From f1fe9abde9375d06cd4b6f0265ee1af483bbfd14 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:46:56 +0200
Subject: [PATCH 203/208] s4:samdb: Allow to hash password using MD5 in samdb
Those passwords are stored in the local database.
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 006e35c46d5..1e94bb8f01c 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -48,7 +48,7 @@
#include "auth/common_auth.h"
#include "lib/messaging/messaging.h"
-#include <gnutls/gnutls.h>
+#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/crypto.h>
#ifdef ENABLE_GPGME
@@ -1372,6 +1372,8 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
for (i=0; i < ARRAY_SIZE(wdigest); i++) {
gnutls_hash_hd_t hash_hnd = NULL;
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
rc = ldb_oom(ldb);
@@ -1436,10 +1438,13 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
}
gnutls_hash_deinit(hash_hnd, pdb->hashes[i].hash);
+
+ GNUTLS_FIPS140_SET_STRICT_MODE();
}
rc = LDB_SUCCESS;
out:
+ GNUTLS_FIPS140_SET_STRICT_MODE();
return rc;
}
--
2.23.0