From 05543b5b8af809629be11bc5c48929bec243c8e1 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Sat, 11 May 2019 15:45:03 -0400 Subject: [PATCH 1/9] Added a Key Generating script To make the keygen process a bit easier I've added a `generate-keys.sh` script that can be found in the `.keys` directory. It will generate the key & cert and bundle them into the required pkcs#12 file. I've updated the readme to include instructions on the script. --- .keys/Empty.txt | 1 - .keys/generate-keys.sh | 15 +++++++++++++++ README.md | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) delete mode 100644 .keys/Empty.txt create mode 100755 .keys/generate-keys.sh diff --git a/.keys/Empty.txt b/.keys/Empty.txt deleted file mode 100644 index 031e408..0000000 --- a/.keys/Empty.txt +++ /dev/null @@ -1 +0,0 @@ -Need an empty folder diff --git a/.keys/generate-keys.sh b/.keys/generate-keys.sh new file mode 100755 index 0000000..7e91e67 --- /dev/null +++ b/.keys/generate-keys.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# Check for openssl +command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found. Aborting."; exit 1; } + +# Remove any existing key files +[ ! -e cert.pem ] || rm cert.pem +[ ! -e key.pem ] || rm key.pem +[ ! -e cert.cert ] || rm cert.cert +[ ! -e cert.pfx ] || rm cert.pfx + +# Generate new keys +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test +openssl x509 -inform DER -in cert.cert -out cert.pem +openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test diff --git a/README.md b/README.md index 346749e..282dcd4 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,9 @@ If you want to be able to sign your own licenses obviously you'll have to replac ### Signing licesnses -There is a tool included to generate a license (see `src/liceseGen/`) +To sign your own license you first need to generate your own singing cert using the `.keys/generate-keys.sh` script. Running this script will prompt you to enter some information about your new certificate, you may leave these at the defaults or set them to your preference. The script will then create a pkcs12 file (.pfx) containing your new key/cert. -generate a PFX above using a password of `test` and then build the tool using: +There is a tool included to generate a license (see `src/liceseGen/`), build it using: ```bash ./src/licenseGen/build.sh From 4d4b17334499b0191577df6dc8f33a14f9e50906 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Mon, 13 May 2019 21:13:20 -0400 Subject: [PATCH 2/9] Generate bitbetter/identiry container with modified Core.dll Added the generation of a second modified container, bitbetter/identity, which contains the modified dll. Fixes #12. This works on my testing environment but has not gone through extensive testing. I'd recommend a review and cleanup of this commit before it is merged into the develop or master branches. --- README.md | 4 ++-- ReadMeInstall | 2 +- build.sh | 6 ++++++ src/bitBetter/{ => api}/Dockerfile | 0 src/bitBetter/identity/Dockerfile | 12 ++++++++++++ 5 files changed, 21 insertions(+), 3 deletions(-) rename src/bitBetter/{ => api}/Dockerfile (100%) create mode 100644 src/bitBetter/identity/Dockerfile diff --git a/README.md b/README.md index 282dcd4..9d085f2 100644 --- a/README.md +++ b/README.md @@ -9,12 +9,12 @@ Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/B ## Building -To build your own `bitwarden/api` image run +To build your own `bitwarden/api` & `bitwarden/identity` images run ```bash ./build.sh ``` -replace anywhere `bitwarden/api` is used with `bitbetter/api` and give it a go. no promises +In your `bwdata/docker/docker-compose.yml` replace each reference to `bitwarden/api:x.xx.x` with `bitbetter/api` and each reference to `bitwarden/identity:x.xx.x` with `bitbetter/identity` and the start bitwarden as normal. ## Issuing your own licenses diff --git a/ReadMeInstall b/ReadMeInstall index ff8b2c1..49265ed 100644 --- a/ReadMeInstall +++ b/ReadMeInstall @@ -79,7 +79,7 @@ cd src/licenseGen/ cd ~ -vi ~/bwdata/docker/docker-compose.yml - Change image: bitwarden/api:1.26.0 to image: bitbetter/api +vi ~/bwdata/docker/docker-compose.yml - Change image: bitwarden/api:1.26.0 to image: bitbetter/api and image: bitwarden/identity:x.xx.x to image: bitbetter/identity vi ~/bwdata/env/global.override.env - Enter mail__smtp relay settings vi ~/bwdata/scripts/run.sh - function restart() { dockerComposePull to #dockerComposePull diff --git a/build.sh b/build.sh index d3ea9ba..a2ec767 100755 --- a/build.sh +++ b/build.sh @@ -9,5 +9,11 @@ cd ./src/bitBetter dotnet restore dotnet publish +cp -r bin/ api/ +cp -r bin/ identity/ + +cd ./api docker build --pull . -t bitbetter/api # --squash +cd ../identity +docker build --pull . -t bitbetter/identity # --squash diff --git a/src/bitBetter/Dockerfile b/src/bitBetter/api/Dockerfile similarity index 100% rename from src/bitBetter/Dockerfile rename to src/bitBetter/api/Dockerfile diff --git a/src/bitBetter/identity/Dockerfile b/src/bitBetter/identity/Dockerfile new file mode 100644 index 0000000..b3a0324 --- /dev/null +++ b/src/bitBetter/identity/Dockerfile @@ -0,0 +1,12 @@ +FROM bitwarden/identity + +COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/ +COPY ./.keys/cert.cert /newLicensing.cer + +RUN dotnet /bitBetter/bitBetter.dll && \ + echo "modified dll" && \ + mv /app/Core.dll /app/Core.orig.dll && \ + mv /app/modified.dll /app/Core.dll && \ + echo "replaced dll" && \ + rm -rf /bitBetter && rm -rf /newLicensing.cer && \ + echo "cleaned up" From abdc1754273e1a9f96349f723ffed108791750c8 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:02:09 -0400 Subject: [PATCH 3/9] Updated build.sh Build now checks for and creates missing .keys directories. --- build.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index a2ec767..29e128f 100755 --- a/build.sh +++ b/build.sh @@ -1,8 +1,11 @@ #!/bin/bash -mkdir ./src/bitBetter/.keys +[ -e .keys ] || mkdir .keys -cp .keys/cert.cert ./src/bitBetter/.keys +[ -e ./source/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys +[ -e ./source/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys +cp .keys/cert.cert ./src/bitBetter/api/.keys +cp .keys/cert.cert ./src/bitBetter/identity/.keys cd ./src/bitBetter From 6d7675dcf84653b09168c186f80d01829d4c7fae Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:13:34 -0400 Subject: [PATCH 4/9] Added subj to allow for non-interactive use. --- .keys/generate-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.keys/generate-keys.sh b/.keys/generate-keys.sh index 7e91e67..721a122 100755 --- a/.keys/generate-keys.sh +++ b/.keys/generate-keys.sh @@ -10,6 +10,6 @@ command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found [ ! -e cert.pfx ] || rm cert.pfx # Generate new keys -openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test openssl x509 -inform DER -in cert.cert -out cert.pem openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test From f25e906923bb95f8846639442b858778e3ab97de Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:14:17 -0400 Subject: [PATCH 5/9] Generate keys on build. --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index 29e128f..6ab7f1d 100755 --- a/build.sh +++ b/build.sh @@ -1,6 +1,6 @@ #!/bin/bash -[ -e .keys ] || mkdir .keys +.keys/generate-keys.sh [ -e ./source/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys [ -e ./source/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys From 7e135f312286eb3fbe11665edf4cfc9ba25fad81 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:16:37 -0400 Subject: [PATCH 6/9] Circle-ci needs to gen keys to test build --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6238da7..6a19ae7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,6 +10,9 @@ jobs: command: date - setup_remote_docker - run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' } + - run: + name: Generate Keys + command: ./.keys/generate-keys.sh - run: name: Build script command: ./build.sh From ff5718b099872ae0587e488280fa5c314fa05c43 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:18:57 -0400 Subject: [PATCH 7/9] Generate keys if they don't exist. Don't overwrite if keys already exist. --- build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.sh b/build.sh index 6ab7f1d..2f773af 100755 --- a/build.sh +++ b/build.sh @@ -1,6 +1,7 @@ #!