Commit 11761fa6 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add NT-MTA-MD5 Support.

Based, in part, from ITS#1502 submission from John Morrissey.

Copyright 2001, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.
parent 4d8a2e28
......@@ -65,6 +65,7 @@
#include <lber.h>
#include "ldap_pvt.h"
#include "lber_pvt.h"
#include "lutil_md5.h"
#include "lutil_sha1.h"
......@@ -124,6 +125,13 @@ static int chk_lanman(
const struct berval *cred );
#endif
#ifdef SLAPD_NT_MTA_MD5
static int chk_nt_mta_md5(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
#endif
#ifdef SLAPD_SPASSWD
static int chk_sasl(
const struct pw_scheme *scheme,
......@@ -193,38 +201,42 @@ static struct berval *hash_clear(
static const struct pw_scheme pw_schemes[] =
{
#ifdef LUTIL_SHA1_BYTES
{ {sizeof("{SSHA}")-1, "{SSHA}"}, chk_ssha1, hash_ssha1 },
{ {sizeof("{SHA}")-1, "{SHA}"}, chk_sha1, hash_sha1 },
{ BER_BVC("{SSHA}"), chk_ssha1, hash_ssha1 },
{ BER_BVC("{SHA}"), chk_sha1, hash_sha1 },
#endif
{ {sizeof("{SMD5}")-1, "{SMD5}"}, chk_smd5, hash_smd5 },
{ {sizeof("{MD5}")-1, "{MD5}"}, chk_md5, hash_md5 },
{ BER_BVC("{SMD5}"), chk_smd5, hash_smd5 },
{ BER_BVC("{MD5}"), chk_md5, hash_md5 },
#ifdef SLAPD_LMHASH
{ {sizeof("{LANMAN}")-1, "{LANMAN}"}, chk_lanman, hash_lanman },
{ BER_BVC("{LANMAN}"), chk_lanman, hash_lanman },
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_NT_MTA_MD5
{ BER_BVC("{NT-MTA-MD5}"), chk_nt_mta_md5, NULL },
#endif /* SLAPD_NT_MTA_MD5 */
#ifdef SLAPD_SPASSWD
{ {sizeof("{SASL}")-1, "{SASL}"}, chk_sasl, NULL },
{ BER_BVC("{SASL}"), chk_sasl, NULL },
#endif
#ifdef SLAPD_KPASSWD
{ {sizeof("{KERBEROS}")-1, "{KERBEROS}"}, chk_kerberos, NULL },
{ BER_BVC("{KERBEROS}"), chk_kerberos, NULL },
#endif
#ifdef SLAPD_CRYPT
{ {sizeof("{CRYPT}")-1, "{CRYPT}"}, chk_crypt, hash_crypt },
{ BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
{ {sizeof("{UNIX}")-1, "{UNIX}"}, chk_unix, NULL },
{ BER_BVC("{UNIX}"), chk_unix, NULL },
# endif
#endif
#ifdef SLAPD_CLEARTEXT
/* psuedo scheme */
{ {0, "{CLEARTEXT}"}, NULL, hash_clear },
{ {0, "{CLEARTEXT}"}, NULL, hash_clear },
#endif
{ {0, NULL}, NULL, NULL }
{ BER_BVNULL, NULL, NULL }
};
static const struct pw_scheme *get_scheme(
......@@ -625,6 +637,54 @@ static int chk_lanman(
}
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_NT_MTA_MD5
static int chk_nt_mta_md5(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES], c;
char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1];
int i;
/* hash credentials with salt */
lutil_MD5Init(&MD5context);
lutil_MD5Update(&MD5context,
(const unsigned char *) &passwd->bv_val[32],
32 );
c = 0x59;
lutil_MD5Update(&MD5context,
(const unsigned char *) &c,
1 );
lutil_MD5Update(&MD5context,
(const unsigned char *) cred->bv_val,
cred->bv_len );
c = 0xF7;
lutil_MD5Update(&MD5context,
(const unsigned char *) &c,
1 );
lutil_MD5Update(&MD5context,
(const unsigned char *) &passwd->bv_val[32],
32 );
lutil_MD5Final(MD5digest, &MD5context);
for( i=0; i < sizeof( MD5digest ); i++ ) {
buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
}
/* compare */
return memcmp((char *)passwd->bv_val, (char *)buffer, sizeof(buffer))
? 1 : 0;
}
#endif
#ifdef SLAPD_SPASSWD
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *lutil_passwd_sasl_conn = NULL;
......@@ -1266,4 +1326,3 @@ static struct berval *hash_clear(
}
#endif
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment