[PATCH] Add virtualWdigestNN attributes, rounds to virtualCryptSHA256 , compute and store crypt based hashes in supplemetalCredentials
Gary Lockyer
gary at catalyst.net.nz
Mon May 22 03:20:30 UTC 2017
Combined patch set, combining all the previous patch sets.
WDigestxx values tested against Windows 2012 R2, and apache
virtualCryptSHxxx values tested against openldap
1) Adds virtual attributes virtualWDigest01 to virtualWDigest29
allowing access to the hashes stored in
supplementalCredentials Primary:WDigest
Note: The returned value are now compatible with htdigest and
are suitable for inclusion in an apache .htdigest file.
2) Allow the number of rounds to be specified when calculating the
virtualCryptSHA256 and virtualCryptSHA512 attributes.
i.e. --attributes="virtualCryptSHA256;rounds=3000"
will calculate the hash using 3,000 rounds.
3) generate sha256 and sha512 password hashes and store them in
supplementalCredentials. Note that multiple instances of
a hash are permitted.
Changes to samba-tool
Changes to virtualCryptSHA256 and virtualCryptSHA512 attributes.
The values are now calculated as follows:
a) If a value exists in 'Primary:userPassword' with
the specified number of rounds it is returned.
b) If 'Primary:CLEARTEXT, or 'Primary:SambaGPG' with
'--decrypt-samba-gpg'. Calculate a hash with the specified number
of rounds
c) Return the first {CRYPT} value in 'Primary:userPassword' with a
matching algorithm
4) Add a test of the WDigestxx values over LDAP.
Test was run against Windows Server 2012 R2 and verified that the
values calculated by Samba correspond to those calculated by Windows.
With the exception of WDigest08, The computed values for this hash
are different between Windows and Samba.
Windows preserves the case of the
DNS domain, Samba lowercases the domain at provision time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-samba-tool-user-Tests-for-virtualWDigest-attributes.patch
Type: text/x-patch
Size: 19660 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0001-samba-tool-user-Tests-for-virtualWDigest-attributes-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-samba-tool-user-Support-for-virtualWDigest-attribute.patch
Type: text/x-patch
Size: 11039 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0002-samba-tool-user-Support-for-virtualWDigest-attribute-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-samba-tool-tests-Tests-for-virtualCryptSHAxxx-rounds.patch
Type: text/x-patch
Size: 13688 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0003-samba-tool-tests-Tests-for-virtualCryptSHAxxx-rounds-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-samba-tool-user-add-rounds-option-to-virtualCryptSHA.patch
Type: text/x-patch
Size: 8937 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0004-samba-tool-user-add-rounds-option-to-virtualCryptSHA-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch
Type: text/x-patch
Size: 2526 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0005-idl-drsblobs-add-the-blobs-required-for-Primary-user-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-tests-password_hash-remove-unused-import.patch
Type: text/x-patch
Size: 802 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0006-tests-password_hash-remove-unused-import-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0007-tests-password_hash-fix-white-space-issues.patch
Type: text/x-patch
Size: 2132 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0007-tests-password_hash-fix-white-space-issues-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0008-docs-configuration-options-for-extra-password-hashes.patch
Type: text/x-patch
Size: 3636 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0008-docs-configuration-options-for-extra-password-hashes-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-tests-password_hash-add-tests-for-Primary-userPasswo.patch
Type: text/x-patch
Size: 18866 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0009-tests-password_hash-add-tests-for-Primary-userPasswo-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0010-password_hash-generate-and-store-Primary-userPasswor.patch
Type: text/x-patch
Size: 11629 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0010-password_hash-generate-and-store-Primary-userPasswor-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0011-samba-tool-tests-add-tests-for-userPassword.patch
Type: text/x-patch
Size: 18488 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0011-samba-tool-tests-add-tests-for-userPassword-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0012-samba-tool-add-support-for-userPassword.patch
Type: text/x-patch
Size: 11425 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0012-samba-tool-add-support-for-userPassword-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0013-tests-password_hash-update-array-indexes-for-readabl.patch
Type: text/x-patch
Size: 8110 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0013-tests-password_hash-update-array-indexes-for-readabl-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0014-pynet-Add-a-hook-to-decrypt-one-attribute.patch
Type: text/x-patch
Size: 4345 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0014-pynet-Add-a-hook-to-decrypt-one-attribute-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015-tests-password_hash-Add-ldap-based-tests-for-WDigest.patch
Type: text/x-patch
Size: 15627 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/0015-tests-password_hash-Add-ldap-based-tests-for-WDigest-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170522/38cf1130/signature-0001.sig>
More information about the samba-technical
mailing list