mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-03-01 14:15:49 +08:00
ITS#8639 Delete LM hash support from smbk5pwd
This commit is contained in:
Ryan Tandy
parent
0de74408f2
commit
d34d2c3945
@ -14,8 +14,8 @@ looked up from the Entry directly.
|
||||
|
||||
The Samba support is written using the Samba 3.0 LDAP schema. If a
|
||||
PasswordModify is performed on an entry that has the sambaSamAccount
|
||||
objectclass, then the sambaLMPassword, sambaNTPassword, and sambaPwdLastSet
|
||||
attributes will be updated accordingly.
|
||||
objectclass, then the sambaNTPassword and sambaPwdLastSet attributes
|
||||
will be updated accordingly.
|
||||
|
||||
To use the overlay, add:
|
||||
|
||||
|
||||
@ -89,8 +89,6 @@ attribute.
|
||||
If the user is a
|
||||
.B sambaSamAccount
|
||||
object, synchronize the
|
||||
.B sambaLMPassword
|
||||
and
|
||||
.B sambaNTPassword
|
||||
to the password entered in the Password Modify operation, and update
|
||||
.B sambaPwdLastSet
|
||||
|
||||
@ -66,18 +66,14 @@ static ObjectClass *oc_krb5KDCEntry;
|
||||
|
||||
#ifdef DO_SAMBA
|
||||
#ifdef HAVE_GNUTLS
|
||||
#include <nettle/des.h>
|
||||
#include <nettle/md4.h>
|
||||
typedef unsigned char DES_cblock[8];
|
||||
#elif HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/md4.h>
|
||||
#else
|
||||
#error Unsupported crypto backend.
|
||||
#endif
|
||||
#include "ldap_utf8.h"
|
||||
|
||||
static AttributeDescription *ad_sambaLMPassword;
|
||||
static AttributeDescription *ad_sambaNTPassword;
|
||||
static AttributeDescription *ad_sambaPwdLastSet;
|
||||
static AttributeDescription *ad_sambaPwdMustChange;
|
||||
@ -135,29 +131,6 @@ static int smbk5pwd_modules_init( smbk5pwd_t *pi );
|
||||
#ifdef DO_SAMBA
|
||||
static const char hex[] = "0123456789abcdef";
|
||||
|
||||
/* From liblutil/passwd.c... */
|
||||
static void lmPasswd_to_key(
|
||||
const char *lmPasswd,
|
||||
DES_cblock *key)
|
||||
{
|
||||
const unsigned char *lpw = (const unsigned char *)lmPasswd;
|
||||
unsigned char *k = (unsigned char *)key;
|
||||
|
||||
/* make room for parity bits */
|
||||
k[0] = lpw[0];
|
||||
k[1] = ((lpw[0]&0x01)<<7) | (lpw[1]>>1);
|
||||
k[2] = ((lpw[1]&0x03)<<6) | (lpw[2]>>2);
|
||||
k[3] = ((lpw[2]&0x07)<<5) | (lpw[3]>>3);
|
||||
k[4] = ((lpw[3]&0x0F)<<4) | (lpw[4]>>4);
|
||||
k[5] = ((lpw[4]&0x1F)<<3) | (lpw[5]>>5);
|
||||
k[6] = ((lpw[5]&0x3F)<<2) | (lpw[6]>>6);
|
||||
k[7] = ((lpw[6]&0x7F)<<1);
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
DES_set_odd_parity( key );
|
||||
#endif
|
||||
}
|
||||
|
||||
#define MAX_PWLEN 256
|
||||
#define HASHLEN 16
|
||||
|
||||
@ -182,45 +155,6 @@ static void hexify(
|
||||
*a++ = '\0';
|
||||
}
|
||||
|
||||
static void lmhash(
|
||||
struct berval *passwd,
|
||||
struct berval *hash
|
||||
)
|
||||
{
|
||||
char UcasePassword[15];
|
||||
DES_cblock key;
|
||||
DES_cblock StdText = "KGS!@#$%";
|
||||
DES_cblock hbuf[2];
|
||||
#ifdef HAVE_OPENSSL
|
||||
DES_key_schedule schedule;
|
||||
#elif defined(HAVE_GNUTLS)
|
||||
struct des_ctx ctx;
|
||||
#endif
|
||||
|
||||
strncpy( UcasePassword, passwd->bv_val, 14 );
|
||||
UcasePassword[14] = '\0';
|
||||
ldap_pvt_str2upper( UcasePassword );
|
||||
|
||||
lmPasswd_to_key( UcasePassword, &key );
|
||||
#ifdef HAVE_GNUTLS
|
||||
des_set_key( &ctx, key );
|
||||
des_encrypt( &ctx, sizeof(key), hbuf[0], StdText );
|
||||
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
des_set_key( &ctx, key );
|
||||
des_encrypt( &ctx, sizeof(key), hbuf[1], StdText );
|
||||
#elif defined(HAVE_OPENSSL)
|
||||
DES_set_key_unchecked( &key, &schedule );
|
||||
DES_ecb_encrypt( &StdText, &hbuf[0], &schedule , DES_ENCRYPT );
|
||||
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
DES_set_key_unchecked( &key, &schedule );
|
||||
DES_ecb_encrypt( &StdText, &hbuf[1], &schedule , DES_ENCRYPT );
|
||||
#endif
|
||||
|
||||
hexify( (char *)hbuf, hash );
|
||||
}
|
||||
|
||||
static void nthash(
|
||||
struct berval *passwd,
|
||||
struct berval *hash
|
||||
@ -530,7 +464,7 @@ static int smbk5pwd_exop_passwd(
|
||||
struct berval *keys;
|
||||
ber_len_t j,l;
|
||||
wchar_t *wcs, wc;
|
||||
char *c, *d;
|
||||
char *c;
|
||||
struct berval pwd;
|
||||
|
||||
/* Expand incoming UTF8 string to UCS4 */
|
||||
@ -568,33 +502,6 @@ static int smbk5pwd_exop_passwd(
|
||||
ml->sml_values = keys;
|
||||
ml->sml_nvalues = NULL;
|
||||
|
||||
/* Truncate UCS2 to 8-bit ASCII */
|
||||
c = pwd.bv_val+1;
|
||||
d = pwd.bv_val+2;
|
||||
for (j=1; j<l; j++) {
|
||||
*c++ = *d++;
|
||||
d++;
|
||||
}
|
||||
pwd.bv_len /= 2;
|
||||
pwd.bv_val[pwd.bv_len] = '\0';
|
||||
|
||||
ml = ch_malloc(sizeof(Modifications));
|
||||
ml->sml_next = qpw->rs_mods;
|
||||
qpw->rs_mods = ml;
|
||||
|
||||
keys = ch_malloc( 2 * sizeof(struct berval) );
|
||||
BER_BVZERO( &keys[1] );
|
||||
lmhash( &pwd, keys );
|
||||
|
||||
ml->sml_desc = ad_sambaLMPassword;
|
||||
ml->sml_op = LDAP_MOD_REPLACE;
|
||||
#ifdef SLAP_MOD_INTERNAL
|
||||
ml->sml_flags = SLAP_MOD_INTERNAL;
|
||||
#endif
|
||||
ml->sml_numvals = 1;
|
||||
ml->sml_values = keys;
|
||||
ml->sml_nvalues = NULL;
|
||||
|
||||
ch_free(wcs);
|
||||
|
||||
ml = ch_malloc(sizeof(Modifications));
|
||||
@ -949,7 +856,6 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
|
||||
#endif /* DO_KRB5 */
|
||||
#ifdef DO_SAMBA
|
||||
samba_ad[] = {
|
||||
{ "sambaLMPassword", &ad_sambaLMPassword },
|
||||
{ "sambaNTPassword", &ad_sambaNTPassword },
|
||||
{ "sambaPwdLastSet", &ad_sambaPwdLastSet },
|
||||
{ "sambaPwdMustChange", &ad_sambaPwdMustChange },
|
||||
|
||||
Loading…
Reference in New Issue
Block a user