From: Kurt Zeilenga Date: Sat, 7 Sep 2002 01:51:12 +0000 (+0000) Subject: Add NT-MTA-MD5 Support. X-Git-Tag: NO_SLAP_OP_BLOCKS~1013 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=11761fa6ca31d5bfd4195f5de559ee6644ff207b;p=openldap Add NT-MTA-MD5 Support. Based, in part, from ITS#1502 submission from John Morrissey. Copyright 2001, John Morrissey (jwm at horde dot net), All rights reserved. This is free software; you can redistribute and use it under the same terms as OpenLDAP itself. --- diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index 99b09c37b9..50f526f04e 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -65,6 +65,7 @@ #include #include "ldap_pvt.h" +#include "lber_pvt.h" #include "lutil_md5.h" #include "lutil_sha1.h" @@ -124,6 +125,13 @@ static int chk_lanman( const struct berval *cred ); #endif +#ifdef SLAPD_NT_MTA_MD5 +static int chk_nt_mta_md5( + const struct pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ); +#endif + #ifdef SLAPD_SPASSWD static int chk_sasl( const struct pw_scheme *scheme, @@ -193,38 +201,42 @@ static struct berval *hash_clear( static const struct pw_scheme pw_schemes[] = { #ifdef LUTIL_SHA1_BYTES - { {sizeof("{SSHA}")-1, "{SSHA}"}, chk_ssha1, hash_ssha1 }, - { {sizeof("{SHA}")-1, "{SHA}"}, chk_sha1, hash_sha1 }, + { BER_BVC("{SSHA}"), chk_ssha1, hash_ssha1 }, + { BER_BVC("{SHA}"), chk_sha1, hash_sha1 }, #endif - { {sizeof("{SMD5}")-1, "{SMD5}"}, chk_smd5, hash_smd5 }, - { {sizeof("{MD5}")-1, "{MD5}"}, chk_md5, hash_md5 }, + { BER_BVC("{SMD5}"), chk_smd5, hash_smd5 }, + { BER_BVC("{MD5}"), chk_md5, hash_md5 }, #ifdef SLAPD_LMHASH - { {sizeof("{LANMAN}")-1, "{LANMAN}"}, chk_lanman, hash_lanman }, + { BER_BVC("{LANMAN}"), chk_lanman, hash_lanman }, #endif /* SLAPD_LMHASH */ +#ifdef SLAPD_NT_MTA_MD5 + { BER_BVC("{NT-MTA-MD5}"), chk_nt_mta_md5, NULL }, +#endif /* SLAPD_NT_MTA_MD5 */ + #ifdef SLAPD_SPASSWD - { {sizeof("{SASL}")-1, "{SASL}"}, chk_sasl, NULL }, + { BER_BVC("{SASL}"), chk_sasl, NULL }, #endif #ifdef SLAPD_KPASSWD - { {sizeof("{KERBEROS}")-1, "{KERBEROS}"}, chk_kerberos, NULL }, + { BER_BVC("{KERBEROS}"), chk_kerberos, NULL }, #endif #ifdef SLAPD_CRYPT - { {sizeof("{CRYPT}")-1, "{CRYPT}"}, chk_crypt, hash_crypt }, + { BER_BVC("{CRYPT}"), chk_crypt, hash_crypt }, # if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) - { {sizeof("{UNIX}")-1, "{UNIX}"}, chk_unix, NULL }, + { BER_BVC("{UNIX}"), chk_unix, NULL }, # endif #endif #ifdef SLAPD_CLEARTEXT /* psuedo scheme */ - { {0, "{CLEARTEXT}"}, NULL, hash_clear }, + { {0, "{CLEARTEXT}"}, NULL, hash_clear }, #endif - { {0, NULL}, NULL, NULL } + { BER_BVNULL, NULL, NULL } }; static const struct pw_scheme *get_scheme( @@ -625,6 +637,54 @@ static int chk_lanman( } #endif /* SLAPD_LMHASH */ +#ifdef SLAPD_NT_MTA_MD5 +static int chk_nt_mta_md5( + const struct pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ) +{ + lutil_MD5_CTX MD5context; + unsigned char MD5digest[LUTIL_MD5_BYTES], c; + char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1]; + int i; + + /* hash credentials with salt */ + lutil_MD5Init(&MD5context); + lutil_MD5Update(&MD5context, + (const unsigned char *) &passwd->bv_val[32], + 32 ); + + c = 0x59; + lutil_MD5Update(&MD5context, + (const unsigned char *) &c, + 1 ); + + lutil_MD5Update(&MD5context, + (const unsigned char *) cred->bv_val, + cred->bv_len ); + + c = 0xF7; + lutil_MD5Update(&MD5context, + (const unsigned char *) &c, + 1 ); + + lutil_MD5Update(&MD5context, + (const unsigned char *) &passwd->bv_val[32], + 32 ); + + lutil_MD5Final(MD5digest, &MD5context); + + for( i=0; i < sizeof( MD5digest ); i++ ) { + buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F]; + buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F]; + } + + /* compare */ + return memcmp((char *)passwd->bv_val, (char *)buffer, sizeof(buffer)) + ? 1 : 0; +} +#endif + #ifdef SLAPD_SPASSWD #ifdef HAVE_CYRUS_SASL sasl_conn_t *lutil_passwd_sasl_conn = NULL; @@ -1266,4 +1326,3 @@ static struct berval *hash_clear( } #endif -