1427 r.in.data_in = blob2.data;
1428 r.in.data_in_len = blob2.length;
1430 r.out.data_out = &out_blob.data;
1431 r.out.data_out_len = &out_blob.length;
1433 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1434 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1435 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1436 torture_assert_werr_equal(tctx, r.out.result, WERR_FILE_NOT_FOUND, "Bad error code on wrong has in access check");
1438 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1439 NT_STATUS_ACCESS_DENIED, "Get GUID");
1444 static bool test_RestoreGUID_badmagicaccesscheck(struct torture_context *tctx,
1445 struct dcerpc_pipe *p) {
1446 struct dcerpc_binding_handle *b = p->binding_handle;
1447 struct dcerpc_binding *binding = p->binding;
1448 struct bkrp_BackupKey r;
1449 struct bkrp_client_side_wrapped data;
1451 enum ndr_err_code ndr_err;
1455 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1458 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1459 r.in.guidActionAgent = &g;
1461 data.encrypted_secret_len = 0;
1462 data.access_check_len = 0;
1463 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1465 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1469 r.in.data_in = blob.data;
1470 r.in.data_in_len = blob.length;
1472 r.out.data_out = &out_blob.data;
1473 r.out.data_out_len = &out_blob.length;
1474 if( p->conn->security_state.auth_info != NULL &&
1475 p->conn->security_state.auth_info->auth_level == 6) {
1480 DATA_BLOB enc_sec_reverted;
1485 struct bkrp_client_side_unwrapped resp;
1489 const char* user = cli_credentials_get_username(cmdline_credentials);
1491 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1494 sec = create_unencryptedsecret(tctx, false, 2);
1495 xs = create_access_check(tctx, p, tctx, user, false, 2);
1501 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
1506 printf("Encrypted secret not encrypted\n");
1507 print_hex(sec->data, sec->length);
1508 printf("Access check not encrypted\n");
1509 print_hex(xs->data, xs->length);
1511 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
1512 enc_sec_reverted.length = enc_sec->length;
1514 for(t=0; t< enc_sec->length; t++) {
1515 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
1516 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
1520 iv.data = sec->data+(size-8);
1523 des3_key.data = sec->data+(size-32);
1524 des3_key.length = 24;
1527 printf("Triple des key\n");
1528 print_hex(des3_key.data, 24);
1530 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
1534 /* To cope with the fact that heimdal do padding at the end for the moment */
1535 enc_xs->length = xs->length;
1537 printf("Access check redecrypted: %d\n", tmp.length);
1538 print_hex(tmp.data, tmp.length);
1542 data.encrypted_secret_len = enc_sec->length;
1543 data.access_check_len = enc_xs->length;
1544 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1549 data.encrypted_secret = enc_sec_reverted.data;
1550 data.access_check = enc_xs->data;
1551 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1553 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1554 r.in.guidActionAgent = &g;
1555 r.in.data_in = blob2.data;
1556 r.in.data_in_len = blob2.length;
1558 r.out.data_out = &out_blob.data;
1559 r.out.data_out_len = &out_blob.length;
1561 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1562 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1563 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1564 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
1566 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1567 NT_STATUS_ACCESS_DENIED, "Get GUID");
1572 static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx,
1573 struct dcerpc_pipe *p) {
1574 struct dcerpc_binding_handle *b = p->binding_handle;
1575 struct dcerpc_binding *binding = p->binding;
1576 struct bkrp_BackupKey r;
1577 struct bkrp_client_side_wrapped data;
1579 enum ndr_err_code ndr_err;
1583 binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
1586 GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
1587 r.in.guidActionAgent = &g;
1589 data.encrypted_secret_len = 0;
1590 data.access_check_len = 0;
