diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-08-24 14:46:29 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-09-06 09:24:58 +0200 |
| commit | 50a0b8417605f02566318dd62a9fa3f201689db3 (patch) | |
| tree | 3bde4aa2aeb1cde45cbb518dd665c72ec14746ba /daemons | |
| parent | 973aad9db3a2a5e4cdd9d0c300e9ae1a826c1b41 (diff) | |
| download | freeipa-50a0b8417605f02566318dd62a9fa3f201689db3.tar.gz freeipa-50a0b8417605f02566318dd62a9fa3f201689db3.tar.xz freeipa-50a0b8417605f02566318dd62a9fa3f201689db3.zip | |
ipasam: remove nt_lm_owf_gen() and dependency to libcliauth.so
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 71 |
1 files changed, 59 insertions, 12 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 8a4a08bc7..aacae68a4 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -30,6 +30,7 @@ #include <sasl/sasl.h> #include <krb5/krb5.h> #include "ipa_krb5.h" +#include "ipa_pwd.h" /* from drsblobs.h */ struct AuthInfoNone { @@ -81,7 +82,6 @@ struct trustAuthInOutBlob { enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r); /*available in libndr-samba.so */ bool fetch_ldap_pw(char **dn, char** pw); /* available in libpdb.so */ -void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); /* available in libcliauth.so */ bool sid_check_is_builtin(const struct dom_sid *sid); /* available in libpdb.so */ /* available in libpdb.so, renamed from sid_check_is_domain() in c43505b621725c9a754f0ee98318d451b093f2ed */ bool sid_check_is_our_sam(const struct dom_sid *sid); @@ -2348,9 +2348,14 @@ static bool init_sam_from_td(struct samu *user, struct pdb_trusted_domain *td, NTSTATUS status; struct dom_sid u_sid; char *name; - uint8_t smblmpwd[LM_HASH_LEN]; - uint8_t smbntpwd[NT_HASH_LEN]; - char *trustpw; + char *trustpw = NULL; + char *trustpw_utf8 = NULL; + char *trustpw_utf8_uc = NULL; + char *tmp_str = NULL; + int ret; + struct ntlm_keys ntlm_keys; + size_t converted_size; + bool res; if (!pdb_set_acct_ctrl(user, ACB_DOMTRUST | ACB_TRUSTED_FOR_DELEGATION, PDB_SET)) { @@ -2387,17 +2392,59 @@ static bool init_sam_from_td(struct samu *user, struct pdb_trusted_domain *td, if (!NT_STATUS_IS_OK(status)) { return false; } - nt_lm_owf_gen(trustpw, smbntpwd, smblmpwd); - memset(trustpw, 0, strlen(trustpw)); - talloc_free(trustpw); - if (!pdb_set_lanman_passwd(user, smblmpwd, PDB_SET)) { - return false; + + if (!push_utf8_talloc(user, &trustpw_utf8, trustpw, &converted_size)) { + res = false; + goto done; } - if (!pdb_set_nt_passwd(user, smbntpwd, PDB_SET)) { - return false; + + tmp_str = talloc_strdup_upper(user, trustpw); + if (tmp_str == NULL) { + res = false; + goto done; } - return true; + if (!push_utf8_talloc(user, &trustpw_utf8_uc, tmp_str, &converted_size)) { + res = false; + goto done; + } + + ret = encode_ntlm_keys(trustpw_utf8, trustpw_utf8_uc, true, true, + &ntlm_keys); + if (ret != 0) { + res = false; + goto done; + } + + if (!pdb_set_lanman_passwd(user, ntlm_keys.lm, PDB_SET)) { + res = false; + goto done; + } + if (!pdb_set_nt_passwd(user, ntlm_keys.nt, PDB_SET)) { + res = false; + goto done; + } + + res = true; +done: + if (trustpw != NULL) { + memset(trustpw, 0, strlen(trustpw)); + talloc_free(trustpw); + } + if (trustpw_utf8 != NULL) { + memset(trustpw_utf8, 0, strlen(trustpw_utf8)); + talloc_free(trustpw_utf8); + } + if (tmp_str != NULL) { + memset(tmp_str, 0, strlen(tmp_str)); + talloc_free(tmp_str); + } + if (trustpw_utf8_uc != NULL) { + memset(trustpw_utf8_uc, 0, strlen(trustpw_utf8_uc)); + talloc_free(trustpw_utf8_uc); + } + + return res; } static bool ipasam_nthash_retrieve(struct ldapsam_privates *ldap_state, |