Postgres FK constraint errors with fresh install

[matt-moses]

Describe the bug
On a fresh install using postgresql backend I'm running into issues about foreign key constraints.

sliver > generate --http 127.0.0.1

[*] Generating new windows/amd64 implant binary
[*] Symbol obfuscation is enabled
[!] rpc error: code = Unknown desc = ERROR: insert or update on table "implant_configs" violates foreign key constraint "fk_implant_builds_implant_config" (SQLSTATE 23503)

To Reproduce
Steps to reproduce the behavior:
Fresh install with postgresql backend then run

generate --http 127.0.0.1

Same behavior happens when trying to add a new profile.

Expected behavior
Implants generates or profile is added as expected.

Screenshots

Desktop (please complete the following information):

• OS: Ubuntu 22.04.1 LTS
• Version Sliver 1.5.42

[moloch--]

Could be a bug, we'll try to reproduce the Postgres support isn't well tested. Surprising FKs would differ from SQLite to Postgres though.

[matt-moses]

If it is any help I had turned on statement logging in Postgres and saw that it was complaining about the zeroGuid (00000000-0000-0000-0000-000000000000) being added to the implant_configs table. On a fresh install the implant_builds table is empty (did not have the zeroGuid) so the insert into implant_configs fails due to the constraint.

2024-03-19 01:09:21.635 UTC [5256] sliver@sliverc2 LOG:  execute pgx_46: SELECT * FROM "key_values" WHERE "key_values"."key" = $1 ORDER BY "key_values"."id" LIMIT 1
2024-03-19 01:09:21.635 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'server.totp'
2024-03-19 01:09:21.641 UTC [5256] sliver@sliverc2 LOG:  statement: begin
2024-03-19 01:09:21.642 UTC [5256] sliver@sliverc2 LOG:  execute pgx_57: INSERT INTO "certificates" ("id","created_at","common_name","ca_type","key_type","certificate_pem","private_key_pem") VALUES ($1,$2,$3,$4,$5,$6,$7)
2024-03-19 01:09:21.642 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'b611cec2-2d85-4a7d-b84b-d0f27eed1a4d', $2 = '2024-03-19 01:09:21.641343+00', $3 = 'GIVEN_TEXTURE', $4 = 'mtls-implant', $5 = 'ecc', $6 = '-----BEGIN CERTIFICATE-----
	MIIBoTCCAUigAwIBAgIRANfC0revUYPJJH3Vu6X7zRswCgYIKoZIzj0EAwIwADAe
	...
	-----END CERTIFICATE-----
	', $7 = '-----BEGIN EC PRIVATE KEY-----
	MIHcAgEBBEIBoxbzgYdA/l0safwmeqABXYHi/QG3jxXFy/jzZ9FyXuUtDSK7FoS7
	...
		xoIL3lraWDf2/iWJkxZqZp7SxU3uneVSjL95PX4hzw==
	-----END EC PRIVATE KEY-----
	'
2024-03-19 01:09:21.642 UTC [5256] sliver@sliverc2 LOG:  statement: commit
2024-03-19 01:09:21.645 UTC [5256] sliver@sliverc2 LOG:  statement: deallocate "pgx_57"
2024-03-19 01:09:21.646 UTC [5256] sliver@sliverc2 LOG:  execute pgx_46: SELECT * FROM "key_values" WHERE "key_values"."key" = $1 ORDER BY "key_values"."id" LIMIT 1
2024-03-19 01:09:21.646 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'server.ecc'
2024-03-19 01:09:21.646 UTC [5256] sliver@sliverc2 LOG:  execute pgx_46: SELECT * FROM "key_values" WHERE "key_values"."key" = $1 ORDER BY "key_values"."id" LIMIT 1
2024-03-19 01:09:21.646 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'server.minisign'
2024-03-19 01:09:21.647 UTC [5256] sliver@sliverc2 LOG:  execute pgx_46: SELECT * FROM "key_values" WHERE "key_values"."key" = $1 ORDER BY "key_values"."id" LIMIT 1
2024-03-19 01:09:21.647 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'server.minisign'
2024-03-19 01:09:21.647 UTC [5256] sliver@sliverc2 LOG:  statement: begin
2024-03-19 01:09:21.649 UTC [5256] sliver@sliverc2 LOG:  execute pgx_59: INSERT INTO "implant_configs" ("id","implant_build_id","implant_profile_id","created_at","goos","goarch","template_name","is_beacon","beacon_interval","beacon_jitter","ecc_public_key","ecc_public_key_digest","ecc_private_key","ecc_public_key_signature","ecc_server_public_key","minisign_server_public_key","mtls_ca_cert","mtls_cert","mtls_key","debug","debug_file","evasion","obfuscate_symbols","reconnect_interval","max_connection_errors","connection_strategy","wg_implant_priv_key","wg_server_pub_key","wg_peer_tun_ip","wg_key_exchange_port","wg_tcp_comms_port","m_tlsc2_enabled","w_gc2_enabled","httpc2_enabled","dnsc2_enabled","name_pipec2_enabled","tcp_pivotc2_enabled","limit_domain_joined","limit_hostname","limit_username","limit_datetime","limit_file_exists","limit_locale","format","is_shared_lib","is_service","is_shellcode","run_at_load","file_name") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28,$29,$30,$31,$32,$33,$34,$35,$36,$37,$38,$39,$40,$41,$42,$43,$44,$45,$46,$47,$48,$49) ON