/bin/bash -.keys/generate-keys.sh +# If there aren't any keys, generate them first. +[ -e ./keys/cert.cert] || ./.keys/generate-keys.sh [ -e ./source/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys [ -e ./source/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys From 2af1e8d5a7ed61d1e1c9896bb05e8b0c4958f795 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 10:29:40 -0400 Subject: [PATCH 8/9] Generate keys online in the .keys directory --- .keys/generate-keys.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.keys/generate-keys.sh b/.keys/generate-keys.sh index 721a122..59099ad 100755 --- a/.keys/generate-keys.sh +++ b/.keys/generate-keys.sh @@ -10,6 +10,8 @@ command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found [ ! -e cert.pfx ] || rm cert.pfx # Generate new keys -openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test -openssl x509 -inform DER -in cert.cert -out cert.pem -openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test +openssl req -x509 -newkey rsa:4096 -keyout .keys/key.pem -out .keys/cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test +openssl x509 -inform DER -in .keys/cert.cert -out .keys/cert.pem +openssl pkcs12 -export -out .keys/cert.pfx -inkey .keys/key.pem -in .keys/cert.pem -passin pass:test -passout pass:test + +ls From 5c10ada13c98a321a72398db67750f510eeca194 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Tue, 21 May 2019 11:16:22 -0400 Subject: [PATCH 9/9] Updated README.md --- README.md | 97 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 80 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9d085f2..5b98ca6 100644 --- a/README.md +++ b/README.md @@ -1,48 +1,105 @@ # BitBetter -This project is a tool to modify bitwardens core dll to allow me to self license. -Beware this does janky IL magic to rewrite the bitwarden core dll and install my self signed certificate. +BitBetter is is a tool to modify bitwardens core dll to allow you to generate your own individual and organisation licenses. Please see the FAQ below for details on why this software was created. -Yes, there still are quite a few things that need to be fixed. Updates and Organization Buiness Name is hardcoded to Bitbetter, are the first to things to fix.. Better handling of the User-GUID comes to mind too. +_Beware! BitBetter does janky IL magic to rewrite the bitwarden core dll and install a self signed certificate. Use at your own risk!_ Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter -## Building +# Table of Contents +1. [Getting Started](#getting-started) + + [Pre-requisites](#pre-requisites) + + [Setting up BitBetter](#setting-up-bitbetter) + + [Building BitBetter](#building-bitbetter) + + [Generating Signed Licenses](#generating-signed-licenses) +2. [FAQ](#faq-questions-you-might-have-) +3. [Footnotes](#footnotes) -To build your own `bitwarden/api` & `bitwarden/identity` images run +# Getting Started +The following instructions are for unix-based systems (Linux, BSD, macOS), it is possible to use a Windows systems assuming you are able to enable and install [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10). + +## Pre-requisites +Aside from docker, which you also need for Bitwarden, BitBetter requires the following: + +* openssl (probably already installed on most Linux or WSL systems) +* dotnet-sdk-2.1 (install instructions can be found [here](https://dotnet.microsoft.com/download/linux-package-manager/rhel/sdk-2.1.604)) + +## Setting up BitBetter +With your pre-requisites installed, begin the installation of BitBetter by downloading it through Github or using the git command: + +```bash +git clone https://github.com/online-stuff/BitBetter.git +``` + +First, we need to add the correct version of Newtonsoft.Json to the license generator and the BitBetter docker directories. + +```bash +cd BitBetter/src/licenseGen/ +dotnet add package Newtonsoft.Json --version 11.0.0 + +cd ../bitBetter +dotnet add package Newtonsoft.Json --version 11.0.0 +``` +## Building BitBetter + +Now that you've set up your build environment, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images. + +From the BitBetter directory, simply run: ```bash ./build.sh ``` -In your `bwdata/docker/docker-compose.yml` replace each reference to `bitwarden/api:x.xx.x` with `bitbetter/api` and each reference to `bitwarden/identity:x.xx.x` with `bitbetter/identity` and the start bitwarden as normal. +This will create a new self-signed certificate in the `.keys` directory one does not already exist and then create a modified version of the official `bitwarden/api` called `bitbetter/api` and a modified version of the `bitwarden/identity` called `bitbetter/identity`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image. -## Issuing your own licenses +Edit your `/path/to/bwdata/docker/docker-compose.yml`. -The repo is setup to replace the licesning signing cert in bitwarden.core with your own personal self signed cert (`cert.pfx`) -If you want to be able to sign your own licenses obviously you'll have to replace it with your own self signed cert. +> Replace `image: bitwarden/api:x.xx.x`
