mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4:dsdb: Use GnuTLS MD5 in password_hash module
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
1834b82216
commit
e6506ddec4
@ -43,12 +43,14 @@
|
||||
#include "dsdb/samdb/ldb_modules/password_modules.h"
|
||||
#include "librpc/gen_ndr/ndr_drsblobs.h"
|
||||
#include "lib/crypto/md4.h"
|
||||
#include "lib/crypto/md5.h"
|
||||
#include "param/param.h"
|
||||
#include "lib/krb5_wrap/krb5_samba.h"
|
||||
#include "auth/common_auth.h"
|
||||
#include "lib/messaging/messaging.h"
|
||||
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
|
||||
#ifdef ENABLE_GPGME
|
||||
#undef class
|
||||
#include <gpgme.h>
|
||||
@ -1307,6 +1309,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
|
||||
.realm = &digest
|
||||
},
|
||||
};
|
||||
int rc = LDB_ERR_OTHER;
|
||||
|
||||
/* prepare DATA_BLOB's used in the combinations array */
|
||||
sAMAccountName = data_blob_string_const(io->u.sAMAccountName);
|
||||
@ -1367,23 +1370,77 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
|
||||
}
|
||||
|
||||
for (i=0; i < ARRAY_SIZE(wdigest); i++) {
|
||||
MD5_CTX md5;
|
||||
MD5Init(&md5);
|
||||
gnutls_hash_hd_t hash_hnd = NULL;
|
||||
|
||||
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||
if (rc < 0) {
|
||||
rc = ldb_oom(ldb);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (wdigest[i].nt4dom) {
|
||||
MD5Update(&md5, wdigest[i].nt4dom->data, wdigest[i].nt4dom->length);
|
||||
MD5Update(&md5, backslash.data, backslash.length);
|
||||
rc = gnutls_hash(hash_hnd,
|
||||
wdigest[i].nt4dom->data,
|
||||
wdigest[i].nt4dom->length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
rc = gnutls_hash(hash_hnd,
|
||||
backslash.data,
|
||||
backslash.length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
rc = gnutls_hash(hash_hnd,
|
||||
wdigest[i].user->data,
|
||||
wdigest[i].user->length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
rc = gnutls_hash(hash_hnd, delim.data, delim.length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
MD5Update(&md5, wdigest[i].user->data, wdigest[i].user->length);
|
||||
MD5Update(&md5, delim.data, delim.length);
|
||||
if (wdigest[i].realm) {
|
||||
MD5Update(&md5, wdigest[i].realm->data, wdigest[i].realm->length);
|
||||
rc = gnutls_hash(hash_hnd,
|
||||
wdigest[i].realm->data,
|
||||
wdigest[i].realm->length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
MD5Update(&md5, delim.data, delim.length);
|
||||
MD5Update(&md5, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length);
|
||||
MD5Final(pdb->hashes[i].hash, &md5);
|
||||
rc = gnutls_hash(hash_hnd, delim.data, delim.length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
rc = gnutls_hash(hash_hnd,
|
||||
io->n.cleartext_utf8->data,
|
||||
io->n.cleartext_utf8->length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
rc = LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
gnutls_hash_deinit(hash_hnd, pdb->hashes[i].hash);
|
||||
}
|
||||
|
||||
return LDB_SUCCESS;
|
||||
rc = LDB_SUCCESS;
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
#define SHA_SALT_PERMITTED_CHARS "abcdefghijklmnopqrstuvwxyz" \
|
||||
|
Loading…
Reference in New Issue
Block a user