CONFLICT ("id") DO UPDATE SET "implant_build_id"="excluded"."implant_build_id","implant_profile_id"="excluded"."implant_profile_id","goos"="excluded"."goos","goarch"="excluded"."goarch","template_name"="excluded"."template_name","is_beacon"="excluded"."is_beacon","beacon_interval"="excluded"."beacon_interval","beacon_jitter"="excluded"."beacon_jitter","ecc_public_key"="excluded"."ecc_public_key","ecc_public_key_digest"="excluded"."ecc_public_key_digest","ecc_private_key"="excluded"."ecc_private_key","ecc_public_key_signature"="excluded"."ecc_public_key_signature","ecc_server_public_key"="excluded"."ecc_server_public_key","minisign_server_public_key"="excluded"."minisign_server_public_key","mtls_ca_cert"="excluded"."mtls_ca_cert","mtls_cert"="excluded"."mtls_cert","mtls_key"="excluded"."mtls_key","debug"="excluded"."debug","debug_file"="excluded"."debug_file","evasion"="excluded"."evasion","obfuscate_symbols"="excluded"."obfuscate_symbols","reconnect_interval"="excluded"."reconnect_interval","max_connection_errors"="excluded"."max_connection_errors","connection_strategy"="excluded"."connection_strategy","wg_implant_priv_key"="excluded"."wg_implant_priv_key","wg_server_pub_key"="excluded"."wg_server_pub_key","wg_peer_tun_ip"="excluded"."wg_peer_tun_ip","wg_key_exchange_port"="excluded"."wg_key_exchange_port","wg_tcp_comms_port"="excluded"."wg_tcp_comms_port","m_tlsc2_enabled"="excluded"."m_tlsc2_enabled","w_gc2_enabled"="excluded"."w_gc2_enabled","httpc2_enabled"="excluded"."httpc2_enabled","dnsc2_enabled"="excluded"."dnsc2_enabled","name_pipec2_enabled"="excluded"."name_pipec2_enabled","tcp_pivotc2_enabled"="excluded"."tcp_pivotc2_enabled","limit_domain_joined"="excluded"."limit_domain_joined","limit_hostname"="excluded"."limit_hostname","limit_username"="excluded"."limit_username","limit_datetime"="excluded"."limit_datetime","limit_file_exists"="excluded"."limit_file_exists","limit_locale"="excluded"."limit_locale","format"="excluded"."format","is_shared_lib"="excluded"."is_shared_lib","is_service"="excluded"."is_service","is_shellcode"="excluded"."is_shellcode","run_at_load"="excluded"."run_at_load","file_name"="excluded"."file_name"
2024-03-19 01:09:21.649 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'fdcac5f2-31b4-4c85-93a5-e08497b55e39', $2 = '00000000-0000-0000-0000-000000000000', $3 = '00000000-0000-0000-0000-000000000000', $4 = '2024-03-19 01:09:21.648025+00', $5 = 'windows', $6 = 'amd64', $7 = 'sliver', $8 = 'f', $9 = '0', $10 = '0', $11 = 'age1XXXXXXXXXXXXXXXXXXXXXqyc7granvfs54z762', $12 = 'a43fefaff15b5b59aa1fa613cbeff784971b563acd60991624656b8367c75ec0', $13 = 'AGE-SECRET-KEY-XXXXXX', $14 = 'untrusted comment: signature from private key: 5BA71164374545DF
	RWTfRUU3ZBGnWzq8e8W4n2I5E5r/Sl/Wz3ZKi2X2OJXi+KEzmyj7LHeEYqHs4MwCLeDegwmaac3enI4s3ZHq7glqeS/WMpqtqAc=
	trusted comment: timestamp:1710810561
	BCuBDn50Pn/XXbc6sC3AvZgGroiII8XCSp1l8z3rgCxOjR3vExAYkXrcmuu0xSvJHP23bk7qZqiEpDvyFgGuDg==', $15 = 'age1e42re3zrytmmsq8rk9muyt80zm54lwud6stgyef6gps6t8025qjses09zj', $16 = 'untrusted comment: minisign public key: 5BA71164374545DF
	RWTfRUU3ZBGnW0rvjW8CPVtp3JEbCPFIXvANwcdL6Z93CXF6pAf86Omh', $17 = '', $18 = '', $19 = '', $20 = 'f', $21 = '', $22 = 'f', $23 = 't', $24 = '60000000000', $25 = '1000', $26 = '', $27 = '', $28 = '', $29 = '<nil>', $30 = '1337', $31 = '8888', $32 = 'f', $33 = 'f', $34 = 't', $35 = 'f', $36 = 'f', $37 = 'f', $38 = 'f', $39 = '', $40 = '', $41 = '', $42 = '', $43 = '', $44 = '2', $45 = 'f', $46 = 'f', $47 = 'f', $48 = 'f', $49 = ''
2024-03-19 01:09:21.650 UTC [5256] sliver@sliverc2 ERROR:  insert or update on table "implant_configs" violates foreign key constraint "fk_implant_builds_implant_config"