with `image: bitbetter/api` +> Replace `image: bitwarden/identity:x.xx.x`
with `image: bitbetter/identity` -### Signing licesnses +You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`. -To sign your own license you first need to generate your own singing cert using the `.keys/generate-keys.sh` script. Running this script will prompt you to enter some information about your new certificate, you may leave these at the defaults or set them to your preference. The script will then create a pkcs12 file (.pfx) containing your new key/cert. +> Replace `dockerComposePull`
with `#dockerComposePull` -There is a tool included to generate a license (see `src/liceseGen/`), build it using: +You can now start or restart Bitwarden as normal and the modified api will be used. It is now ready to accept self-issued licenses. + +--- +**Note: Manually generating Certificate & Key** + +If you wish to generate your self-signed cert & key manually, you can run the following commands. ```bash -./src/licenseGen/build.sh +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test +openssl x509 -inform DER -in cert.cert -out cert.pem +openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test ``` -This tool build ontop of the bitbetter/api container image so make sure you've built that above using the root `./build.sh` script. +Note that the password here must be `test`.[1](#f1) -After that you can run the tool using: +--- + +## Generating Signed Licenses + +There is a tool included in the directory `src/licenseGen/` that will generate new individual and organization licenses. These licenses will be accepted by the modified Bitwarden because they will be signed by the certificate you generated in earlier steps. + +First, from the `BitBetter/src/licenseGen` directory, build the license generator.[2](#f2) + +```bash +./build.sh +``` + +Now, from the `BitBetter/src/licenseGen` directory, you can run the tool to generate licenses. + +You'll need to get a user's GUID in order to generate an invididual license and the server's install ID to generate an Organization license. These can be retrieved most easily through the Bitwarden [Admin Portal](https://help.bitwarden.com/article/admin-portal/). ```bash -cd ~/BitBetter/src/licenseGen ./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID" ./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server" ``` -# Questions (you might have?) +The license generator will spit out a JSON-formatted license which can then be used within the Bitwarden web front-end to license your user or org! + +# FAQ: Questions (you might have?) I'll work on updates in the next couple weeks, right now, I just wanted something to start with. @@ -59,3 +116,9 @@ Thanks, good idea. And I did. Currently they're not focused on solving this issu To be clear i'm totally happy to give them my money. Offer a perpetual server license, and i'd pay for it. Let me license the server, period. Allow an orginzation to have Premium for all users.. 500 seats, let the 500 users in the orginzation have the Premium features too. I'm still in the testing/evaluating phase. If I am hosting the server/data, let me license the server, period. How many licenses does one user need to have... + +# Footnotes + +1 If you wish to change this you'll need to change the value that `src/licenseGen/Program.cs` uses for it's `GenerateUserLicense` and `GenerateOrgLicense` calls, but this is really unnecessary as this certificate does not represent any type of security issue. + +2This tool build ontop of the `bitbetter/api` container image so make sure you've built that above using the root `./build.sh` script. \ No newline at end of file