66 lines
2.1 KiB
Diff
66 lines
2.1 KiB
Diff
|
From ed65e74773c0c8d3d3a9c23aa97b93baea31d9ae Mon Sep 17 00:00:00 2001
|
||
|
From: Andreas Schneider <asn@samba.org>
|
||
|
Date: Mon, 18 Nov 2019 10:24:56 +0100
|
||
|
Subject: [PATCH 157/187] s3:winbindd: Replace E_md5hash() with GnuTLS calls
|
||
|
|
||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
|
||
|
|
||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||
|
(cherry picked from commit 10499507c4fd91751898696b866ce32b1e38f605)
|
||
|
---
|
||
|
source3/winbindd/winbindd_cache.c | 23 ++++++++++++++++++++++-
|
||
|
1 file changed, 22 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
|
||
|
index 394b0c774a9..3e7afdaa546 100644
|
||
|
--- a/source3/winbindd/winbindd_cache.c
|
||
|
+++ b/source3/winbindd/winbindd_cache.c
|
||
|
@@ -37,6 +37,9 @@
|
||
|
#include "libsmb/samlogon_cache.h"
|
||
|
#include "lib/namemap_cache.h"
|
||
|
|
||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||
|
+#include <gnutls/crypto.h>
|
||
|
+
|
||
|
#undef DBGC_CLASS
|
||
|
#define DBGC_CLASS DBGC_WINBIND
|
||
|
|
||
|
@@ -1364,6 +1367,8 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
|
||
|
uint32_t rid;
|
||
|
uint8_t cred_salt[NT_HASH_LEN];
|
||
|
uint8_t salted_hash[NT_HASH_LEN];
|
||
|
+ gnutls_hash_hd_t hash_hnd = NULL;
|
||
|
+ int rc;
|
||
|
|
||
|
if (is_null_sid(sid)) {
|
||
|
return NT_STATUS_INVALID_SID;
|
||
|
@@ -1384,7 +1389,23 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
|
||
|
|
||
|
/* Create a salt and then salt the hash. */
|
||
|
generate_random_buffer(cred_salt, NT_HASH_LEN);
|
||
|
- E_md5hash(cred_salt, nt_pass, salted_hash);
|
||
|
+
|
||
|
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||
|
+ if (rc < 0) {
|
||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||
|
+ }
|
||
|
+
|
||
|
+ rc = gnutls_hash(hash_hnd, cred_salt, 16);
|
||
|
+ if (rc < 0) {
|
||
|
+ gnutls_hash_deinit(hash_hnd, NULL);
|
||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||
|
+ }
|
||
|
+ rc = gnutls_hash(hash_hnd, nt_pass, 16);
|
||
|
+ if (rc < 0) {
|
||
|
+ gnutls_hash_deinit(hash_hnd, NULL);
|
||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||
|
+ }
|
||
|
+ gnutls_hash_deinit(hash_hnd, salted_hash);
|
||
|
|
||
|
centry_put_hash16(centry, salted_hash);
|
||
|
centry_put_hash16(centry, cred_salt);
|
||
|
--
|
||
|
2.23.0
|
||
|
|