2024-03-19 01:09:21.650 UTC [5256] sliver@sliverc2 DETAIL:  Key (implant_build_id)=(00000000-0000-0000-0000-000000000000) is not present in table "implant_builds".
2024-03-19 01:09:21.650 UTC [5256] sliver@sliverc2 STATEMENT:  INSERT INTO "implant_configs" ("id","implant_build_id","implant_profile_id","created_at","goos","goarch","template_name","is_beacon","beacon_interval","beacon_jitter","ecc_public_key","ecc_public_key_digest","ecc_private_key","ecc_public_key_signature","ecc_server_public_key","minisign_server_public_key","mtls_ca_cert","mtls_cert","mtls_key","debug","debug_file","evasion","obfuscate_symbols","reconnect_interval","max_connection_errors","connection_strategy","wg_implant_priv_key","wg_server_pub_key","wg_peer_tun_ip","wg_key_exchange_port","wg_tcp_comms_port","m_tlsc2_enabled","w_gc2_enabled","httpc2_enabled","dnsc2_enabled","name_pipec2_enabled","tcp_pivotc2_enabled","limit_domain_joined","limit_hostname","limit_username","limit_datetime","limit_file_exists","limit_locale","format","is_shared_lib","is_service","is_shellcode","run_at_load","file_name") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28,$29,$30,$31,$32,$33,$34,$35,$36,$37,$38,$39,$40,$41,$42,$43,$44,$45,$46,$47,$48,$49) ON CONFLICT ("id") DO UPDATE SET "implant_build_id"="excluded"."implant_build_id","implant_profile_id"="excluded"."implant_profile_id","goos"="excluded"."goos","goarch"="excluded"."goarch","template_name"="excluded"."template_name","is_beacon"="excluded"."is_beacon","beacon_interval"="excluded"."beacon_interval","beacon_jitter"="excluded"."beacon_jitter","ecc_public_key"="excluded"."ecc_public_key","ecc_public_key_digest"="excluded"."ecc_public_key_digest","ecc_private_key"="excluded"."ecc_private_key","ecc_public_key_signature"="excluded"."ecc_public_key_signature","ecc_server_public_key"="excluded"."ecc_server_public_key","minisign_server_public_key"="excluded"."minisign_server_public_key","mtls_ca_cert"="excluded"."mtls_ca_cert","mtls_cert"="excluded"."mtls_cert","mtls_key"="excluded"."mtls_key","debug"="excluded"."debug","debug_file"="excluded"."debug_file","evasion"="excluded"."evasion","obfuscate_symbols"="excluded"."obfuscate_symbols","reconnect_interval"="excluded"."reconnect_interval","max_connection_errors"="excluded"."max_connection_errors","connection_strategy"="excluded"."connection_strategy","wg_implant_priv_key"="excluded"."wg_implant_priv_key","wg_server_pub_key"="excluded"."wg_server_pub_key","wg_peer_tun_ip"="excluded"."wg_peer_tun_ip","wg_key_exchange_port"="excluded"."wg_key_exchange_port","wg_tcp_comms_port"="excluded"."wg_tcp_comms_port","m_tlsc2_enabled"="excluded"."m_tlsc2_enabled","w_gc2_enabled"="excluded"."w_gc2_enabled","httpc2_enabled"="excluded"."httpc2_enabled","dnsc2_enabled"="excluded"."dnsc2_enabled","name_pipec2_enabled"="excluded"."name_pipec2_enabled","tcp_pivotc2_enabled"="excluded"."tcp_pivotc2_enabled","limit_domain_joined"="excluded"."limit_domain_joined","limit_hostname"="excluded"."limit_hostname","limit_username"="excluded"."limit_username","limit_datetime"="excluded"."limit_datetime","limit_file_exists"="excluded"."limit_file_exists","limit_locale"="excluded"."limit_locale","format"="excluded"."format","is_shared_lib"="excluded"."is_shared_lib","is_service"="excluded"."is_service","is_shellcode"="excluded"."is_shellcode","run_at_load"="excluded"."run_at_load","file_name"="excluded"."file_name"
2024-03-19 01:09:21.650 UTC [5256] sliver@sliverc2 LOG:  statement: rollback
2024-03-19 01:09:21.651 UTC [5256] sliver@sliverc2 LOG:  statement: deallocate "pgx_58"
2024-03-19 01:09:21.651 UTC [5256] sliver@sliverc2 LOG:  statement: deallocate "pgx_59"
2024-03-19 01:09:42.587 UTC [5256] sliver@sliverc2 LOG:  execute pgx_60: SELECT * FROM "implant_configs" WHERE "implant_configs"."ecc_public_key_digest" = $1 ORDER BY "implant_configs"."id" LIMIT 1
2024-03-19 01:09:42.587 UTC [5256] sliver@sliverc2 DETAIL:  parameters: $1 = 'ac9441213571ffa29ea9d99101f2cffc0fe82746755b9cdc5a4c8d0c44f2d80f'