1591 ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1593 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1597 r.in.data_in = blob.data;
1598 r.in.data_in_len = blob.length;
1600 r.out.data_out = &out_blob.data;
1601 r.out.data_out_len = &out_blob.length;
1602 if( p->conn->security_state.auth_info != NULL &&
1603 p->conn->security_state.auth_info->auth_level == 6) {
1608 DATA_BLOB enc_sec_reverted;
1613 struct bkrp_client_side_unwrapped resp;
1617 const char* user = cli_credentials_get_username(cmdline_credentials);
1619 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1622 sec = create_unencryptedsecret(tctx, false, 2);
1623 xs = create_access_check(tctx, p, tctx, user, true, 2);
1628 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
1633 printf("Encrypted secret not encrypted\n");
1634 print_hex(sec->data, sec->length);
1635 printf("Access check not encrypted\n");
1636 print_hex(xs->data, xs->length);
1638 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
1639 enc_sec_reverted.length = enc_sec->length;
1641 for(t=0; t< enc_sec->length; t++) {
1642 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
1643 //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
1647 iv.data = sec->data+(size-8);
1650 des3_key.data = sec->data+(size-32);
1651 des3_key.length = 24;
1654 printf("Triple des key\n");
1655 print_hex(des3_key.data, 24);
1657 enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
1661 /* To cope with the fact that heimdal do padding at the end for the moment */
1662 enc_xs->length = xs->length;
1664 printf("Access check redecrypted: %d\n", tmp.length);
1665 print_hex(tmp.data, tmp.length);
1669 data.encrypted_secret_len = enc_sec->length;
1670 data.access_check_len = enc_xs->length;
1671 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
1676 data.encrypted_secret = enc_sec_reverted.data;
1677 data.access_check = enc_xs->data;
1678 ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
1680 GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
1681 r.in.guidActionAgent = &g;
1682 r.in.data_in = blob2.data;
1683 r.in.data_in_len = blob2.length;
1685 r.out.data_out = &out_blob.data;
1686 r.out.data_out_len = &out_blob.length;
1688 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
1689 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1690 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1691 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
1693 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1694 NT_STATUS_ACCESS_DENIED, "Get GUID");
1699 struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx)
1701 struct torture_rpc_tcase *tcase;
1702 struct torture_suite *suite = torture_suite_create(mem_ctx, "BACKUPKEY");
1703 struct torture_test *test;
1705 tcase = torture_suite_add_rpc_iface_tcase(suite, "backupkey",
1706 &ndr_table_backupkey);
1708 test = torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid",
1709 test_RetreiveBackupKeyGUID);
1710 test = torture_rpc_tcase_add_test(tcase, "restore_guid",
1712 test = torture_rpc_tcase_add_test(tcase, "restore_guid version 3",
1713 test_RestoreGUID_v3);
1714 /* We double the test in order to be sure that we don't mess stuff (ie. freeing static stuff */
1716 test = torture_rpc_tcase_add_test(tcase, "restore_guid_2nd",
1719 test = torture_rpc_tcase_add_test(tcase, "unable_to_decrypt_secret",
1720 test_RestoreGUID_ko);
1722 test = torture_rpc_tcase_add_test(tcase, "wrong_user_restore_guid",
1723 test_RestoreGUID_wronguser);
1725 test = torture_rpc_tcase_add_test(tcase, "wrong_version_restore_guid",
1726 test_RestoreGUID_wrongversion);
1728 test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_secret_restore_guid",
1729 test_RestoreGUID_badmagiconsecret);
1731 test = torture_rpc_tcase_add_test(tcase, "bad_hash_on_secret_restore_guid",
1732 test_RestoreGUID_badhashaccesscheck);
1734 test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_accesscheck_restore_guid",
1735 test_RestoreGUID_badmagicaccesscheck);
1736 test = torture_rpc_tcase_add_test(tcase, "bad_cert_guid_restore_guid",
1737 test_RestoreGUID_badcertguid);
1738 test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
1739 test_RestoreGUID_emptyrequest);
1740 test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
1741 test_RestoreGUID_emptyrequest);