Add NT-MTA-MD5 Support.

Based, in part, from ITS#1502 submission from John Morrissey. Copyright 2001, John Morrissey (jwm at horde dot net), All rights reserved. This is free software; you can redistribute and use it under the same terms as OpenLDAP itself.
2024-12-21 03:10:25 +08:00 · 2002-09-07 01:51:12 +00:00 · 2002-09-07 01:51:12 +00:00 · 11761fa6ca
commit 11761fa6ca
parent 4d8a2e2815
1 changed files with 71 additions and 12 deletions
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@ -65,6 +65,7 @@
 #include <lber.h>

 #include "ldap_pvt.h"
+#include "lber_pvt.h"

 #include "lutil_md5.h"
 #include "lutil_sha1.h"
@ -124,6 +125,13 @@ static int chk_lanman(
 	const struct berval *cred );
 #endif

+#ifdef SLAPD_NT_MTA_MD5
+static int chk_nt_mta_md5(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd,
+	const struct berval *cred );
+#endif
+
 #ifdef SLAPD_SPASSWD
 static int chk_sasl(
 	const struct pw_scheme *scheme,
@ -193,38 +201,42 @@ static struct berval *hash_clear(
 static const struct pw_scheme pw_schemes[] =
 {
 #ifdef LUTIL_SHA1_BYTES
-	{ {sizeof("{SSHA}")-1, "{SSHA}"},	chk_ssha1, hash_ssha1 },
-	{ {sizeof("{SHA}")-1, "{SHA}"},		chk_sha1, hash_sha1 },
+	{ BER_BVC("{SSHA}"),		chk_ssha1, hash_ssha1 },
+	{ BER_BVC("{SHA}"),			chk_sha1, hash_sha1 },
 #endif

-	{ {sizeof("{SMD5}")-1, "{SMD5}"},	chk_smd5, hash_smd5 },
-	{ {sizeof("{MD5}")-1, "{MD5}"},		chk_md5, hash_md5 },
+	{ BER_BVC("{SMD5}"),		chk_smd5, hash_smd5 },
+	{ BER_BVC("{MD5}"),			chk_md5, hash_md5 },

 #ifdef SLAPD_LMHASH
-	{ {sizeof("{LANMAN}")-1, "{LANMAN}"},	chk_lanman, hash_lanman },
+	{ BER_BVC("{LANMAN}"),		chk_lanman, hash_lanman },
 #endif /* SLAPD_LMHASH */

+#ifdef SLAPD_NT_MTA_MD5
+	{ BER_BVC("{NT-MTA-MD5}"),	chk_nt_mta_md5, NULL },
+#endif /* SLAPD_NT_MTA_MD5 */
+
 #ifdef SLAPD_SPASSWD
-	{ {sizeof("{SASL}")-1, "{SASL}"}, chk_sasl, NULL },
+	{ BER_BVC("{SASL}"),		chk_sasl, NULL },
 #endif

 #ifdef SLAPD_KPASSWD
-	{ {sizeof("{KERBEROS}")-1, "{KERBEROS}"}, chk_kerberos, NULL },
+	{ BER_BVC("{KERBEROS}"),	chk_kerberos, NULL },
 #endif

 #ifdef SLAPD_CRYPT
-	{ {sizeof("{CRYPT}")-1, "{CRYPT}"},	chk_crypt, hash_crypt },
+	{ BER_BVC("{CRYPT}"),		chk_crypt, hash_crypt },
 # if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
-	{ {sizeof("{UNIX}")-1, "{UNIX}"},	chk_unix, NULL },
+	{ BER_BVC("{UNIX}"),		chk_unix, NULL },
 # endif
 #endif

 #ifdef SLAPD_CLEARTEXT
 	/* psuedo scheme */
-	{ {0, "{CLEARTEXT}"}, NULL, hash_clear },
+	{ {0, "{CLEARTEXT}"},		NULL, hash_clear },
 #endif

-	{ {0, NULL}, NULL, NULL }
+	{ BER_BVNULL, NULL, NULL }
 };

 static const struct pw_scheme *get_scheme(
@ -625,6 +637,54 @@ static int chk_lanman(
 }
 #endif /* SLAPD_LMHASH */

+#ifdef SLAPD_NT_MTA_MD5
+static int chk_nt_mta_md5(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd,
+	const struct berval *cred )
+{
+	lutil_MD5_CTX MD5context;
+	unsigned char MD5digest[LUTIL_MD5_BYTES], c;
+	char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1];
+	int i;
+
+	/* hash credentials with salt */
+	lutil_MD5Init(&MD5context);
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &passwd->bv_val[32],
+		32 );
+
+	c = 0x59;
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &c,
+		1 );
+
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) cred->bv_val,
+		cred->bv_len );
+
+	c = 0xF7;
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &c,
+		1 );
+
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &passwd->bv_val[32],
+		32 );
+
+	lutil_MD5Final(MD5digest, &MD5context);
+
+	for( i=0; i < sizeof( MD5digest ); i++ ) {
+		buffer[i+i]   = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F]; 
+		buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F]; 
+	}
+
+	/* compare */
+	return memcmp((char *)passwd->bv_val, (char *)buffer, sizeof(buffer))
+		? 1 : 0;
+}
+#endif
+
 #ifdef SLAPD_SPASSWD
 #ifdef HAVE_CYRUS_SASL
 sasl_conn_t *lutil_passwd_sasl_conn = NULL;
@ -1266,4 +1326,3 @@ static struct berval *hash_clear(
 }
 #endif

-