These are the FK constraints that were auto added by sliver.

sliverc2=# SELECT 
    tc.constraint_name,
    tc.table_name,
    kcu.column_name,
    ccu.table_name AS foreign_table_name,
    ccu.column_name AS foreign_column_name 
FROM 
    information_schema.table_constraints AS tc 
    JOIN information_schema.key_column_usage AS kcu
      ON tc.constraint_name = kcu.constraint_name
    JOIN information_schema.constraint_column_usage AS ccu
      ON ccu.constraint_name = tc.constraint_name
WHERE 
    tc.constraint_type = 'FOREIGN KEY' AND 
    tc.table_name = 'implant_configs';
          constraint_name           |   table_name    |    column_name     | foreign_table_name | foreign_column_name 
------------------------------------+-----------------+--------------------+--------------------+---------------------
 fk_implant_builds_implant_config   | implant_configs | implant_build_id   | implant_builds     | id
 fk_implant_profiles_implant_config | implant_configs | implant_profile_id | implant_profiles   | id
(2 rows)

As a temporary fix for me I removed them. I am not recommending this but if someone is in a pinch it is an option.

ALTER TABLE implant_configs DROP CONSTRAINT "fk_implant_builds_implant_config";
ALTER TABLE implant_configs DROP CONSTRAINT "fk_implant_profiles_implant_config";

Update: Redacted the private key and etc. above but it is for a non-prod and non-internet facing env. :P

[moloch--]

Ah okay, we probably have an uninitialized GUID somewhere.